1ovs-vswitchd.conf.db(5) Open vSwitch Manual ovs-vswitchd.conf.db(5)
2
6 ovs-vswitchd.conf.db - Open_vSwitch database schema
7 A database with this schema holds the configuration for one Open
9 vSwitch daemon. The top-level configuration for the daemon is the
10 Open_vSwitch table, which must have exactly one record. Records in
11 other tables are significant only when they can be reached directly or
12 indirectly from the Open_vSwitch table. Records that are not reachable
13 from the Open_vSwitch table are automatically deleted from the data‐
14 base, except for records in a few distinguished ``root set’’ tables.
15 Common Columns
17 Most tables contain two special columns, named other_config and exter‐
18 nal_ids. These columns have the same form and purpose each place that
19 they appear, so we describe them here to save space later.
20 other_config: map of string-string pairs
22 Key-value pairs for configuring rarely used features.
23 Supported keys, along with the forms taken by their val‐
24 ues, are documented individually for each table.
25 A few tables do not have other_config columns because no
27 key-value pairs have yet been defined for them.
28 external_ids: map of string-string pairs
30 Key-value pairs for use by external frameworks that inte‐
31 grate with Open vSwitch, rather than by Open vSwitch
32 itself. System integrators should either use the Open
33 vSwitch development mailing list to coordinate on common
34 key-value definitions, or choose key names that are
35 likely to be unique. In some cases, where key-value pairs
36 have been defined that are likely to be widely useful,
37 they are documented individually for each table.
38
40 The following list summarizes the purpose of each of the tables in the
41 Open_vSwitch database. Each table is described in more detail on a
42 later page.
43 Table Purpose
45 Open_vSwitch
46 Open vSwitch configuration.
47 Bridge Bridge configuration.
48 Port Port configuration.
49 Interface One physical network device in a Port.
50 Flow_Table
51 OpenFlow table configuration
52 QoS Quality of Service configuration
53 Queue QoS output queue.
54 Mirror Port mirroring.
55 Controller
56 OpenFlow controller configuration.
57 Manager OVSDB management connection.
58 NetFlow NetFlow configuration.
59 SSL SSL configuration.
60 sFlow sFlow configuration.
61 IPFIX IPFIX configuration.
62 Flow_Sample_Collector_Set
63 Flow_Sample_Collector_Set configuration.
64 AutoAttach
65 AutoAttach configuration.
66
68 Configuration for an Open vSwitch daemon. There must be exactly one
69 record in the Open_vSwitch table.
70 Summary:
72 Configuration:
73 bridges set of Bridges
74 ssl optional SSL
75 external_ids : system-id optional string
76 external_ids : xs-system-uuid
77 optional string
78 external_ids : hostname optional string
79 external_ids : rundir optional string
80 other_config : stats-update-interval
81 optional string, containing an integer,
82 at least 5,000
83 other_config : flow-restore-wait
84 optional string, either true or false
85 other_config : flow-limit optional string, containing an integer,
86 at least 0
87 other_config : max-idle optional string, containing an integer,
88 at least 500
89 other_config : hw-offload optional string, either true or false
90 other_config : tc-policy optional string, one of none, skip_hw, or
91 skip_sw
92 other_config : dpdk-init optional string, one of false, true, or
93 try
94 other_config : dpdk-lcore-mask
95 optional string, containing an integer,
96 at least 1
97 other_config : pmd-cpu-mask
98 optional string
99 other_config : dpdk-alloc-mem
100 optional string, containing an integer,
101 at least 0
102 other_config : dpdk-socket-mem
103 optional string
104 other_config : dpdk-socket-limit
105 optional string
106 other_config : dpdk-hugepage-dir
107 optional string
108 other_config : dpdk-extra optional string
109 other_config : vhost-sock-dir
110 optional string
111 other_config : vhost-iommu-support
112 optional string, either true or false
113 other_config : vhost-postcopy-support
114 optional string, either true or false
115 other_config : per-port-memory
116 optional string, either true or false
117 other_config : tx-flush-interval
118 optional string, containing an integer,
119 in range 0 to 1,000,000
120 other_config : pmd-perf-metrics
121 optional string, either true or false
122 other_config : smc-enable optional string, either true or false
123 other_config : pmd-rxq-assign
124 optional string, either cycles or
125 roundrobin
126 other_config : n-handler-threads
127 optional string, containing an integer,
128 at least 1
129 other_config : n-revalidator-threads
130 optional string, containing an integer,
131 at least 1
132 other_config : emc-insert-inv-prob
133 optional string, containing an integer,
134 in range 0 to 4,294,967,295
135 other_config : vlan-limit optional string, containing an integer,
136 at least 0
137 other_config : bundle-idle-timeout
138 optional string, containing an integer,
139 at least 1
140 other_config : offload-rebalance
141 optional string, either true or false
142 other_config : pmd-auto-lb optional string, either true or false
143 other_config : pmd-auto-lb-rebal-interval
144 optional string, containing an integer,
145 in range 0 to 20,000
146 Status:
147 next_cfg integer
148 cur_cfg integer
149 dpdk_initialized boolean
150 Statistics:
151 other_config : enable-statistics
152 optional string, either true or false
153 statistics : cpu optional string, containing an integer,
154 at least 1
155 statistics : load_average
156 optional string
157 statistics : memory optional string
158 statistics : process_NAME
159 optional string
160 statistics : file_systems
161 optional string
162 Version Reporting:
163 ovs_version optional string
164 db_version optional string
165 system_type optional string
166 system_version optional string
167 dpdk_version optional string
168 Capabilities:
169 datapath_types set of strings
170 iface_types set of strings
171 Database Configuration:
172 manager_options set of Managers
173 IPsec:
174 other_config : private_key optional string
175 other_config : certificate optional string
176 other_config : ca_cert optional string
177 Plaintext Tunnel Policy:
178 other_config : ipsec_skb_mark
179 optional string
180 Common Columns:
181 other_config map of string-string pairs
182 external_ids map of string-string pairs
183 Details:
185 Configuration:
186 bridges: set of Bridges
188 Set of bridges managed by the daemon.
189 ssl: optional SSL
191 SSL used globally by the daemon.
192 external_ids : system-id: optional string
194 A unique identifier for the Open vSwitch’s physical host. The
195 form of the identifier depends on the type of the host. On a
196 Citrix XenServer, this will likely be the same as exter‐
197 nal_ids:xs-system-uuid.
198 external_ids : xs-system-uuid: optional string
200 The Citrix XenServer universally unique identifier for the phys‐
201 ical host as displayed by xe host-list.
202 external_ids : hostname: optional string
204 The hostname for the host running Open vSwitch. This is a fully
205 qualified domain name since version 2.6.2.
206 external_ids : rundir: optional string
208 In Open vSwitch 2.8 and later, the run directory of the running
209 Open vSwitch daemon. This directory is used for runtime state
210 such as control and management sockets. The value of other_con‐
211 fig:vhost-sock-dir is relative to this directory.
212 other_config : stats-update-interval: optional string, containing an
214 integer, at least 5,000
215 Interval for updating statistics to the database, in millisec‐
216 onds. This option will affect the update of the statistics col‐
217 umn in the following tables: Port, Interface , Mirror.
218 Default value is 5000 ms.
220 Getting statistics more frequently can be achieved via OpenFlow.
222 other_config : flow-restore-wait: optional string, either true or false
224 When ovs-vswitchd starts up, it has an empty flow table and
225 therefore it handles all arriving packets in its default fashion
226 according to its configuration, by dropping them or sending them
227 to an OpenFlow controller or switching them as a standalone
228 switch. This behavior is ordinarily desirable. However, if
229 ovs-vswitchd is restarting as part of a ``hot-upgrade,’’ then
230 this leads to a relatively long period during which packets are
231 mishandled.
232 This option allows for improvement. When ovs-vswitchd starts
234 with this value set as true, it will neither flush or expire
235 previously set datapath flows nor will it send and receive any
236 packets to or from the datapath. When this value is later set to
237 false, ovs-vswitchd will start receiving packets from the data‐
238 path and re-setup the flows.
239 Additionally, ovs-vswitchd is prevented from connecting to con‐
241 trollers when this value is set to true. This prevents con‐
242 trollers from making changes to the flow table in the middle of
243 flow restoration, which could result in undesirable intermediate
244 states. Once this value has been set to false and the desired
245 flow state has been restored, ovs-vswitchd will be able to
246 reconnect to controllers and process any new flow table modifi‐
247 cations.
248 Thus, with this option, the procedure for a hot-upgrade of
250 ovs-vswitchd becomes roughly the following:
251 1. Stop ovs-vswitchd.
253 2. Set other_config:flow-restore-wait to true.
255 3. Start ovs-vswitchd.
257 4. Use ovs-ofctl (or some other program, such as an OpenFlow
259 controller) to restore the OpenFlow flow table to the
260 desired state.
261 5. Set other_config:flow-restore-wait to false (or remove it
263 entirely from the database).
264 The ovs-ctl’s ``restart’’ and ``force-reload-kmod’’ functions
266 use the above config option during hot upgrades.
267 other_config : flow-limit: optional string, containing an integer, at
269 least 0
270 The maximum number of flows allowed in the datapath flow table.
271 Internally OVS will choose a flow limit which will likely be
272 lower than this number, based on real time network conditions.
273 Tweaking this value is discouraged unless you know exactly what
274 you’re doing.
275 The default is 200000.
277 other_config : max-idle: optional string, containing an integer, at
279 least 500
280 The maximum time (in ms) that idle flows will remain cached in
281 the datapath. Internally OVS will check the validity and activ‐
282 ity for datapath flows regularly and may expire flows quicker
283 than this number, based on real time network conditions. Tweak‐
284 ing this value is discouraged unless you know exactly what
285 you’re doing.
286 The default is 10000.
288 other_config : hw-offload: optional string, either true or false
290 Set this value to true to enable netdev flow offload.
291 The default value is false. Changing this value requires
293 restarting the daemon
294 Currently Open vSwitch supports hardware offloading on Linux
296 systems. On other systems, this value is ignored. This function‐
297 ality is considered ’experimental’. Depending on which OpenFlow
298 matches and actions are configured, which kernel version is
299 used, and what hardware is available, Open vSwitch may not be
300 able to offload functionality to hardware.
301 In order to dump HW offloaded flows use ovs-appctl
303 dpctl/dump-flows, ovs-dpctl doesn’t support this functionality.
304 See ovs-vswitchd(8) for details.
305 other_config : tc-policy: optional string, one of none, skip_hw, or
307 skip_sw
308 Specified the policy used with HW offloading. Options:
309 none Add software rule and offload rule to HW.
311 skip_sw
313 Offload rule to HW only.
314 skip_hw
316 Add software rule without offloading rule to HW.
317 This is only relevant if other_config:hw-offload is enabled.
319 The default value is none.
321 other_config : dpdk-init: optional string, one of false, true, or try
323 Set this value to true or try to enable runtime support for DPDK
324 ports. The vswitch must have compile-time support for DPDK as
325 well.
326 A value of true will cause the ovs-vswitchd process to abort if
328 DPDK cannot be initialized. A value of try will allow the ovs-
329 vswitchd process to continue running even if DPDK cannot be ini‐
330 tialized.
331 The default value is false. Changing this value requires
333 restarting the daemon
334 If this value is false at startup, any dpdk ports which are con‐
336 figured in the bridge will fail due to memory errors.
337 other_config : dpdk-lcore-mask: optional string, containing an integer,
339 at least 1
340 Specifies the CPU cores where dpdk lcore threads should be
341 spawned. The DPDK lcore threads are used for DPDK library tasks,
342 such as library internal message processing, logging, etc. Value
343 should be in the form of a hex string (so ’0x123’) similar to
344 the ’taskset’ mask input.
345 The lowest order bit corresponds to the first CPU core. A set
347 bit means the corresponding core is available and an lcore
348 thread will be created and pinned to it. If the input does not
349 cover all cores, those uncovered cores are considered not set.
350 For performance reasons, it is best to set this to a single core
352 on the system, rather than allow lcore threads to float.
353 If not specified, the value will be determined by choosing the
355 lowest CPU core from initial cpu affinity list. Otherwise, the
356 value will be passed directly to the DPDK library.
357 other_config : pmd-cpu-mask: optional string
359 Specifies CPU mask for setting the cpu affinity of PMD (Poll
360 Mode Driver) threads. Value should be in the form of hex string,
361 similar to the dpdk EAL ’-c COREMASK’ option input or the
362 ’taskset’ mask input.
363 The lowest order bit corresponds to the first CPU core. A set
365 bit means the corresponding core is available and a pmd thread
366 will be created and pinned to it. If the input does not cover
367 all cores, those uncovered cores are considered not set.
368 If not specified, one pmd thread will be created for each numa
370 node and pinned to any available core on the numa node by
371 default.
372 other_config : dpdk-alloc-mem: optional string, containing an integer,
374 at least 0
375 Specifies the amount of memory to preallocate from the hugepage
376 pool, regardless of socket. It is recommended that dpdk-socket-
377 mem is used instead.
378 other_config : dpdk-socket-mem: optional string
380 Specifies the amount of memory to preallocate from the hugepage
381 pool, on a per-socket basis.
382 The specifier is a comma-separated string, in ascending order of
384 CPU socket. E.g. On a four socket system 1024,0,2048 would set
385 socket 0 to preallocate 1024MB, socket 1 to preallocate 0MB,
386 socket 2 to preallocate 2048MB and socket 3 (no value given) to
387 preallocate 0MB.
388 If dpdk-socket-mem and dpdk-alloc-mem are not specified, dpdk-
390 socket-mem will be used and the default value is 1024 for each
391 numa node. If dpdk-socket-mem and dpdk-alloc-mem are specified
392 at same time, dpdk-socket-mem will be used as default. Changing
393 this value requires restarting the daemon.
394 other_config : dpdk-socket-limit: optional string
396 Limits the maximum amount of memory that can be used from the
397 hugepage pool, on a per-socket basis.
398 The specifier is a comma-separated list of memory limits per
400 socket. 0 will disable the limit for a particular socket.
401 If not specified, OVS will configure limits equal to the amount
403 of preallocated memory specified by other_config:dpdk-socket-mem
404 or --socket-mem in other_config:dpdk-extra. If none of the above
405 options specified or --legacy-mem provided in other_config:dpdk-
406 extra, limits will not be applied. Changing this value requires
407 restarting the daemon.
408 other_config : dpdk-hugepage-dir: optional string
410 Specifies the path to the hugetlbfs mount point.
411 If not specified, this will be guessed by the DPDK library
413 (default is /dev/hugepages). Changing this value requires
414 restarting the daemon.
415 other_config : dpdk-extra: optional string
417 Specifies additional eal command line arguments for DPDK.
418 The default is empty. Changing this value requires restarting
420 the daemon
421 other_config : vhost-sock-dir: optional string
423 Specifies a relative path from external_ids:rundir to the vhost-
424 user unix domain socket files. If this value is unset, the sock‐
425 ets are put directly in external_ids:rundir.
426 Changing this value requires restarting the daemon.
428 other_config : vhost-iommu-support: optional string, either true or
430 false
431 vHost IOMMU is a security feature, which restricts the vhost
432 memory that a virtio device may access. vHost IOMMU support is
433 disabled by default, due to a bug in QEMU implementations of the
434 vhost REPLY_ACK protocol, (on which vHost IOMMU relies) prior to
435 v2.9.1. Setting this value to true enables vHost IOMMU support
436 for vHost User Client ports in OvS-DPDK, starting from DPDK
437 v17.11.
438 Changing this value requires restarting the daemon.
440 other_config : vhost-postcopy-support: optional string, either true or
442 false
443 vHost post-copy is a feature which allows switching live migra‐
444 tion of VM attached to dpdkvhostuserclient port to post-copy
445 mode if default pre-copy migration can not be converged or takes
446 too long to converge. Setting this value to true enables vHost
447 post-copy support for all dpdkvhostuserclient ports. Available
448 starting from DPDK v18.11 and QEMU 2.12.
449 Changing this value requires restarting the daemon.
451 other_config : per-port-memory: optional string, either true or false
453 By default OVS DPDK uses a shared memory model wherein devices
454 that have the same MTU and socket values can share the same mem‐
455 pool. Setting this value to true changes this behaviour. Per
456 port memory allow DPDK devices to use private memory per device.
457 This can provide greater transparency as regards memory usage
458 but potentially at the cost of greater memory requirements.
459 Changing this value requires restarting the daemon if dpdk-init
461 has already been set to true.
462 other_config : tx-flush-interval: optional string, containing an inte‐
464 ger, in range 0 to 1,000,000
465 Specifies the time in microseconds that a packet can wait in
466 output batch for sending i.e. amount of time that packet can
467 spend in an intermediate output queue before sending to netdev.
468 This option can be used to configure balance between throughput
469 and latency. Lower values decreases latency while higher values
470 may be useful to achieve higher performance.
471 Defaults to 0 i.e. instant packet sending (latency optimized).
473 other_config : pmd-perf-metrics: optional string, either true or false
475 Enables recording of detailed PMD performance metrics for analy‐
476 sis and trouble-shooting. This can have a performance impact in
477 the order of 1%.
478 Defaults to false but can be changed at any time.
480 other_config : smc-enable: optional string, either true or false
482 Signature match cache or SMC is a cache between EMC and megaflow
483 cache. It does not store the full key of the flow, so it is more
484 memory efficient comparing to EMC cache. SMC is especially use‐
485 ful when flow count is larger than EMC capacity.
486 Defaults to false but can be changed at any time.
488 other_config : pmd-rxq-assign: optional string, either cycles or
490 roundrobin
491 Specifies how RX queues will be automatically assigned to CPU
492 cores. Options:
493 cycles Rxqs will be sorted by order of measured processing
495 cycles before being assigned to CPU cores.
496 roundrobin
498 Rxqs will be round-robined across CPU cores.
499 The default value is cycles.
501 Changing this value will affect an automatic re-assignment of
503 Rxqs to CPUs. Note: Rxqs mapped to CPU cores with pmd-rxq-affin‐
504 ity are unaffected.
505 other_config : n-handler-threads: optional string, containing an inte‐
507 ger, at least 1
508 Specifies the number of threads for software datapaths to use
509 for handling new flows. The default the number of online CPU
510 cores minus the number of revalidators.
511 This configuration is per datapath. If you have more than one
513 software datapath (e.g. some system bridges and some netdev
514 bridges), then the total number of threads is n-handler-threads
515 times the number of software datapaths.
516 other_config : n-revalidator-threads: optional string, containing an
518 integer, at least 1
519 Specifies the number of threads for software datapaths to use
520 for revalidating flows in the datapath. Typically, there is a
521 direct correlation between the number of revalidator threads,
522 and the number of flows allowed in the datapath. The default is
523 the number of cpu cores divided by four plus one. If n-han‐
524 dler-threads is set, the default changes to the number of cpu
525 cores minus the number of handler threads.
526 This configuration is per datapath. If you have more than one
528 software datapath (e.g. some system bridges and some netdev
529 bridges), then the total number of threads is n-handler-threads
530 times the number of software datapaths.
531 other_config : emc-insert-inv-prob: optional string, containing an
533 integer, in range 0 to 4,294,967,295
534 Specifies the inverse probability (1/emc-insert-inv-prob) of a
535 flow being inserted into the Exact Match Cache (EMC). On average
536 one in every emc-insert-inv-prob packets that generate a unique
537 flow will cause an insertion into the EMC. A value of 1 will
538 result in an insertion for every flow (1/1 = 100%) whereas a
539 value of zero will result in no insertions and essentially dis‐
540 able the EMC.
541 Defaults to 100 ie. there is (1/100 =) 1% chance of EMC inser‐
543 tion.
544 other_config : vlan-limit: optional string, containing an integer, at
546 least 0
547 Limits the number of VLAN headers that can be matched to the
548 specified number. Further VLAN headers will be treated as pay‐
549 load, e.g. a packet with more 802.1q headers will match Ethernet
550 type 0x8100.
551 Open vSwitch userspace currently supports at most 2 VLANs, and
553 each datapath has its own limit. If vlan-limit is nonzero, it
554 acts as a further limit.
555 If this value is absent, the default is currently 1. This main‐
557 tains backward compatibility with controllers that were designed
558 for use with Open vSwitch versions earlier than 2.8, which only
559 supported one VLAN.
560 other_config : bundle-idle-timeout: optional string, containing an
562 integer, at least 1
563 The maximum time (in seconds) that idle bundles will wait to be
564 expired since it was either opened, modified or closed.
565 OpenFlow specification mandates the timeout to be at least one
567 second. The default is 10 seconds.
568 other_config : offload-rebalance: optional string, either true or false
570 Configures HW offload rebalancing, that allows to dynamically
571 offload and un-offload flows while an offload-device is out of
572 resources (OOR). This policy allows flows to be selected for
573 offloading based on the packets-per-second (pps) rate of flows.
574 Set this value to true to enable this option.
576 The default value is false. Changing this value requires
578 restarting the daemon.
579 This is only relevant if HW offloading is enabled (hw-offload).
581 When this policy is enabled, it also requires ’tc-policy’ to be
582 set to ’skip_sw’.
583 other_config : pmd-auto-lb: optional string, either true or false
585 Configures PMD Auto Load Balancing that allows automatic assign‐
586 ment of RX queues to PMDs if any of PMDs is overloaded (i.e.
587 processing cycles > 95%).
588 It uses current scheme of cycle based assignment of RX queues
590 that are not statically pinned to PMDs.
591 The default value is false.
593 Set this value to true to enable this option. It is currently
595 disabled by default and an experimental feature.
596 This only comes in effect if cycle based assignment is enabled
598 and there are more than one non-isolated PMDs present and at
599 least one of it polls more than one queue.
600 other_config : pmd-auto-lb-rebal-interval: optional string, containing
602 an integer, in range 0 to 20,000
603 The minimum time (in minutes) 2 consecutive PMD Auto Load Bal‐
604 ancing iterations.
605 The defaul value is 1 min. If configured to 0 then it would be
607 converted to default value i.e. 1 min
608 This option can be configured to avoid frequent trigger of auto
610 load balancing of PMDs. For e.g. set the value (in min) such
611 that it occurs once in few hours or a day or a week.
612 Status:
614 next_cfg: integer
616 Sequence number for client to increment. When a client modifies
617 any part of the database configuration and wishes to wait for
618 Open vSwitch to finish applying the changes, it may increment
619 this sequence number.
620 cur_cfg: integer
622 Sequence number that Open vSwitch sets to the current value of
623 next_cfg after it finishes applying a set of configuration
624 changes.
625 dpdk_initialized: boolean
627 True if other_config:dpdk-init is set to true and the DPDK
628 library is successfully initialized.
629 Statistics:
631 The statistics column contains key-value pairs that report statistics
633 about a system running an Open vSwitch. These are updated periodically
634 (currently, every 5 seconds). Key-value pairs that cannot be determined
635 or that do not apply to a platform are omitted.
636 other_config : enable-statistics: optional string, either true or false
638 Statistics are disabled by default to avoid overhead in the com‐
639 mon case when statistics gathering is not useful. Set this value
640 to true to enable populating the statistics column or to false
641 to explicitly disable it.
642 statistics : cpu: optional string, containing an integer, at least 1
644 Number of CPU processors, threads, or cores currently online and
645 available to the operating system on which Open vSwitch is run‐
646 ning, as an integer. This may be less than the number installed,
647 if some are not online or if they are not available to the oper‐
648 ating system.
649 Open vSwitch userspace processes are not multithreaded, but the
651 Linux kernel-based datapath is.
652 statistics : load_average: optional string
654 A comma-separated list of three floating-point numbers, repre‐
655 senting the system load average over the last 1, 5, and 15 min‐
656 utes, respectively.
657 statistics : memory: optional string
659 A comma-separated list of integers, each of which represents a
660 quantity of memory in kilobytes that describes the operating
661 system on which Open vSwitch is running. In respective order,
662 these values are:
663 1. Total amount of RAM allocated to the OS.
665 2. RAM allocated to the OS that is in use.
667 3. RAM that can be flushed out to disk or otherwise discarded
669 if that space is needed for another purpose. This number is
670 necessarily less than or equal to the previous value.
671 4. Total disk space allocated for swap.
673 5. Swap space currently in use.
675 On Linux, all five values can be determined and are included. On
677 other operating systems, only the first two values can be deter‐
678 mined, so the list will only have two values.
679 statistics : process_NAME: optional string
681 One such key-value pair, with NAME replaced by a process name,
682 will exist for each running Open vSwitch daemon process, with
683 name replaced by the daemon’s name (e.g. process_ovs-vswitchd).
684 The value is a comma-separated list of integers. The integers
685 represent the following, with memory measured in kilobytes and
686 durations in milliseconds:
687 1. The process’s virtual memory size.
689 2. The process’s resident set size.
691 3. The amount of user and system CPU time consumed by the
693 process.
694 4. The number of times that the process has crashed and been
696 automatically restarted by the monitor.
697 5. The duration since the process was started.
699 6. The duration for which the process has been running.
701 The interpretation of some of these values depends on whether
703 the process was started with the --monitor. If it was not, then
704 the crash count will always be 0 and the two durations will
705 always be the same. If --monitor was given, then the crash count
706 may be positive; if it is, the latter duration is the amount of
707 time since the most recent crash and restart.
708 There will be one key-value pair for each file in Open vSwitch’s
710 ``run directory’’ (usually /var/run/openvswitch) whose name ends
711 in .pid, whose contents are a process ID, and which is locked by
712 a running process. The name is taken from the pidfile’s name.
713 Currently Open vSwitch is only able to obtain all of the above
715 detail on Linux systems. On other systems, the same key-value
716 pairs will be present but the values will always be the empty
717 string.
718 statistics : file_systems: optional string
720 A space-separated list of information on local, writable file
721 systems. Each item in the list describes one file system and
722 consists in turn of a comma-separated list of the following:
723 1. Mount point, e.g. / or /var/log. Any spaces or commas in the
725 mount point are replaced by underscores.
726 2. Total size, in kilobytes, as an integer.
728 3. Amount of storage in use, in kilobytes, as an integer.
730 This key-value pair is omitted if there are no local, writable
732 file systems or if Open vSwitch cannot obtain the needed infor‐
733 mation.
734 Version Reporting:
736 These columns report the types and versions of the hardware and soft‐
738 ware running Open vSwitch. We recommend in general that software should
739 test whether specific features are supported instead of relying on ver‐
740 sion number checks. These values are primarily intended for reporting
741 to human administrators.
742 ovs_version: optional string
744 The Open vSwitch version number, e.g. 1.1.0.
745 db_version: optional string
747 The database schema version number, e.g. 1.2.3. See ovsdb-
748 tool(1) for an explanation of the numbering scheme.
749 The schema version is part of the database schema, so it can
751 also be retrieved by fetching the schema using the Open vSwitch
752 database protocol.
753 system_type: optional string
755 An identifier for the type of system on top of which Open
756 vSwitch runs, e.g. XenServer or KVM.
757 System integrators are responsible for choosing and setting an
759 appropriate value for this column.
760 system_version: optional string
762 The version of the system identified by system_type, e.g.
763 5.6.100-39265p on XenServer 5.6.100 build 39265.
764 System integrators are responsible for choosing and setting an
766 appropriate value for this column.
767 dpdk_version: optional string
769 The version of the linked DPDK library.
770 Capabilities:
772 These columns report capabilities of the Open vSwitch instance.
774 datapath_types: set of strings
776 This column reports the different dpifs registered with the sys‐
777 tem. These are the values that this instance supports in the
778 datapath_type column of the Bridge table.
779 iface_types: set of strings
781 This column reports the different netdevs registered with the
782 system. These are the values that this instance supports in the
783 type column of the Interface table.
784 Database Configuration:
786 These columns primarily configure the Open vSwitch database
788 (ovsdb-server), not the Open vSwitch switch (ovs-vswitchd). The OVSDB
789 database also uses the ssl settings.
790 The Open vSwitch switch does read the database configuration to deter‐
792 mine remote IP addresses to which in-band control should apply.
793 manager_options: set of Managers
795 Database clients to which the Open vSwitch database server
796 should connect or to which it should listen, along with options
797 for how these connections should be configured. See the Manager
798 table for more information.
799 For this column to serve its purpose, ovsdb-server must be con‐
801 figured to honor it. The easiest way to do this is to invoke
802 ovsdb-server with the option
803 --remote=db:Open_vSwitch,Open_vSwitch,manager_options The
804 startup scripts that accompany Open vSwitch do this by default.
805 IPsec:
807 These settings control the global configuration of IPsec tunnels. The
809 options column of the Interface table configures IPsec for individual
810 tunnels.
811 OVS IPsec supports the following three forms of authentication. Cur‐
813 rently, all IPsec tunnels must use the same form:
814 1. Pre-shared keys: Omit the global settings. On each tunnel,
816 set options:psk.
817 2. Self-signed certificates: Set the private_key and certifi‐
819 cate global settings. On each tunnel, set
820 options:remote_cert. The remote certificate can be self-
821 signed.
822 3. CA-signed certificates: Set all of the global settings. On
824 each tunnel, set options:remote_name to the common name (CN)
825 of the remote certificate. The remote certificate must be
826 signed by the CA.
827 other_config : private_key: optional string
829 Name of a PEM file containing the private key used as the
830 switch’s identity for IPsec tunnels.
831 other_config : certificate: optional string
833 Name of a PEM file containing a certificate that certifies the
834 switch’s private key, and identifies a trustworthy switch for
835 IPsec tunnels. The certificate must be x.509 version 3 and with
836 the string in common name (CN) also set in the subject alterna‐
837 tive name (SAN).
838 other_config : ca_cert: optional string
840 Name of a PEM file containing the CA certificate used to verify
841 that a remote switch of the IPsec tunnel is trustworthy.
842 Plaintext Tunnel Policy:
844 When an IPsec tunnel is configured in this database, multiple indepen‐
846 dent components take responsibility for implementing it. ovs-vswitchd
847 and its datapath handle packet forwarding to the tunnel and a separate
848 daemon pushes the tunnel’s IPsec policy configuration to the kernel or
849 other entity that implements it. There is a race: if the former config‐
850 uration completes before the latter, then packets sent by the local
851 host over the tunnel can be transmitted in plaintext. Using this set‐
852 ting, OVS users can avoid this undesirable situation.
853 other_config : ipsec_skb_mark: optional string
855 This setting takes the form value/mask. If it is specified, then
856 the skb_mark field in every outgoing tunneled packet sent in
857 plaintext is compared against it and, if it matches, the packet
858 is dropped. This is a global setting that is applied to every
859 tunneled packet, regardless of whether IPsec encryption is
860 enabled for the tunnel, the type of tunnel, or whether OVS is
861 involved.
862 Example policies:
864 1/1 Drop all unencrypted tunneled packets in which the least-
866 significant bit of skb_mark is 1. This would be a useful
867 policy given an OpenFlow flow table that sets skb_mark to
868 1 for traffic that should be encrypted. The default
869 skb_mark is 0, so this would not affect other traffic.
870 0/1 Drop all unencrypted tunneled packets in which the least-
872 significant bit of skb_mark is 0. This would be a useful
873 policy if no unencrypted tunneled traffic should exit the
874 system without being specially whitelisted by setting
875 skb_mark to 1.
876 (empty)
878 If this setting is empty or unset, then all unencrypted
879 tunneled packets are transmitted in the usual way.
880 Common Columns:
882 The overall purpose of these columns is described under Common Columns
884 at the beginning of this document.
885 other_config: map of string-string pairs
887 external_ids: map of string-string pairs
889
891 Configuration for a bridge within an Open_vSwitch.
892 A Bridge record represents an Ethernet switch with one or more
894 ``ports,’’ which are the Port records pointed to by the Bridge’s ports
895 column.
896 Summary:
898 Core Features:
899 name immutable string (must be unique within
900 table)
901 ports set of Ports
902 mirrors set of Mirrors
903 netflow optional NetFlow
904 sflow optional sFlow
905 ipfix optional IPFIX
906 flood_vlans set of up to 4,096 integers, in range 0
907 to 4,095
908 auto_attach optional AutoAttach
909 OpenFlow Configuration:
910 controller set of Controllers
911 flow_tables map of integer-Flow_Table pairs, key in
912 range 0 to 254
913 fail_mode optional string, either secure or stand‐
914 alone
915 datapath_id optional string
916 datapath_version string
917 other_config : datapath-id optional string
918 other_config : dp-desc optional string
919 other_config : disable-in-band
920 optional string, either true or false
921 other_config : in-band-queue
922 optional string, containing an integer,
923 in range 0 to 4,294,967,295
924 protocols set of strings, one of OpenFlow10, Open‐
925 Flow11, OpenFlow12, OpenFlow13, Open‐
926 Flow14, or OpenFlow15
927 Spanning Tree Configuration:
928 STP Configuration:
929 stp_enable boolean
930 other_config : stp-system-id
931 optional string
932 other_config : stp-priority
933 optional string, containing an integer,
934 in range 0 to 65,535
935 other_config : stp-hello-time
936 optional string, containing an integer,
937 in range 1 to 10
938 other_config : stp-max-age
939 optional string, containing an integer,
940 in range 6 to 40
941 other_config : stp-forward-delay
942 optional string, containing an integer,
943 in range 4 to 30
944 other_config : mcast-snooping-aging-time
945 optional string, containing an integer,
946 at least 1
947 other_config : mcast-snooping-table-size
948 optional string, containing an integer,
949 at least 1
950 other_config : mcast-snooping-disable-flood-unregistered
951 optional string, either true or false
952 STP Status:
953 status : stp_bridge_id optional string
954 status : stp_designated_root
955 optional string
956 status : stp_root_path_cost
957 optional string
958 Rapid Spanning Tree:
959 RSTP Configuration:
960 rstp_enable boolean
961 other_config : rstp-address
962 optional string
963 other_config : rstp-priority
964 optional string, containing an integer,
965 in range 0 to 61,440
966 other_config : rstp-ageing-time
967 optional string, containing an integer,
968 in range 10 to 1,000,000
969 other_config : rstp-force-protocol-version
970 optional string, containing an integer
971 other_config : rstp-max-age
972 optional string, containing an integer,
973 in range 6 to 40
974 other_config : rstp-forward-delay
975 optional string, containing an integer,
976 in range 4 to 30
977 other_config : rstp-transmit-hold-count
978 optional string, containing an integer,
979 in range 1 to 10
980 RSTP Status:
981 rstp_status : rstp_bridge_id
982 optional string
983 rstp_status : rstp_root_id
984 optional string
985 rstp_status : rstp_root_path_cost
986 optional string, containing an integer,
987 at least 0
988 rstp_status : rstp_designated_id
989 optional string
990 rstp_status : rstp_designated_port_id
991 optional string
992 rstp_status : rstp_bridge_port_id
993 optional string
994 Multicast Snooping Configuration:
995 mcast_snooping_enable boolean
996 Other Features:
997 datapath_type string
998 external_ids : bridge-id optional string
999 external_ids : xs-network-uuids
1000 optional string
1001 other_config : hwaddr optional string
1002 other_config : forward-bpdu
1003 optional string, either true or false
1004 other_config : mac-aging-time
1005 optional string, containing an integer,
1006 at least 1
1007 other_config : mac-table-size
1008 optional string, containing an integer,
1009 at least 1
1010 Common Columns:
1011 other_config map of string-string pairs
1012 external_ids map of string-string pairs
1013 Details:
1015 Core Features:
1016 name: immutable string (must be unique within table)
1018 Bridge identifier. Must be unique among the names of ports,
1019 interfaces, and bridges on a host.
1020 The name must be alphanumeric and must not contain forward or
1022 backward slashes. The name of a bridge is also the name of an
1023 Interface (and a Port) within the bridge, so the restrictions on
1024 the name column in the Interface table, particularly on length,
1025 also apply to bridge names. Refer to the documentation for
1026 Interface names for details.
1027 ports: set of Ports
1029 Ports included in the bridge.
1030 mirrors: set of Mirrors
1032 Port mirroring configuration.
1033 netflow: optional NetFlow
1035 NetFlow configuration.
1036 sflow: optional sFlow
1038 sFlow(R) configuration.
1039 ipfix: optional IPFIX
1041 IPFIX configuration.
1042 flood_vlans: set of up to 4,096 integers, in range 0 to 4,095
1044 VLAN IDs of VLANs on which MAC address learning should be dis‐
1045 abled, so that packets are flooded instead of being sent to spe‐
1046 cific ports that are believed to contain packets’ destination
1047 MACs. This should ordinarily be used to disable MAC learning on
1048 VLANs used for mirroring (RSPAN VLANs). It may also be useful
1049 for debugging.
1050 SLB bonding (see the bond_mode column in the Port table) is
1052 incompatible with flood_vlans. Consider using another bonding
1053 mode or a different type of mirror instead.
1054 auto_attach: optional AutoAttach
1056 Auto Attach configuration.
1057 OpenFlow Configuration:
1059 controller: set of Controllers
1061 OpenFlow controller set. If unset, then no OpenFlow controllers
1062 will be used.
1063 If there are primary controllers, removing all of them clears
1065 the OpenFlow flow tables, group table, and meter table. If there
1066 are no primary controllers, adding one also clears these tables.
1067 Other changes to the set of controllers, such as adding or
1068 removing a service controller, adding another primary controller
1069 to supplement an existing primary controller, or removing only
1070 one of two primary controllers, have no effect on these tables.
1071 flow_tables: map of integer-Flow_Table pairs, key in range 0 to 254
1073 Configuration for OpenFlow tables. Each pair maps from an Open‐
1074 Flow table ID to configuration for that table.
1075 fail_mode: optional string, either secure or standalone
1077 When a controller is configured, it is, ordinarily, responsible
1078 for setting up all flows on the switch. Thus, if the connection
1079 to the controller fails, no new network connections can be set
1080 up. If the connection to the controller stays down long enough,
1081 no packets can pass through the switch at all. This setting
1082 determines the switch’s response to such a situation. It may be
1083 set to one of the following:
1084 standalone
1086 If no message is received from the controller for three
1087 times the inactivity probe interval (see inactiv‐
1088 ity_probe), then Open vSwitch will take over responsibil‐
1089 ity for setting up flows. In this mode, Open vSwitch
1090 causes the bridge to act like an ordinary MAC-learning
1091 switch. Open vSwitch will continue to retry connecting to
1092 the controller in the background and, when the connection
1093 succeeds, it will discontinue its standalone behavior.
1094 secure Open vSwitch will not set up flows on its own when the
1096 controller connection fails or when no controllers are
1097 defined. The bridge will continue to retry connecting to
1098 any defined controllers forever.
1099 The default is standalone if the value is unset, but future ver‐
1101 sions of Open vSwitch may change the default.
1102 The standalone mode can create forwarding loops on a bridge that
1104 has more than one uplink port unless STP is enabled. To avoid
1105 loops on such a bridge, configure secure mode or enable STP (see
1106 stp_enable).
1107 The fail_mode setting applies only to primary controllers. When
1109 more than one primary controller is configured, fail_mode is
1110 considered only when none of the configured controllers can be
1111 contacted.
1112 Changing fail_mode when no primary controllers are configured
1114 clears the OpenFlow flow tables, group table, and meter table.
1115 datapath_id: optional string
1117 Reports the OpenFlow datapath ID in use. Exactly 16 hex digits.
1118 (Setting this column has no useful effect. Set other-con‐
1119 fig:datapath-id instead.)
1120 datapath_version: string
1122 Reports the version number of the Open vSwitch datapath in use.
1123 This allows management software to detect and report discrepan‐
1124 cies between Open vSwitch userspace and datapath versions. (The
1125 ovs_version column in the Open_vSwitch reports the Open vSwitch
1126 userspace version.) The version reported depends on the datapath
1127 in use:
1128 · When the kernel module included in the Open vSwitch
1130 source tree is used, this column reports the Open vSwitch
1131 version from which the module was taken.
1132 · When the kernel module that is part of the upstream Linux
1134 kernel is used, this column reports <unknown>.
1135 · When the datapath is built into the ovs-vswitchd binary,
1137 this column reports <built-in>. A built-in datapath is by
1138 definition the same version as the rest of the Open
1139 VSwitch userspace.
1140 · Other datapaths (such as the Hyper-V kernel datapath)
1142 currently report <unknown>.
1143 A version discrepancy between ovs-vswitchd and the datapath in
1145 use is not normally cause for alarm. The Open vSwitch kernel
1146 datapaths for Linux and Hyper-V, in particular, are designed for
1147 maximum inter-version compatibility: any userspace version works
1148 with with any kernel version. Some reasons do exist to insist on
1149 particular user/kernel pairings. First, newer kernel versions
1150 add new features, that can only be used by new-enough userspace,
1151 e.g. VXLAN tunneling requires certain minimal userspace and ker‐
1152 nel versions. Second, as an extension to the first reason, some
1153 newer kernel versions add new features for enhancing performance
1154 that only new-enough userspace versions can take advantage of.
1155 other_config : datapath-id: optional string
1157 Overrides the default OpenFlow datapath ID, setting it to the
1158 specified value specified in hex. The value must either have a
1159 0x prefix or be exactly 16 hex digits long. May not be all-zero.
1160 other_config : dp-desc: optional string
1162 Human readable description of datapath. It is a maximum 256
1163 byte-long free-form string to describe the datapath for debug‐
1164 ging purposes, e.g. switch3 in room 3120.
1165 other_config : disable-in-band: optional string, either true or false
1167 If set to true, disable in-band control on the bridge regardless
1168 of controller and manager settings.
1169 other_config : in-band-queue: optional string, containing an integer,
1171 in range 0 to 4,294,967,295
1172 A queue ID as a nonnegative integer. This sets the OpenFlow
1173 queue ID that will be used by flows set up by in-band control on
1174 this bridge. If unset, or if the port used by an in-band control
1175 flow does not have QoS configured, or if the port does not have
1176 a queue with the specified ID, the default queue is used
1177 instead.
1178 protocols: set of strings, one of OpenFlow10, OpenFlow11, OpenFlow12,
1180 OpenFlow13, OpenFlow14, or OpenFlow15
1181 List of OpenFlow protocols that may be used when negotiating a
1182 connection with a controller. OpenFlow 1.0, 1.1, 1.2, 1.3, 1.4,
1183 and 1.5 are enabled by default if this column is empty.
1184 Spanning Tree Configuration:
1186 The IEEE 802.1D Spanning Tree Protocol (STP) is a network protocol that
1188 ensures loop-free topologies. It allows redundant links to be included
1189 in the network to provide automatic backup paths if the active links
1190 fails.
1191 These settings configure the slower-to-converge but still widely sup‐
1193 ported version of Spanning Tree Protocol, sometimes known as
1194 802.1D-1998. Open vSwitch also supports the newer Rapid Spanning Tree
1195 Protocol (RSTP), documented later in the section titled Rapid Spanning
1196 Tree Configuration.
1197 STP Configuration:
1199 stp_enable: boolean
1201 Enable spanning tree on the bridge. By default, STP is disabled
1202 on bridges. Bond, internal, and mirror ports are not supported
1203 and will not participate in the spanning tree.
1204 STP and RSTP are mutually exclusive. If both are enabled, RSTP
1206 will be used.
1207 other_config : stp-system-id: optional string
1209 The bridge’s STP identifier (the lower 48 bits of the bridge-id)
1210 in the form xx:xx:xx:xx:xx:xx. By default, the identifier is the
1211 MAC address of the bridge.
1212 other_config : stp-priority: optional string, containing an integer, in
1214 range 0 to 65,535
1215 The bridge’s relative priority value for determining the root
1216 bridge (the upper 16 bits of the bridge-id). A bridge with the
1217 lowest bridge-id is elected the root. By default, the priority
1218 is 0x8000.
1219 other_config : stp-hello-time: optional string, containing an integer,
1221 in range 1 to 10
1222 The interval between transmissions of hello messages by desig‐
1223 nated ports, in seconds. By default the hello interval is 2 sec‐
1224 onds.
1225 other_config : stp-max-age: optional string, containing an integer, in
1227 range 6 to 40
1228 The maximum age of the information transmitted by the bridge
1229 when it is the root bridge, in seconds. By default, the maximum
1230 age is 20 seconds.
1231 other_config : stp-forward-delay: optional string, containing an inte‐
1233 ger, in range 4 to 30
1234 The delay to wait between transitioning root and designated
1235 ports to forwarding, in seconds. By default, the forwarding
1236 delay is 15 seconds.
1237 other_config : mcast-snooping-aging-time: optional string, containing
1239 an integer, at least 1
1240 The maximum number of seconds to retain a multicast snooping
1241 entry for which no packets have been seen. The default is cur‐
1242 rently 300 seconds (5 minutes). The value, if specified, is
1243 forced into a reasonable range, currently 15 to 3600 seconds.
1244 other_config : mcast-snooping-table-size: optional string, containing
1246 an integer, at least 1
1247 The maximum number of multicast snooping addresses to learn. The
1248 default is currently 2048. The value, if specified, is forced
1249 into a reasonable range, currently 10 to 1,000,000.
1250 other_config : mcast-snooping-disable-flood-unregistered: optional
1252 string, either true or false
1253 If set to false, unregistered multicast packets are forwarded to
1254 all ports. If set to true, unregistered multicast packets are
1255 forwarded to ports connected to multicast routers.
1256 STP Status:
1258 These key-value pairs report the status of 802.1D-1998. They are
1260 present only if STP is enabled (via the stp_enable column).
1261 status : stp_bridge_id: optional string
1263 The bridge ID used in spanning tree advertisements, in the form
1264 xxxx.yyyyyyyyyyyy where the xs are the STP priority, the ys are
1265 the STP system ID, and each x and y is a hex digit.
1266 status : stp_designated_root: optional string
1268 The designated root for this spanning tree, in the same form as
1269 status:stp_bridge_id. If this bridge is the root, this will have
1270 the same value as status:stp_bridge_id, otherwise it will dif‐
1271 fer.
1272 status : stp_root_path_cost: optional string
1274 The path cost of reaching the designated bridge. A lower number
1275 is better. The value is 0 if this bridge is the root, otherwise
1276 it is higher.
1277 Rapid Spanning Tree:
1279 Rapid Spanning Tree Protocol (RSTP), like STP, is a network protocol
1281 that ensures loop-free topologies. RSTP superseded STP with the publi‐
1282 cation of 802.1D-2004. Compared to STP, RSTP converges more quickly and
1283 recovers more quickly from failures.
1284 RSTP Configuration:
1286 rstp_enable: boolean
1288 Enable Rapid Spanning Tree on the bridge. By default, RSTP is
1289 disabled on bridges. Bond, internal, and mirror ports are not
1290 supported and will not participate in the spanning tree.
1291 STP and RSTP are mutually exclusive. If both are enabled, RSTP
1293 will be used.
1294 other_config : rstp-address: optional string
1296 The bridge’s RSTP address (the lower 48 bits of the bridge-id)
1297 in the form xx:xx:xx:xx:xx:xx. By default, the address is the
1298 MAC address of the bridge.
1299 other_config : rstp-priority: optional string, containing an integer,
1301 in range 0 to 61,440
1302 The bridge’s relative priority value for determining the root
1303 bridge (the upper 16 bits of the bridge-id). A bridge with the
1304 lowest bridge-id is elected the root. By default, the priority
1305 is 0x8000 (32768). This value needs to be a multiple of 4096,
1306 otherwise it’s rounded to the nearest inferior one.
1307 other_config : rstp-ageing-time: optional string, containing an inte‐
1309 ger, in range 10 to 1,000,000
1310 The Ageing Time parameter for the Bridge. The default value is
1311 300 seconds.
1312 other_config : rstp-force-protocol-version: optional string, containing
1314 an integer
1315 The Force Protocol Version parameter for the Bridge. This can
1316 take the value 0 (STP Compatibility mode) or 2 (the default,
1317 normal operation).
1318 other_config : rstp-max-age: optional string, containing an integer, in
1320 range 6 to 40
1321 The maximum age of the information transmitted by the Bridge
1322 when it is the Root Bridge. The default value is 20.
1323 other_config : rstp-forward-delay: optional string, containing an inte‐
1325 ger, in range 4 to 30
1326 The delay used by STP Bridges to transition Root and Designated
1327 Ports to Forwarding. The default value is 15.
1328 other_config : rstp-transmit-hold-count: optional string, containing an
1330 integer, in range 1 to 10
1331 The Transmit Hold Count used by the Port Transmit state machine
1332 to limit transmission rate. The default value is 6.
1333 RSTP Status:
1335 These key-value pairs report the status of 802.1D-2004. They are
1337 present only if RSTP is enabled (via the rstp_enable column).
1338 rstp_status : rstp_bridge_id: optional string
1340 The bridge ID used in rapid spanning tree advertisements, in the
1341 form x.yyy.zzzzzzzzzzzz where x is the RSTP priority, the ys are
1342 a locally assigned system ID extension, the zs are the STP sys‐
1343 tem ID, and each x, y, or z is a hex digit.
1344 rstp_status : rstp_root_id: optional string
1346 The root of this spanning tree, in the same form as rstp_sta‐
1347 tus:rstp_bridge_id. If this bridge is the root, this will have
1348 the same value as rstp_status:rstp_bridge_id, otherwise it will
1349 differ.
1350 rstp_status : rstp_root_path_cost: optional string, containing an inte‐
1352 ger, at least 0
1353 The path cost of reaching the root. A lower number is better.
1354 The value is 0 if this bridge is the root, otherwise it is
1355 higher.
1356 rstp_status : rstp_designated_id: optional string
1358 The RSTP designated ID, in the same form as rstp_sta‐
1359 tus:rstp_bridge_id.
1360 rstp_status : rstp_designated_port_id: optional string
1362 The RSTP designated port ID, as a 4-digit hex number.
1363 rstp_status : rstp_bridge_port_id: optional string
1365 The RSTP bridge port ID, as a 4-digit hex number.
1366 Multicast Snooping Configuration:
1368 Multicast snooping (RFC 4541) monitors the Internet Group Management
1370 Protocol (IGMP) and Multicast Listener Discovery traffic between hosts
1371 and multicast routers. The switch uses what IGMP and MLD snooping
1372 learns to forward multicast traffic only to interfaces that are con‐
1373 nected to interested receivers. Currently it supports IGMPv1, IGMPv2,
1374 IGMPv3, MLDv1 and MLDv2 protocols.
1375 mcast_snooping_enable: boolean
1377 Enable multicast snooping on the bridge. For now, the default is
1378 disabled.
1379 Other Features:
1381 datapath_type: string
1383 Name of datapath provider. The kernel datapath has type system.
1384 The userspace datapath has type netdev. A manager may refer to
1385 the datapath_types column of the Open_vSwitch table for a list
1386 of the types accepted by this Open vSwitch instance.
1387 external_ids : bridge-id: optional string
1389 A unique identifier of the bridge. On Citrix XenServer this will
1390 commonly be the same as external_ids:xs-network-uuids.
1391 external_ids : xs-network-uuids: optional string
1393 Semicolon-delimited set of universally unique identifier(s) for
1394 the network with which this bridge is associated on a Citrix
1395 XenServer host. The network identifiers are RFC 4122 UUIDs as
1396 displayed by, e.g., xe network-list.
1397 other_config : hwaddr: optional string
1399 An Ethernet address in the form xx:xx:xx:xx:xx:xx to set the
1400 hardware address of the local port and influence the datapath
1401 ID.
1402 other_config : forward-bpdu: optional string, either true or false
1404 Controls forwarding of BPDUs and other network control frames
1405 when NORMAL action is invoked. When this option is false or
1406 unset, frames with reserved Ethernet addresses (see table below)
1407 will not be forwarded. When this option is true, such frames
1408 will not be treated specially.
1409 The above general rule has the following exceptions:
1411 · If STP is enabled on the bridge (see the stp_enable col‐
1413 umn in the Bridge table), the bridge processes all
1414 received STP packets and never passes them to OpenFlow or
1415 forwards them. This is true even if STP is disabled on an
1416 individual port.
1417 · If LLDP is enabled on an interface (see the lldp column
1419 in the Interface table), the interface processes received
1420 LLDP packets and never passes them to OpenFlow or for‐
1421 wards them.
1422 Set this option to true if the Open vSwitch bridge connects dif‐
1424 ferent Ethernet networks and is not configured to participate in
1425 STP.
1426 This option affects packets with the following destination MAC
1428 addresses:
1429 01:80:c2:00:00:00
1431 IEEE 802.1D Spanning Tree Protocol (STP).
1432 01:80:c2:00:00:01
1434 IEEE Pause frame.
1435 01:80:c2:00:00:0x
1437 Other reserved protocols.
1438 00:e0:2b:00:00:00
1440 Extreme Discovery Protocol (EDP).
1441 00:e0:2b:00:00:04 and 00:e0:2b:00:00:06
1443 Ethernet Automatic Protection Switching (EAPS).
1444 01:00:0c:cc:cc:cc
1446 Cisco Discovery Protocol (CDP), VLAN Trunking Protocol
1447 (VTP), Dynamic Trunking Protocol (DTP), Port Aggregation
1448 Protocol (PAgP), and others.
1449 01:00:0c:cc:cc:cd
1451 Cisco Shared Spanning Tree Protocol PVSTP+.
1452 01:00:0c:cd:cd:cd
1454 Cisco STP Uplink Fast.
1455 01:00:0c:00:00:00
1457 Cisco Inter Switch Link.
1458 01:00:0c:cc:cc:cx
1460 Cisco CFM.
1461 other_config : mac-aging-time: optional string, containing an integer,
1463 at least 1
1464 The maximum number of seconds to retain a MAC learning entry for
1465 which no packets have been seen. The default is currently 300
1466 seconds (5 minutes). The value, if specified, is forced into a
1467 reasonable range, currently 15 to 3600 seconds.
1468 A short MAC aging time allows a network to more quickly detect
1470 that a host is no longer connected to a switch port. However, it
1471 also makes it more likely that packets will be flooded unneces‐
1472 sarily, when they are addressed to a connected host that rarely
1473 transmits packets. To reduce the incidence of unnecessary flood‐
1474 ing, use a MAC aging time longer than the maximum interval at
1475 which a host will ordinarily transmit packets.
1476 other_config : mac-table-size: optional string, containing an integer,
1478 at least 1
1479 The maximum number of MAC addresses to learn. The default is
1480 currently 8192. The value, if specified, is forced into a rea‐
1481 sonable range, currently 10 to 1,000,000.
1482 Common Columns:
1484 The overall purpose of these columns is described under Common Columns
1486 at the beginning of this document.
1487 other_config: map of string-string pairs
1489 external_ids: map of string-string pairs
1491
1493 A port within a Bridge.
1494 Most commonly, a port has exactly one ``interface,’’ pointed to by its
1496 interfaces column. Such a port logically corresponds to a port on a
1497 physical Ethernet switch. A port with more than one interface is a
1498 ``bonded port’’ (see Bonding Configuration).
1499 Some properties that one might think as belonging to a port are actu‐
1501 ally part of the port’s Interface members.
1502 Summary:
1504 name immutable string (must be unique within
1505 table)
1506 interfaces set of 1 or more Interfaces
1507 VLAN Configuration:
1508 vlan_mode optional string, one of access,
1509 dot1q-tunnel, native-tagged,
1510 native-untagged, or trunk
1511 tag optional integer, in range 0 to 4,095
1512 trunks set of up to 4,096 integers, in range 0
1513 to 4,095
1514 cvlans set of up to 4,096 integers, in range 0
1515 to 4,095
1516 other_config : qinq-ethtype
1517 optional string, either 802.1ad or 802.1q
1518 other_config : priority-tags
1519 optional string, one of always,
1520 if-nonzero, or never
1521 Bonding Configuration:
1522 bond_mode optional string, one of active-backup,
1523 balance-slb, or balance-tcp
1524 other_config : bond-hash-basis
1525 optional string, containing an integer
1526 Link Failure Detection:
1527 other_config : bond-detect-mode
1528 optional string, either carrier or miimon
1529 other_config : bond-miimon-interval
1530 optional string, containing an integer
1531 bond_updelay integer
1532 bond_downdelay integer
1533 LACP Configuration:
1534 lacp optional string, one of active, off, or
1535 passive
1536 other_config : lacp-system-id
1537 optional string
1538 other_config : lacp-system-priority
1539 optional string, containing an integer,
1540 in range 1 to 65,535
1541 other_config : lacp-time optional string, either fast or slow
1542 other_config : lacp-fallback-ab
1543 optional string, either true or false
1544 Rebalancing Configuration:
1545 other_config : bond-rebalance-interval
1546 optional string, containing an integer,
1547 in range 0 to 10,000
1548 bond_fake_iface boolean
1549 Spanning Tree Protocol:
1550 STP Configuration:
1551 other_config : stp-enable
1552 optional string, either true or false
1553 other_config : stp-port-num
1554 optional string, containing an integer,
1555 in range 1 to 255
1556 other_config : stp-port-priority
1557 optional string, containing an integer,
1558 in range 0 to 255
1559 other_config : stp-path-cost
1560 optional string, containing an integer,
1561 in range 0 to 65,535
1562 STP Status:
1563 status : stp_port_id optional string
1564 status : stp_state optional string, one of blocking, dis‐
1565 abled, forwarding, learning, or listening
1566 status : stp_sec_in_state
1567 optional string, containing an integer,
1568 at least 0
1569 status : stp_role optional string, one of alternate, desig‐
1570 nated, or root
1571 Rapid Spanning Tree Protocol:
1572 RSTP Configuration:
1573 other_config : rstp-enable
1574 optional string, either true or false
1575 other_config : rstp-port-priority
1576 optional string, containing an integer,
1577 in range 0 to 240
1578 other_config : rstp-port-num
1579 optional string, containing an integer,
1580 in range 1 to 4,095
1581 other_config : rstp-port-path-cost
1582 optional string, containing an integer
1583 other_config : rstp-port-admin-edge
1584 optional string, either true or false
1585 other_config : rstp-port-auto-edge
1586 optional string, either true or false
1587 other_config : rstp-port-mcheck
1588 optional string, either true or false
1589 RSTP Status:
1590 rstp_status : rstp_port_id
1591 optional string
1592 rstp_status : rstp_port_role
1593 optional string, one of Alternate,
1594 Backup, Designated, Disabled, or Root
1595 rstp_status : rstp_port_state
1596 optional string, one of Disabled, Dis‐
1597 carding, Forwarding, or Learning
1598 rstp_status : rstp_designated_bridge_id
1599 optional string
1600 rstp_status : rstp_designated_port_id
1601 optional string
1602 rstp_status : rstp_designated_path_cost
1603 optional string, containing an integer
1604 RSTP Statistics:
1605 rstp_statistics : rstp_tx_count
1606 optional integer
1607 rstp_statistics : rstp_rx_count
1608 optional integer
1609 rstp_statistics : rstp_error_count
1610 optional integer
1611 rstp_statistics : rstp_uptime
1612 optional integer
1613 Multicast Snooping:
1614 other_config : mcast-snooping-flood
1615 optional string, either true or false
1616 other_config : mcast-snooping-flood-reports
1617 optional string, either true or false
1618 Other Features:
1619 qos optional QoS
1620 mac optional string
1621 fake_bridge boolean
1622 protected boolean
1623 external_ids : fake-bridge-id-*
1624 optional string
1625 other_config : transient optional string, either true or false
1626 bond_active_slave optional string
1627 Port Statistics:
1628 Statistics: STP transmit and receive counters:
1629 statistics : stp_tx_count
1630 optional integer
1631 statistics : stp_rx_count
1632 optional integer
1633 statistics : stp_error_count
1634 optional integer
1635 Common Columns:
1636 other_config map of string-string pairs
1637 external_ids map of string-string pairs
1638 Details:
1640 name: immutable string (must be unique within table)
1641 Port name. For a non-bonded port, this should be the same as its
1642 interface’s name. Port names must otherwise be unique among the
1643 names of ports, interfaces, and bridges on a host. Because port
1644 and interfaces names are usually the same, the restrictions on
1645 the name column in the Interface table, particularly on length,
1646 also apply to port names. Refer to the documentation for Inter‐
1647 face names for details.
1648 interfaces: set of 1 or more Interfaces
1650 The port’s interfaces. If there is more than one, this is a
1651 bonded Port.
1652 VLAN Configuration:
1654 In short, a VLAN (short for ``virtual LAN’’) is a way to partition a
1656 single switch into multiple switches. VLANs can be confusing, so for an
1657 introduction, please refer to the question ``What’s a VLAN?’’ in the
1658 Open vSwitch FAQ.
1659 A VLAN is sometimes encoded into a packet using a 802.1Q or 802.1ad
1661 VLAN header, but every packet is part of some VLAN whether or not it is
1662 encoded in the packet. (A packet that appears to have no VLAN is part
1663 of VLAN 0, by default.) As a result, it’s useful to think of a VLAN as
1664 a metadata property of a packet, separate from how the VLAN is encoded.
1665 For a given port, this column determines how the encoding of a packet
1666 that ingresses or egresses the port maps to the packet’s VLAN. When a
1667 packet enters the switch, its VLAN is determined based on its setting
1668 in this column and its VLAN headers, if any, and then, conceptually,
1669 the VLAN headers are then stripped off. Conversely, when a packet exits
1670 the switch, its VLAN and the settings in this column determine what
1671 VLAN headers, if any, are pushed onto the packet before it egresses the
1672 port.
1673 The VLAN configuration in this column affects Open vSwitch only when it
1675 is doing ``normal switching.’’ It does not affect flows set up by an
1676 OpenFlow controller, outside of the OpenFlow ``normal action.’’
1677 Bridge ports support the following types of VLAN configuration:
1679 trunk A trunk port carries packets on one or more specified
1681 VLANs specified in the trunks column (often, on every
1682 VLAN). A packet that ingresses on a trunk port is in the
1683 VLAN specified in its 802.1Q header, or VLAN 0 if the
1684 packet has no 802.1Q header. A packet that egresses
1685 through a trunk port will have an 802.1Q header if it has
1686 a nonzero VLAN ID.
1687 Any packet that ingresses on a trunk port tagged with a
1689 VLAN that the port does not trunk is dropped.
1690 access An access port carries packets on exactly one VLAN speci‐
1692 fied in the tag column. Packets egressing on an access
1693 port have no 802.1Q header.
1694 Any packet with an 802.1Q header with a nonzero VLAN ID
1696 that ingresses on an access port is dropped, regardless
1697 of whether the VLAN ID in the header is the access port’s
1698 VLAN ID.
1699 native-tagged
1701 A native-tagged port resembles a trunk port, with the
1702 exception that a packet without an 802.1Q header that
1703 ingresses on a native-tagged port is in the ``native
1704 VLAN’’ (specified in the tag column).
1705 native-untagged
1707 A native-untagged port resembles a native-tagged port,
1708 with the exception that a packet that egresses on a
1709 native-untagged port in the native VLAN will not have an
1710 802.1Q header.
1711 dot1q-tunnel
1713 A dot1q-tunnel port is somewhat like an access port. Like
1714 an access port, it carries packets on the single VLAN
1715 specified in the tag column and this VLAN, called the
1716 service VLAN, does not appear in an 802.1Q header for
1717 packets that ingress or egress on the port. The main dif‐
1718 ference lies in the behavior when packets that include a
1719 802.1Q header ingress on the port. Whereas an access port
1720 drops such packets, a dot1q-tunnel port treats these as
1721 double-tagged with the outer service VLAN tag and the
1722 inner customer VLAN taken from the 802.1Q header. Corre‐
1723 spondingly, to egress on the port, a packet outer VLAN
1724 (or only VLAN) must be tag, which is removed before
1725 egress, which exposes the inner (customer) VLAN if one is
1726 present.
1727 If cvlans is set, only allows packets in the specified
1729 customer VLANs.
1730 A packet will only egress through bridge ports that carry the VLAN of
1732 the packet, as described by the rules above.
1733 vlan_mode: optional string, one of access, dot1q-tunnel, native-tagged,
1735 native-untagged, or trunk
1736 The VLAN mode of the port, as described above. When this column
1737 is empty, a default mode is selected as follows:
1738 · If tag contains a value, the port is an access port. The
1740 trunks column should be empty.
1741 · Otherwise, the port is a trunk port. The trunks column
1743 value is honored if it is present.
1744 tag: optional integer, in range 0 to 4,095
1746 For an access port, the port’s implicitly tagged VLAN. For a
1747 native-tagged or native-untagged port, the port’s native VLAN.
1748 Must be empty if this is a trunk port.
1749 trunks: set of up to 4,096 integers, in range 0 to 4,095
1751 For a trunk, native-tagged, or native-untagged port, the 802.1Q
1752 VLAN or VLANs that this port trunks; if it is empty, then the
1753 port trunks all VLANs. Must be empty if this is an access port.
1754 A native-tagged or native-untagged port always trunks its native
1756 VLAN, regardless of whether trunks includes that VLAN.
1757 cvlans: set of up to 4,096 integers, in range 0 to 4,095
1759 For a dot1q-tunnel port, the customer VLANs that this port
1760 includes. If this is empty, the port includes all customer
1761 VLANs.
1762 For other kinds of ports, this setting is ignored.
1764 other_config : qinq-ethtype: optional string, either 802.1ad or 802.1q
1766 For a dot1q-tunnel port, this is the TPID for the service tag,
1767 that is, for the 802.1Q header that contains the service VLAN
1768 ID. Because packets that actually ingress and egress a dot1q-
1769 tunnel port do not include an 802.1Q header for the service
1770 VLAN, this does not affect packets on the dot1q-tunnel port
1771 itself. Rather, it determines the service VLAN for a packet that
1772 ingresses on a dot1q-tunnel port and egresses on a trunk port.
1773 The value 802.1ad specifies TPID 0x88a8, which is also the
1775 default if the setting is omitted. The value 802.1q specifies
1776 TPID 0x8100.
1777 For other kinds of ports, this setting is ignored.
1779 other_config : priority-tags: optional string, one of always,
1781 if-nonzero, or never
1782 An 802.1Q header contains two important pieces of information: a
1783 VLAN ID and a priority. A frame with a zero VLAN ID, called a
1784 ``priority-tagged’’ frame, is supposed to be treated the same
1785 way as a frame without an 802.1Q header at all (except for the
1786 priority).
1787 However, some network elements ignore any frame that has 802.1Q
1789 header at all, even when the VLAN ID is zero. Therefore, by
1790 default Open vSwitch does not output priority-tagged frames,
1791 instead omitting the 802.1Q header entirely if the VLAN ID is
1792 zero. Set this key to if-nonzero to enable priority-tagged
1793 frames on a port.
1794 For if-nonzero Open vSwitch omits the 802.1Q header on output if
1796 both the VLAN ID and priority would be zero. Set to always to
1797 retain the 802.1Q header in such frames as well.
1798 All frames output to native-tagged ports have a nonzero VLAN ID,
1800 so this setting is not meaningful on native-tagged ports.
1801 Bonding Configuration:
1803 A port that has more than one interface is a ``bonded port.’’ Bonding
1805 allows for load balancing and fail-over.
1806 The following types of bonding will work with any kind of upstream
1808 switch. On the upstream switch, do not configure the interfaces as a
1809 bond:
1810 balance-slb
1812 Balances flows among slaves based on source MAC address
1813 and output VLAN, with periodic rebalancing as traffic
1814 patterns change.
1815 active-backup
1817 Assigns all flows to one slave, failing over to a backup
1818 slave when the active slave is disabled. This is the only
1819 bonding mode in which interfaces may be plugged into dif‐
1820 ferent upstream switches.
1821 The following modes require the upstream switch to support 802.3ad with
1823 successful LACP negotiation. If LACP negotiation fails and other-con‐
1824 fig:lacp-fallback-ab is true, then active-backup mode is used:
1825 balance-tcp
1827 Balances flows among slaves based on L3 and L4 protocol
1828 information such as IP addresses and TCP/UDP ports.
1829 These columns apply only to bonded ports. Their values are otherwise
1831 ignored.
1832 bond_mode: optional string, one of active-backup, balance-slb, or bal‐
1834 ance-tcp
1835 The type of bonding used for a bonded port. Defaults to
1836 active-backup if unset.
1837 other_config : bond-hash-basis: optional string, containing an integer
1839 An integer hashed along with flows when choosing output slaves
1840 in load balanced bonds. When changed, all flows will be assigned
1841 different hash values possibly causing slave selection decisions
1842 to change. Does not affect bonding modes which do not employ
1843 load balancing such as active-backup.
1844 Link Failure Detection:
1846 An important part of link bonding is detecting that links are down so
1848 that they may be disabled. These settings determine how Open vSwitch
1849 detects link failure.
1850 other_config : bond-detect-mode: optional string, either carrier or
1852 miimon
1853 The means used to detect link failures. Defaults to carrier
1854 which uses each interface’s carrier to detect failures. When set
1855 to miimon, will check for failures by polling each interface’s
1856 MII.
1857 other_config : bond-miimon-interval: optional string, containing an
1859 integer
1860 The interval, in milliseconds, between successive attempts to
1861 poll each interface’s MII. Relevant only when other_config:bond-
1862 detect-mode is miimon.
1863 bond_updelay: integer
1865 The number of milliseconds for which the link must stay up on an
1866 interface before the interface is considered to be up. Specify 0
1867 to enable the interface immediately.
1868 This setting is honored only when at least one bonded interface
1870 is already enabled. When no interfaces are enabled, then the
1871 first bond interface to come up is enabled immediately.
1872 bond_downdelay: integer
1874 The number of milliseconds for which the link must stay down on
1875 an interface before the interface is considered to be down.
1876 Specify 0 to disable the interface immediately.
1877 LACP Configuration:
1879 LACP, the Link Aggregation Control Protocol, is an IEEE standard that
1881 allows switches to automatically detect that they are connected by mul‐
1882 tiple links and aggregate across those links. These settings control
1883 LACP behavior.
1884 lacp: optional string, one of active, off, or passive
1886 Configures LACP on this port. LACP allows directly connected
1887 switches to negotiate which links may be bonded. LACP may be
1888 enabled on non-bonded ports for the benefit of any switches they
1889 may be connected to. active ports are allowed to initiate LACP
1890 negotiations. passive ports are allowed to participate in LACP
1891 negotiations initiated by a remote switch, but not allowed to
1892 initiate such negotiations themselves. If LACP is enabled on a
1893 port whose partner switch does not support LACP, the bond will
1894 be disabled, unless other-config:lacp-fallback-ab is set to
1895 true. Defaults to off if unset.
1896 other_config : lacp-system-id: optional string
1898 The LACP system ID of this Port. The system ID of a LACP bond is
1899 used to identify itself to its partners. Must be a nonzero MAC
1900 address. Defaults to the bridge Ethernet address if unset.
1901 other_config : lacp-system-priority: optional string, containing an
1903 integer, in range 1 to 65,535
1904 The LACP system priority of this Port. In LACP negotiations,
1905 link status decisions are made by the system with the numeri‐
1906 cally lower priority.
1907 other_config : lacp-time: optional string, either fast or slow
1909 The LACP timing which should be used on this Port. By default
1910 slow is used. When configured to be fast LACP heartbeats are
1911 requested at a rate of once per second causing connectivity
1912 problems to be detected more quickly. In slow mode, heartbeats
1913 are requested at a rate of once every 30 seconds.
1914 other_config : lacp-fallback-ab: optional string, either true or false
1916 Determines the behavior of openvswitch bond in LACP mode. If the
1917 partner switch does not support LACP, setting this option to
1918 true allows openvswitch to fallback to active-backup. If the
1919 option is set to false, the bond will be disabled. In both the
1920 cases, once the partner switch is configured to LACP mode, the
1921 bond will use LACP.
1922 Rebalancing Configuration:
1924 These settings control behavior when a bond is in balance-slb or bal‐
1926 ance-tcp mode.
1927 other_config : bond-rebalance-interval: optional string, containing an
1929 integer, in range 0 to 10,000
1930 For a load balanced bonded port, the number of milliseconds
1931 between successive attempts to rebalance the bond, that is, to
1932 move flows from one interface on the bond to another in an
1933 attempt to keep usage of each interface roughly equal. If zero,
1934 load balancing is disabled on the bond (link failure still cause
1935 flows to move). If less than 1000ms, the rebalance interval will
1936 be 1000ms.
1937 bond_fake_iface: boolean
1939 For a bonded port, whether to create a fake internal interface
1940 with the name of the port. Use only for compatibility with
1941 legacy software that requires this.
1942 Spanning Tree Protocol:
1944 The configuration here is only meaningful, and the status is only popu‐
1946 lated, when 802.1D-1998 Spanning Tree Protocol is enabled on the port’s
1947 Bridge with its stp_enable column.
1948 STP Configuration:
1950 other_config : stp-enable: optional string, either true or false
1952 When STP is enabled on a bridge, it is enabled by default on all
1953 of the bridge’s ports except bond, internal, and mirror ports
1954 (which do not work with STP). If this column’s value is false,
1955 STP is disabled on the port.
1956 other_config : stp-port-num: optional string, containing an integer, in
1958 range 1 to 255
1959 The port number used for the lower 8 bits of the port-id. By
1960 default, the numbers will be assigned automatically. If any
1961 port’s number is manually configured on a bridge, then they must
1962 all be.
1963 other_config : stp-port-priority: optional string, containing an inte‐
1965 ger, in range 0 to 255
1966 The port’s relative priority value for determining the root port
1967 (the upper 8 bits of the port-id). A port with a lower port-id
1968 will be chosen as the root port. By default, the priority is
1969 0x80.
1970 other_config : stp-path-cost: optional string, containing an integer,
1972 in range 0 to 65,535
1973 Spanning tree path cost for the port. A lower number indicates a
1974 faster link. By default, the cost is based on the maximum speed
1975 of the link.
1976 STP Status:
1978 status : stp_port_id: optional string
1980 The port ID used in spanning tree advertisements for this port,
1981 as 4 hex digits. Configuring the port ID is described in the
1982 stp-port-num and stp-port-priority keys of the other_config sec‐
1983 tion earlier.
1984 status : stp_state: optional string, one of blocking, disabled, for‐
1986 warding, learning, or listening
1987 STP state of the port.
1988 status : stp_sec_in_state: optional string, containing an integer, at
1990 least 0
1991 The amount of time this port has been in the current STP state,
1992 in seconds.
1993 status : stp_role: optional string, one of alternate, designated, or
1995 root
1996 STP role of the port.
1997 Rapid Spanning Tree Protocol:
1999 The configuration here is only meaningful, and the status and statis‐
2001 tics are only populated, when 802.1D-1998 Spanning Tree Protocol is
2002 enabled on the port’s Bridge with its stp_enable column.
2003 RSTP Configuration:
2005 other_config : rstp-enable: optional string, either true or false
2007 When RSTP is enabled on a bridge, it is enabled by default on
2008 all of the bridge’s ports except bond, internal, and mirror
2009 ports (which do not work with RSTP). If this column’s value is
2010 false, RSTP is disabled on the port.
2011 other_config : rstp-port-priority: optional string, containing an inte‐
2013 ger, in range 0 to 240
2014 The port’s relative priority value for determining the root
2015 port, in multiples of 16. By default, the port priority is 0x80
2016 (128). Any value in the lower 4 bits is rounded off. The signif‐
2017 icant upper 4 bits become the upper 4 bits of the port-id. A
2018 port with the lowest port-id is elected as the root.
2019 other_config : rstp-port-num: optional string, containing an integer,
2021 in range 1 to 4,095
2022 The local RSTP port number, used as the lower 12 bits of the
2023 port-id. By default the port numbers are assigned automatically,
2024 and typically may not correspond to the OpenFlow port numbers. A
2025 port with the lowest port-id is elected as the root.
2026 other_config : rstp-port-path-cost: optional string, containing an
2028 integer
2029 The port path cost. The Port’s contribution, when it is the Root
2030 Port, to the Root Path Cost for the Bridge. By default the cost
2031 is automatically calculated from the port’s speed.
2032 other_config : rstp-port-admin-edge: optional string, either true or
2034 false
2035 The admin edge port parameter for the Port. Default is false.
2036 other_config : rstp-port-auto-edge: optional string, either true or
2038 false
2039 The auto edge port parameter for the Port. Default is true.
2040 other_config : rstp-port-mcheck: optional string, either true or false
2042 The mcheck port parameter for the Port. Default is false. May be
2043 set to force the Port Protocol Migration state machine to trans‐
2044 mit RST BPDUs for a MigrateTime period, to test whether all STP
2045 Bridges on the attached LAN have been removed and the Port can
2046 continue to transmit RSTP BPDUs. Setting mcheck has no effect if
2047 the Bridge is operating in STP Compatibility mode.
2048 Changing the value from true to false has no effect, but needs
2050 to be done if this behavior is to be triggered again by subse‐
2051 quently changing the value from false to true.
2052 RSTP Status:
2054 rstp_status : rstp_port_id: optional string
2056 The port ID used in spanning tree advertisements for this port,
2057 as 4 hex digits. Configuring the port ID is described in the
2058 rstp-port-num and rstp-port-priority keys of the other_config
2059 section earlier.
2060 rstp_status : rstp_port_role: optional string, one of Alternate,
2062 Backup, Designated, Disabled, or Root
2063 RSTP role of the port.
2064 rstp_status : rstp_port_state: optional string, one of Disabled, Dis‐
2066 carding, Forwarding, or Learning
2067 RSTP state of the port.
2068 rstp_status : rstp_designated_bridge_id: optional string
2070 The port’s RSTP designated bridge ID, in the same form as
2071 rstp_status:rstp_bridge_id in the Bridge table.
2072 rstp_status : rstp_designated_port_id: optional string
2074 The port’s RSTP designated port ID, as 4 hex digits.
2075 rstp_status : rstp_designated_path_cost: optional string, containing an
2077 integer
2078 The port’s RSTP designated path cost. Lower is better.
2079 RSTP Statistics:
2081 rstp_statistics : rstp_tx_count: optional integer
2083 Number of RSTP BPDUs transmitted through this port.
2084 rstp_statistics : rstp_rx_count: optional integer
2086 Number of valid RSTP BPDUs received by this port.
2087 rstp_statistics : rstp_error_count: optional integer
2089 Number of invalid RSTP BPDUs received by this port.
2090 rstp_statistics : rstp_uptime: optional integer
2092 The duration covered by the other RSTP statistics, in seconds.
2093 Multicast Snooping:
2095 other_config : mcast-snooping-flood: optional string, either true or
2097 false
2098 If set to true, multicast packets (except Reports) are uncondi‐
2099 tionally forwarded to the specific port.
2100 other_config : mcast-snooping-flood-reports: optional string, either
2102 true or false
2103 If set to true, multicast Reports are unconditionally forwarded
2104 to the specific port.
2105 Other Features:
2107 qos: optional QoS
2109 Quality of Service configuration for this port.
2110 mac: optional string
2112 The MAC address to use for this port for the purpose of choosing
2113 the bridge’s MAC address. This column does not necessarily
2114 reflect the port’s actual MAC address, nor will setting it
2115 change the port’s actual MAC address.
2116 fake_bridge: boolean
2118 Does this port represent a sub-bridge for its tagged VLAN within
2119 the Bridge? See ovs-vsctl(8) for more information.
2120 protected: boolean
2122 The protected ports feature allows certain ports to be desig‐
2123 nated as protected. Traffic between protected ports is blocked.
2124 Protected ports can send traffic to unprotected ports. Unpro‐
2125 tected ports can send traffic to any port. Default is false.
2126 external_ids : fake-bridge-id-*: optional string
2128 External IDs for a fake bridge (see the fake_bridge column) are
2129 defined by prefixing a Bridge external_ids key with
2130 fake-bridge-, e.g. fake-bridge-xs-network-uuids.
2131 other_config : transient: optional string, either true or false
2133 If set to true, the port will be removed when ovs-ctl start
2134 --delete-transient-ports is used.
2135 bond_active_slave: optional string
2137 For a bonded port, record the mac address of the current active
2138 slave.
2139 Port Statistics:
2141 Key-value pairs that report port statistics. The update period is con‐
2143 trolled by other_config:stats-update-interval in the Open_vSwitch ta‐
2144 ble.
2145 Statistics: STP transmit and receive counters:
2147 statistics : stp_tx_count: optional integer
2149 Number of STP BPDUs sent on this port by the spanning tree
2150 library.
2151 statistics : stp_rx_count: optional integer
2153 Number of STP BPDUs received on this port and accepted by the
2154 spanning tree library.
2155 statistics : stp_error_count: optional integer
2157 Number of bad STP BPDUs received on this port. Bad BPDUs include
2158 runt packets and those with an unexpected protocol ID.
2159 Common Columns:
2161 The overall purpose of these columns is described under Common Columns
2163 at the beginning of this document.
2164 other_config: map of string-string pairs
2166 external_ids: map of string-string pairs
2168
2170 An interface within a Port.
2171 Summary:
2173 Core Features:
2174 name immutable string (must be unique within
2175 table)
2176 ifindex optional integer, in range 0 to
2177 4,294,967,295
2178 mac_in_use optional string
2179 mac optional string
2180 error optional string
2181 OpenFlow Port Number:
2182 ofport optional integer
2183 ofport_request optional integer, in range 1 to 65,279
2184 System-Specific Details:
2185 type string
2186 Tunnel Options:
2187 options : remote_ip optional string
2188 options : local_ip optional string
2189 options : in_key optional string
2190 options : out_key optional string
2191 options : dst_port optional string
2192 options : key optional string
2193 options : tos optional string
2194 options : ttl optional string
2195 options : df_default optional string, either true or false
2196 options : egress_pkt_mark optional string
2197 Tunnel Options: lisp only:
2198 options : packet_type optional string, either legacy_l3 or ptap
2199 Tunnel Options: vxlan only:
2200 options : exts optional string
2201 options : packet_type optional string, one of legacy_l2,
2202 legacy_l3, or ptap
2203 Tunnel Options: gre only:
2204 options : packet_type optional string, one of legacy_l2,
2205 legacy_l3, or ptap
2206 options : seq optional string, either true or false
2207 Tunnel Options: gre, ip6gre, geneve, and vxlan:
2208 options : csum optional string, either true or false
2209 Tunnel Options: IPsec:
2210 options : psk optional string
2211 options : remote_cert optional string
2212 options : remote_name optional string
2213 Tunnel Options: erspan only:
2214 options : erspan_idx optional string
2215 options : erspan_ver optional string
2216 options : erspan_dir optional string
2217 options : erspan_hwid optional string
2218 Patch Options:
2219 options : peer optional string
2220 PMD (Poll Mode Driver) Options:
2221 options : n_rxq optional string, containing an integer,
2222 at least 1
2223 options : dpdk-devargs optional string
2224 other_config : pmd-rxq-affinity
2225 optional string
2226 other_config : xdpmode optional string, either drv or skb
2227 options : vhost-server-path
2228 optional string
2229 options : dq-zero-copy optional string, either true or false
2230 options : tx-retries-max optional string, containing an integer,
2231 in range 0 to 32
2232 options : n_rxq_desc optional string, containing an integer,
2233 in range 1 to 4,096
2234 options : n_txq_desc optional string, containing an integer,
2235 in range 1 to 4,096
2236 EMC (Exact Match Cache) Configuration:
2237 other_config : emc-enable optional string, either true or false
2238 MTU:
2239 mtu optional integer
2240 mtu_request optional integer, at least 1
2241 Interface Status:
2242 admin_state optional string, either down or up
2243 link_state optional string, either down or up
2244 link_resets optional integer
2245 link_speed optional integer
2246 duplex optional string, either full or half
2247 lacp_current optional boolean
2248 status map of string-string pairs
2249 status : driver_name optional string
2250 status : driver_version optional string
2251 status : firmware_version optional string
2252 status : source_ip optional string
2253 status : tunnel_egress_iface
2254 optional string
2255 status : tunnel_egress_iface_carrier
2256 optional string, either down or up
2257 dpdk:
2258 status : port_no optional string
2259 status : numa_id optional string
2260 status : min_rx_bufsize optional string
2261 status : max_rx_pktlen optional string
2262 status : max_rx_queues optional string
2263 status : max_tx_queues optional string
2264 status : max_mac_addrs optional string
2265 status : max_hash_mac_addrs
2266 optional string
2267 status : max_vfs optional string
2268 status : max_vmdq_pools optional string
2269 status : if_type optional string
2270 status : if_descr optional string
2271 status : pci-vendor_id optional string
2272 status : pci-device_id optional string
2273 Statistics:
2274 Statistics: Successful transmit and receive counters:
2275 statistics : rx_packets optional integer
2276 statistics : rx_bytes optional integer
2277 statistics : tx_packets optional integer
2278 statistics : tx_bytes optional integer
2279 Statistics: Receive errors:
2280 statistics : rx_dropped optional integer
2281 statistics : rx_frame_err
2282 optional integer
2283 statistics : rx_over_err optional integer
2284 statistics : rx_crc_err optional integer
2285 statistics : rx_errors optional integer
2286 Statistics: Transmit errors:
2287 statistics : tx_dropped optional integer
2288 statistics : collisions optional integer
2289 statistics : tx_errors optional integer
2290 Ingress Policing:
2291 ingress_policing_rate integer, at least 0
2292 ingress_policing_burst integer, at least 0
2293 Bidirectional Forwarding Detection (BFD):
2294 BFD Configuration:
2295 bfd : enable optional string, either true or false
2296 bfd : min_rx optional string, containing an integer,
2297 at least 1
2298 bfd : min_tx optional string, containing an integer,
2299 at least 1
2300 bfd : decay_min_rx optional string, containing an integer
2301 bfd : forwarding_if_rx optional string, either true or false
2302 bfd : cpath_down optional string, either true or false
2303 bfd : check_tnl_key optional string, either true or false
2304 bfd : bfd_local_src_mac optional string
2305 bfd : bfd_local_dst_mac optional string
2306 bfd : bfd_remote_dst_mac optional string
2307 bfd : bfd_src_ip optional string
2308 bfd : bfd_dst_ip optional string
2309 bfd : oam optional string
2310 bfd : mult optional string, containing an integer,
2311 in range 1 to 255
2312 BFD Status:
2313 bfd_status : state optional string, one of admin_down, down,
2314 init, or up
2315 bfd_status : forwarding optional string, either true or false
2316 bfd_status : diagnostic optional string
2317 bfd_status : remote_state
2318 optional string, one of admin_down, down,
2319 init, or up
2320 bfd_status : remote_diagnostic
2321 optional string
2322 bfd_status : flap_count optional string, containing an integer,
2323 at least 0
2324 Connectivity Fault Management:
2325 cfm_mpid optional integer
2326 cfm_flap_count optional integer
2327 cfm_fault optional boolean
2328 cfm_fault_status : recv none
2329 cfm_fault_status : rdi none
2330 cfm_fault_status : maid none
2331 cfm_fault_status : loopback
2332 none
2333 cfm_fault_status : overflow
2334 none
2335 cfm_fault_status : override
2336 none
2337 cfm_fault_status : interval
2338 none
2339 cfm_remote_opstate optional string, either down or up
2340 cfm_health optional integer, in range 0 to 100
2341 cfm_remote_mpids set of integers
2342 other_config : cfm_interval
2343 optional string, containing an integer
2344 other_config : cfm_extended
2345 optional string, either true or false
2346 other_config : cfm_demand optional string, either true or false
2347 other_config : cfm_opstate optional string, either down or up
2348 other_config : cfm_ccm_vlan
2349 optional string, containing an integer,
2350 in range 1 to 4,095
2351 other_config : cfm_ccm_pcp optional string, containing an integer,
2352 in range 1 to 7
2353 Bonding Configuration:
2354 other_config : lacp-port-id
2355 optional string, containing an integer,
2356 in range 1 to 65,535
2357 other_config : lacp-port-priority
2358 optional string, containing an integer,
2359 in range 1 to 65,535
2360 other_config : lacp-aggregation-key
2361 optional string, containing an integer,
2362 in range 1 to 65,535
2363 Virtual Machine Identifiers:
2364 external_ids : attached-mac
2365 optional string
2366 external_ids : iface-id optional string
2367 external_ids : iface-status
2368 optional string, either active or inac‐
2369 tive
2370 external_ids : xs-vif-uuid optional string
2371 external_ids : xs-network-uuid
2372 optional string
2373 external_ids : vm-id optional string
2374 external_ids : xs-vm-uuid optional string
2375 Auto Attach Configuration:
2376 lldp : enable optional string, either true or false
2377 Flow control Configuration:
2378 options : rx-flow-ctrl optional string, either true or false
2379 options : tx-flow-ctrl optional string, either true or false
2380 options : flow-ctrl-autoneg
2381 optional string, either true or false
2382 Link State Change detection mode:
2383 options : dpdk-lsc-interrupt
2384 optional string, either true or false
2385 Common Columns:
2386 other_config map of string-string pairs
2387 external_ids map of string-string pairs
2388 Details:
2390 Core Features:
2391 name: immutable string (must be unique within table)
2393 Interface name. Should be alphanumeric. For non-bonded port,
2394 this should be the same as the port name. It must otherwise be
2395 unique among the names of ports, interfaces, and bridges on a
2396 host.
2397 The maximum length of an interface name depends on the underly‐
2399 ing datapath:
2400 · The names of interfaces implemented as Linux and BSD net‐
2402 work devices, including interfaces with type internal,
2403 tap, or system plus the different types of tunnel ports,
2404 are limited to 15 bytes. Windows limits these names to
2405 255 bytes.
2406 · The names of patch ports are not used in the underlying
2408 datapath, so operating system restrictions do not apply.
2409 Thus, they may have arbitrary length.
2410 Regardless of other restrictions, OpenFlow only supports 15-byte
2412 names, which means that ovs-ofctl and OpenFlow controllers will
2413 show names truncated to 15 bytes.
2414 ifindex: optional integer, in range 0 to 4,294,967,295
2416 A positive interface index as defined for SNMP MIB-II in RFCs
2417 1213 and 2863, if the interface has one, otherwise 0. The
2418 ifindex is useful for seamless integration with protocols such
2419 as SNMP and sFlow.
2420 mac_in_use: optional string
2422 The MAC address in use by this interface.
2423 mac: optional string
2425 Ethernet address to set for this interface. If unset then the
2426 default MAC address is used:
2427 · For the local interface, the default is the lowest-num‐
2429 bered MAC address among the other bridge ports, either
2430 the value of the mac in its Port record, if set, or its
2431 actual MAC (for bonded ports, the MAC of its slave whose
2432 name is first in alphabetical order). Internal ports and
2433 bridge ports that are used as port mirroring destinations
2434 (see the Mirror table) are ignored.
2435 · For other internal interfaces, the default MAC is ran‐
2437 domly generated.
2438 · External interfaces typically have a MAC address associ‐
2440 ated with their hardware.
2441 Some interfaces may not have a software-controllable MAC
2443 address. This option only affects internal ports. For other type
2444 ports, you can change the MAC address outside Open vSwitch,
2445 using ip command.
2446 error: optional string
2448 If the configuration of the port failed, as indicated by -1 in
2449 ofport, Open vSwitch sets this column to an error description in
2450 human readable form. Otherwise, Open vSwitch clears this column.
2451 OpenFlow Port Number:
2453 When a client adds a new interface, Open vSwitch chooses an OpenFlow
2455 port number for the new port. If the client that adds the port fills in
2456 ofport_request, then Open vSwitch tries to use its value as the Open‐
2457 Flow port number. Otherwise, or if the requested port number is already
2458 in use or cannot be used for another reason, Open vSwitch automatically
2459 assigns a free port number. Regardless of how the port number was
2460 obtained, Open vSwitch then reports in ofport the port number actually
2461 assigned.
2462 Open vSwitch limits the port numbers that it automatically assigns to
2464 the range 1 through 32,767, inclusive. Controllers therefore have free
2465 use of ports 32,768 and up.
2466 ofport: optional integer
2468 OpenFlow port number for this interface. Open vSwitch sets this
2469 column’s value, so other clients should treat it as read-only.
2470 The OpenFlow ``local’’ port (OFPP_LOCAL) is 65,534. The other
2472 valid port numbers are in the range 1 to 65,279, inclusive.
2473 Value -1 indicates an error adding the interface.
2474 ofport_request: optional integer, in range 1 to 65,279
2476 Requested OpenFlow port number for this interface.
2477 A client should ideally set this column’s value in the same
2479 database transaction that it uses to create the interface. Open
2480 vSwitch version 2.1 and later will honor a later request for a
2481 specific port number, althuogh it might confuse some con‐
2482 trollers: OpenFlow does not have a way to announce a port number
2483 change, so Open vSwitch represents it over OpenFlow as a port
2484 deletion followed immediately by a port addition.
2485 If ofport_request is set or changed to some other port’s auto‐
2487 matically assigned port number, Open vSwitch chooses a new port
2488 number for the latter port.
2489 System-Specific Details:
2491 type: string
2493 The interface type. The types supported by a particular instance
2494 of Open vSwitch are listed in the iface_types column in the
2495 Open_vSwitch table. The following types are defined:
2496 system An ordinary network device, e.g. eth0 on Linux. Sometimes
2498 referred to as ``external interfaces’’ since they are
2499 generally connected to hardware external to that on which
2500 the Open vSwitch is running. The empty string is a syn‐
2501 onym for system.
2502 internal
2504 A simulated network device that sends and receives traf‐
2505 fic. An internal interface whose name is the same as its
2506 bridge’s name is called the ``local interface.’’ It does
2507 not make sense to bond an internal interface, so the
2508 terms ``port’’ and ``interface’’ are often used impre‐
2509 cisely for internal interfaces.
2510 tap A TUN/TAP device managed by Open vSwitch.
2512 Open vSwitch checks the interface state before send pack‐
2514 ets to the device. When it is down, the packets are
2515 dropped and the tx_dropped statistic is updated accord‐
2516 ingly. Older versions of Open vSwitch did not check the
2517 interface state and then the tx_packets was incremented
2518 along with tx_dropped.
2519 geneve An Ethernet over Geneve
2521 (http://tools.ietf.org/html/draft-ietf-nvo3-geneve)
2522 IPv4/IPv6 tunnel. A description of how to match and set
2523 Geneve options can be found in the ovs-ofctl manual page.
2524 gre Generic Routing Encapsulation (GRE) over IPv4 tunnel,
2526 configurable to encapsulate layer 2 or layer 3 traffic.
2527 ip6gre Generic Routing Encapsulation (GRE) over IPv6 tunnel,
2529 encapsulate layer 2 traffic.
2530 vxlan An Ethernet tunnel over the UDP-based VXLAN protocol
2532 described in RFC 7348.
2533 Open vSwitch uses IANA-assigned UDP destination port
2535 4789. The source port used for VXLAN traffic varies on a
2536 per-flow basis and is in the ephemeral port range.
2537 lisp A layer 3 tunnel over the experimental, UDP-based Loca‐
2539 tor/ID Separation Protocol (RFC 6830).
2540 Only IPv4 and IPv6 packets are supported by the protocol,
2542 and they are sent and received without an Ethernet
2543 header. Traffic to/from LISP ports is expected to be con‐
2544 figured explicitly, and the ports are not intended to
2545 participate in learning based switching. As such, they
2546 are always excluded from packet flooding.
2547 stt The Stateless TCP Tunnel (STT) is particularly useful
2549 when tunnel endpoints are in end-systems, as it utilizes
2550 the capabilities of standard network interface cards to
2551 improve performance. STT utilizes a TCP-like header
2552 inside the IP header. It is stateless, i.e., there is no
2553 TCP connection state of any kind associated with the tun‐
2554 nel. The TCP-like header is used to leverage the capabil‐
2555 ities of existing network interface cards, but should not
2556 be interpreted as implying any sort of connection state
2557 between endpoints. Since the STT protocol does not engage
2558 in the usual TCP 3-way handshake, so it will have diffi‐
2559 culty traversing stateful firewalls. The protocol is doc‐
2560 umented at https://tools.ietf.org/html/draft-davie-stt
2561 All traffic uses a default destination port of 7471.
2562 patch A pair of virtual devices that act as a patch cable.
2564 Tunnel Options:
2566 These options apply to interfaces with type of geneve, gre, ip6gre,
2568 vxlan, lisp and stt.
2569 Each tunnel must be uniquely identified by the combination of type,
2571 options:remote_ip, options:local_ip, and options:in_key. If two ports
2572 are defined that are the same except one has an optional identifier and
2573 the other does not, the more specific one is matched first.
2574 options:in_key is considered more specific than options:local_ip if a
2575 port defines one and another port defines the other.
2576 options : remote_ip: optional string
2578 Required. The remote tunnel endpoint, one of:
2579 · An IPv4 or IPv6 address (not a DNS name), e.g.
2581 192.168.0.123. Only unicast endpoints are supported.
2582 · The word flow. The tunnel accepts packets from any remote
2584 tunnel endpoint. To process only packets from a specific
2585 remote tunnel endpoint, the flow entries may match on the
2586 tun_src or tun_ipv6_srcfield. When sending packets to a
2587 remote_ip=flow tunnel, the flow actions must explicitly
2588 set the tun_dst or tun_ipv6_dst field to the IP address
2589 of the desired remote tunnel endpoint, e.g. with a
2590 set_field action.
2591 The remote tunnel endpoint for any packet received from a tunnel
2593 is available in the tun_src field for matching in the flow ta‐
2594 ble.
2595 options : local_ip: optional string
2597 Optional. The tunnel destination IP that received packets must
2598 match. Default is to match all addresses. If specified, may be
2599 one of:
2600 · An IPv4/IPv6 address (not a DNS name), e.g. 192.168.12.3.
2602 · The word flow. The tunnel accepts packets sent to any of
2604 the local IP addresses of the system running OVS. To
2605 process only packets sent to a specific IP address, the
2606 flow entries may match on the tun_dst or tun_ipv6_dst
2607 field. When sending packets to a local_ip=flow tunnel,
2608 the flow actions may explicitly set the tun_src or
2609 tun_ipv6_src field to the desired IP address, e.g. with a
2610 set_field action. However, while routing the tunneled
2611 packet out, the local system may override the specified
2612 address with the local IP address configured for the out‐
2613 going system interface.
2614 This option is valid only for tunnels also configured
2616 with the remote_ip=flow option.
2617 The tunnel destination IP address for any packet received from a
2619 tunnel is available in the tun_dst or tun_ipv6_dst field for
2620 matching in the flow table.
2621 options : in_key: optional string
2623 Optional. The key that received packets must contain, one of:
2624 · 0. The tunnel receives packets with no key or with a key
2626 of 0. This is equivalent to specifying no options:in_key
2627 at all.
2628 · A positive 24-bit (for Geneve, VXLAN, and LISP), 32-bit
2630 (for GRE) or 64-bit (for STT) number. The tunnel receives
2631 only packets with the specified key.
2632 · The word flow. The tunnel accepts packets with any key.
2634 The key will be placed in the tun_id field for matching
2635 in the flow table. The ovs-fields(7) manual page contains
2636 additional information about matching fields in OpenFlow
2637 flows.
2638 options : out_key: optional string
2640 Optional. The key to be set on outgoing packets, one of:
2641 · 0. Packets sent through the tunnel will have no key. This
2643 is equivalent to specifying no options:out_key at all.
2644 · A positive 24-bit (for Geneve, VXLAN and LISP), 32-bit
2646 (for GRE) or 64-bit (for STT) number. Packets sent
2647 through the tunnel will have the specified key.
2648 · The word flow. Packets sent through the tunnel will have
2650 the key set using the set_tunnel Nicira OpenFlow vendor
2651 extension (0 is used in the absence of an action). The
2652 ovs-fields(7) manual page contains additional information
2653 about the Nicira OpenFlow vendor extensions.
2654 options : dst_port: optional string
2656 Optional. The tunnel transport layer destination port, for UDP
2657 and TCP based tunnel protocols (Geneve, VXLAN, LISP, and STT).
2658 options : key: optional string
2660 Optional. Shorthand to set in_key and out_key at the same time.
2661 options : tos: optional string
2663 Optional. The value of the ToS bits to be set on the encapsulat‐
2664 ing packet. ToS is interpreted as DSCP and ECN bits, ECN part
2665 must be zero. It may also be the word inherit, in which case the
2666 ToS will be copied from the inner packet if it is IPv4 or IPv6
2667 (otherwise it will be 0). The ECN fields are always inherited.
2668 Default is 0.
2669 options : ttl: optional string
2671 Optional. The TTL to be set on the encapsulating packet. It may
2672 also be the word inherit, in which case the TTL will be copied
2673 from the inner packet if it is IPv4 or IPv6 (otherwise it will
2674 be the system default, typically 64). Default is the system
2675 default TTL.
2676 options : df_default: optional string, either true or false
2678 Optional. If enabled, the Don’t Fragment bit will be set on tun‐
2679 nel outer headers to allow path MTU discovery. Default is
2680 enabled; set to false to disable.
2681 options : egress_pkt_mark: optional string
2683 Optional. The pkt_mark to be set on the encapsulating packet.
2684 This option sets packet mark for the tunnel endpoint for all
2685 tunnel packets including tunnel monitoring.
2686 Tunnel Options: lisp only:
2688 options : packet_type: optional string, either legacy_l3 or ptap
2690 A LISP tunnel sends and receives only IPv4 and IPv6 packets.
2691 This option controls what how the tunnel represents the packets
2692 that it sends and receives:
2693 · By default, or if this option is legacy_l3, the tunnel
2695 represents packets as Ethernet frames for compatibility
2696 with legacy OpenFlow controllers that expect this behav‐
2697 ior.
2698 · If this option is ptap, the tunnel represents packets
2700 using the packet_type mechanism introduced in OpenFlow
2701 1.5.
2702 Tunnel Options: vxlan only:
2704 options : exts: optional string
2706 Optional. Comma separated list of optional VXLAN extensions to
2707 enable. The following extensions are supported:
2708 · gbp: VXLAN-GBP allows to transport the group policy con‐
2710 text of a packet across the VXLAN tunnel to other network
2711 peers. See the description of tun_gbp_id and
2712 tun_gbp_flags in ovs-fields(7) for additional informa‐
2713 tion.
2714 (https://tools.ietf.org/html/draft-smith-vxlan-group-pol‐
2715 icy)
2716 · gpe: Support for Generic Protocol Encapsulation in accor‐
2718 dance with IETF draft
2719 https://tools.ietf.org/html/draft-ietf-nvo3-vxlan-gpe.
2720 Without this option, a VXLAN packet always encapsulates
2721 an Ethernet frame. With this option, an VXLAN packet may
2722 also encapsulate an IPv4, IPv6, NSH, or MPLS packet.
2723 options : packet_type: optional string, one of legacy_l2, legacy_l3, or
2725 ptap
2726 This option controls what types of packets the tunnel sends and
2727 receives and how it represents them:
2728 · By default, or if this option is legacy_l2, the tunnel
2730 sends and receives only Ethernet frames.
2731 · If this option is legacy_l3, the tunnel sends and
2733 receives only non-Ethernet (L3) packet, but the packets
2734 are represented as Ethernet frames for compatibility with
2735 legacy OpenFlow controllers that expect this behavior.
2736 This requires enabling gpe in options:exts.
2737 · If this option is ptap, Open vSwitch represents packets
2739 in the tunnel using the packet_type mechanism introduced
2740 in OpenFlow 1.5. This mechanism supports any kind of
2741 packet, but actually sending and receiving non-Ethernet
2742 packets requires additionally enabling gpe in
2743 options:exts.
2744 Tunnel Options: gre only:
2746 gre interfaces support these options.
2748 options : packet_type: optional string, one of legacy_l2, legacy_l3, or
2750 ptap
2751 This option controls what types of packets the tunnel sends and
2752 receives and how it represents them:
2753 · By default, or if this option is legacy_l2, the tunnel
2755 sends and receives only Ethernet frames.
2756 · If this option is legacy_l3, the tunnel sends and
2758 receives only non-Ethernet (L3) packet, but the packets
2759 are represented as Ethernet frames for compatibility with
2760 legacy OpenFlow controllers that expect this behavior.
2761 · The legacy_l3 option is only available via the user space
2763 datapath. The OVS kernel datapath does not support
2764 devices of type ARPHRD_IPGRE which is the requirement for
2765 legacy_l3 type packets.
2766 · If this option is ptap, the tunnel sends and receives any
2768 kind of packet. Open vSwitch represents packets in the
2769 tunnel using the packet_type mechanism introduced in
2770 OpenFlow 1.5.
2771 options : seq: optional string, either true or false
2773 Optional. A 4-byte sequence number field for GRE tunnel only.
2774 Default is disabled, set to true to enable. Sequence number is
2775 incremented by one on each outgoing packet.
2776 Tunnel Options: gre, ip6gre, geneve, and vxlan:
2778 gre, ip6gre, geneve, and vxlan interfaces support these options.
2780 options : csum: optional string, either true or false
2782 Optional. Compute encapsulation header (either GRE or UDP)
2783 checksums on outgoing packets. Default is disabled, set to true
2784 to enable. Checksums present on incoming packets will be vali‐
2785 dated regardless of this setting.
2786 When using the upstream Linux kernel module, computation of
2788 checksums for geneve and vxlan requires Linux kernel version 4.0
2789 or higher. gre and ip6gre support checksums for all versions of
2790 Open vSwitch that support GRE. The out of tree kernel module
2791 distributed as part of OVS can compute all tunnel checksums on
2792 any kernel version that it is compatible with.
2793 Tunnel Options: IPsec:
2795 Setting any of these options enables IPsec support for a given tunnel.
2797 gre, ip6gre, geneve, vxlan and stt interfaces support these options.
2798 See the IPsec section in the Open_vSwitch table for a description of
2799 each mode.
2800 options : psk: optional string
2802 In PSK mode only, the preshared secret to negotiate tunnel. This
2803 value must match on both tunnel ends.
2804 options : remote_cert: optional string
2806 In self-signed certificate mode only, name of a PEM file con‐
2807 taining a certificate of the remote switch. The certificate must
2808 be x.509 version 3 and with the string in common name (CN) also
2809 set in the subject alternative name (SAN).
2810 options : remote_name: optional string
2812 In CA-signed certificate mode only, common name (CN) of the
2813 remote certificate.
2814 Tunnel Options: erspan only:
2816 Only erspan interfaces support these options.
2818 options : erspan_idx: optional string
2820 20 bit index/port number associated with the ERSPAN traffic’s
2821 source port and direction (ingress/egress). This field is plat‐
2822 form dependent.
2823 options : erspan_ver: optional string
2825 ERSPAN version: 1 for version 1 (type II) or 2 for version 2
2826 (type III).
2827 options : erspan_dir: optional string
2829 Specifies the ERSPAN v2 mirrored traffic’s direction. 1 for
2830 egress traffic, and 0 for ingress traffic.
2831 options : erspan_hwid: optional string
2833 ERSPAN hardware ID is a 6-bit unique identifier of an ERSPAN v2
2834 engine within a system.
2835 Patch Options:
2837 These options apply only to patch ports, that is, interfaces whose type
2839 column is patch. Patch ports are mainly a way to connect otherwise
2840 independent bridges to one another, similar to how one might plug an
2841 Ethernet cable (a ``patch cable’’) into two physical switches to con‐
2842 nect those switches. The effect of plugging a patch port into two
2843 switches is conceptually similar to that of plugging the two ends of a
2844 Linux veth device into those switches, but the implementation of patch
2845 ports makes them much more efficient.
2846 Patch ports may connect two different bridges (the usual case) or the
2848 same bridge. In the latter case, take special care to avoid loops, e.g.
2849 by programming appropriate flows with OpenFlow. Patch ports do not work
2850 if its ends are attached to bridges on different datapaths, e.g. to
2851 connect bridges in system and netdev datapaths.
2852 The following command creates and connects patch ports p0 and p1 and
2854 adds them to bridges br0 and br1, respectively:
2855 ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
2857 -- add-port br1 p1 -- set Interface p1 type=patch options:peer=p0
2858 options : peer: optional string
2861 The name of the Interface for the other side of the patch. The
2862 named Interface’s own peer option must specify this Interface’s
2863 name. That is, the two patch interfaces must have reversed name
2864 and peer values.
2865 PMD (Poll Mode Driver) Options:
2867 Only PMD netdevs support these options.
2869 options : n_rxq: optional string, containing an integer, at least 1
2871 Specifies the maximum number of rx queues to be created for PMD
2872 netdev. If not specified or specified to 0, one rx queue will be
2873 created by default. Not supported by DPDK vHost interfaces.
2874 options : dpdk-devargs: optional string
2876 Specifies the PCI address associated with the port for physical
2877 devices, or the virtual driver to be used for the port when a
2878 virtual PMD is intended to be used. For the latter, the argument
2879 string typically takes the form of eth_driver_namex, where
2880 driver_name is a valid virtual DPDK PMD driver name and x is a
2881 unique identifier of your choice for the given port. Only sup‐
2882 ported by the dpdk port type.
2883 other_config : pmd-rxq-affinity: optional string
2885 Specifies mapping of RX queues of this interface to CPU cores.
2886 Value should be set in the following form:
2888 other_config:pmd-rxq-affinity=<rxq-affinity-list>
2890 where
2892 · <rxq-affinity-list> ::= NULL | <non-empty-list>
2894 · <non-empty-list> ::= <affinity-pair> | <affinity-pair> ,
2896 <non-empty-list>
2897 · <affinity-pair> ::= <queue-id> : <core-id>
2899 other_config : xdpmode: optional string, either drv or skb
2901 Specifies the operational mode of the XDP program. If "drv", the
2902 XDP program is loaded into the device driver with zero-copy RX
2903 and TX enabled. This mode requires device driver with AF_XDP
2904 support and has the best performance. If "skb", the XDP program
2905 is using generic XDP mode in kernel with extra data copying
2906 between userspace and kernel. No device driver support is
2907 needed. Note that this is afxdp netdev type only. Defaults to
2908 "skb" mode.
2909 options : vhost-server-path: optional string
2911 The value specifies the path to the socket associated with a
2912 vHost User client mode device that has been or will be created
2913 by QEMU. Only supported by dpdkvhostuserclient interfaces.
2914 options : dq-zero-copy: optional string, either true or false
2916 The value specifies whether or not to enable dequeue zero copy
2917 on the given interface. Must be set before vhost-server-path is
2918 specified. Only supported by dpdkvhostuserclient interfaces. The
2919 feature is considered experimental.
2920 options : tx-retries-max: optional string, containing an integer, in
2922 range 0 to 32
2923 The value specifies the maximum amount of vhost tx retries that
2924 can be made while trying to send a batch of packets to an inter‐
2925 face. Only supported by dpdkvhostuserclient interfaces.
2926 Default value is 8.
2928 options : n_rxq_desc: optional string, containing an integer, in range
2930 1 to 4,096
2931 Specifies the rx queue size (number rx descriptors) for dpdk
2932 ports. The value must be a power of 2, less than 4096 and sup‐
2933 ported by the hardware of the device being configured. If not
2934 specified or an incorrect value is specified, 2048 rx descrip‐
2935 tors will be used by default.
2936 options : n_txq_desc: optional string, containing an integer, in range
2938 1 to 4,096
2939 Specifies the tx queue size (number tx descriptors) for dpdk
2940 ports. The value must be a power of 2, less than 4096 and sup‐
2941 ported by the hardware of the device being configured. If not
2942 specified or an incorrect value is specified, 2048 tx descrip‐
2943 tors will be used by default.
2944 EMC (Exact Match Cache) Configuration:
2946 These settings controls behaviour of EMC lookups/insertions for packets
2948 received from the interface.
2949 other_config : emc-enable: optional string, either true or false
2951 Specifies if Exact Match Cache (EMC) should be used while pro‐
2952 cessing packets received from this interface. If true,
2953 other_config:emc-insert-inv-prob will have effect on this inter‐
2954 face.
2955 Defaults to true.
2957 MTU:
2959 The MTU (maximum transmission unit) is the largest amount of data that
2961 can fit into a single Ethernet frame. The standard Ethernet MTU is 1500
2962 bytes. Some physical media and many kinds of virtual interfaces can be
2963 configured with higher MTUs.
2964 A client may change an interface MTU by filling in mtu_request. Open
2966 vSwitch then reports in mtu the currently configured value.
2967 mtu: optional integer
2969 The currently configured MTU for the interface.
2970 This column will be empty for an interface that does not have an
2972 MTU as, for example, some kinds of tunnels do not.
2973 Open vSwitch sets this column’s value, so other clients should
2975 treat it as read-only.
2976 mtu_request: optional integer, at least 1
2978 Requested MTU (Maximum Transmission Unit) for the interface. A
2979 client can fill this column to change the MTU of an interface.
2980 RFC 791 requires every internet module to be able to forward a
2982 datagram of 68 octets without further fragmentation. The maximum
2983 size of an IP packet is 65535 bytes.
2984 If this is not set and if the interface has internal type, Open
2986 vSwitch will change the MTU to match the minimum of the other
2987 interfaces in the bridge.
2988 Interface Status:
2990 Status information about interfaces attached to bridges, updated every
2992 5 seconds. Not all interfaces have all of these properties; virtual
2993 interfaces don’t have a link speed, for example. Non-applicable columns
2994 will have empty values.
2995 admin_state: optional string, either down or up
2997 The administrative state of the physical network link.
2998 link_state: optional string, either down or up
3000 The observed state of the physical network link. This is ordi‐
3001 narily the link’s carrier status. If the interface’s Port is a
3002 bond configured for miimon monitoring, it is instead the network
3003 link’s miimon status.
3004 link_resets: optional integer
3006 The number of times Open vSwitch has observed the link_state of
3007 this Interface change.
3008 link_speed: optional integer
3010 The negotiated speed of the physical network link. Valid values
3011 are positive integers greater than 0.
3012 duplex: optional string, either full or half
3014 The duplex mode of the physical network link.
3015 lacp_current: optional boolean
3017 Boolean value indicating LACP status for this interface. If
3018 true, this interface has current LACP information about its LACP
3019 partner. This information may be used to monitor the health of
3020 interfaces in a LACP enabled port. This column will be empty if
3021 LACP is not enabled.
3022 status: map of string-string pairs
3024 Key-value pairs that report port status. Supported status values
3025 are type-dependent; some interfaces may not have a valid sta‐
3026 tus:driver_name, for example.
3027 status : driver_name: optional string
3029 The name of the device driver controlling the network adapter.
3030 status : driver_version: optional string
3032 The version string of the device driver controlling the network
3033 adapter.
3034 status : firmware_version: optional string
3036 The version string of the network adapter’s firmware, if avail‐
3037 able.
3038 status : source_ip: optional string
3040 The source IP address used for an IPv4/IPv6 tunnel end-point,
3041 such as gre.
3042 status : tunnel_egress_iface: optional string
3044 Egress interface for tunnels. Currently only relevant for tun‐
3045 nels on Linux systems, this column will show the name of the
3046 interface which is responsible for routing traffic destined for
3047 the configured options:remote_ip. This could be an internal
3048 interface such as a bridge port.
3049 status : tunnel_egress_iface_carrier: optional string, either down or
3051 up
3052 Whether carrier is detected on status:tunnel_egress_iface.
3053 dpdk:
3055 DPDK specific interface status options.
3057 status : port_no: optional string
3059 DPDK port ID.
3060 status : numa_id: optional string
3062 NUMA socket ID to which an Ethernet device is connected.
3063 status : min_rx_bufsize: optional string
3065 Minimum size of RX buffer.
3066 status : max_rx_pktlen: optional string
3068 Maximum configurable length of RX pkt.
3069 status : max_rx_queues: optional string
3071 Maximum number of RX queues.
3072 status : max_tx_queues: optional string
3074 Maximum number of TX queues.
3075 status : max_mac_addrs: optional string
3077 Maximum number of MAC addresses.
3078 status : max_hash_mac_addrs: optional string
3080 Maximum number of hash MAC addresses for MTA and UTA.
3081 status : max_vfs: optional string
3083 Maximum number of hash MAC addresses for MTA and UTA. Maximum
3084 number of VFs.
3085 status : max_vmdq_pools: optional string
3087 Maximum number of VMDq pools.
3088 status : if_type: optional string
3090 Interface type ID according to IANA ifTYPE MIB definitions.
3091 status : if_descr: optional string
3093 Interface description string.
3094 status : pci-vendor_id: optional string
3096 Vendor ID of PCI device.
3097 status : pci-device_id: optional string
3099 Device ID of PCI device.
3100 Statistics:
3102 Key-value pairs that report interface statistics. The current implemen‐
3104 tation updates these counters periodically. The update period is con‐
3105 trolled by other_config:stats-update-interval in the Open_vSwitch ta‐
3106 ble. Future implementations may update them when an interface is cre‐
3107 ated, when they are queried (e.g. using an OVSDB select operation), and
3108 just before an interface is deleted due to virtual interface hot-unplug
3109 or VM shutdown, and perhaps at other times, but not on any regular
3110 periodic basis.
3111 These are the same statistics reported by OpenFlow in its struct
3113 ofp_port_stats structure. If an interface does not support a given
3114 statistic, then that pair is omitted.
3115 Statistics: Successful transmit and receive counters:
3117 statistics : rx_packets: optional integer
3119 Number of received packets.
3120 statistics : rx_bytes: optional integer
3122 Number of received bytes.
3123 statistics : tx_packets: optional integer
3125 Number of transmitted packets.
3126 statistics : tx_bytes: optional integer
3128 Number of transmitted bytes.
3129 Statistics: Receive errors:
3131 statistics : rx_dropped: optional integer
3133 Number of packets dropped by RX.
3134 statistics : rx_frame_err: optional integer
3136 Number of frame alignment errors.
3137 statistics : rx_over_err: optional integer
3139 Number of packets with RX overrun.
3140 statistics : rx_crc_err: optional integer
3142 Number of CRC errors.
3143 statistics : rx_errors: optional integer
3145 Total number of receive errors, greater than or equal to the sum
3146 of the above.
3147 Statistics: Transmit errors:
3149 statistics : tx_dropped: optional integer
3151 Number of packets dropped by TX.
3152 statistics : collisions: optional integer
3154 Number of collisions.
3155 statistics : tx_errors: optional integer
3157 Total number of transmit errors, greater than or equal to the
3158 sum of the above.
3159 Ingress Policing:
3161 These settings control ingress policing for packets received on this
3163 interface. On a physical interface, this limits the rate at which traf‐
3164 fic is allowed into the system from the outside; on a virtual interface
3165 (one connected to a virtual machine), this limits the rate at which the
3166 VM is able to transmit.
3167 Policing is a simple form of quality-of-service that simply drops pack‐
3169 ets received in excess of the configured rate. Due to its simplicity,
3170 policing is usually less accurate and less effective than egress QoS
3171 (which is configured using the QoS and Queue tables).
3172 Policing is currently implemented on Linux and OVS with DPDK. Both
3174 implementations use a simple ``token bucket’’ approach:
3175 · The size of the bucket corresponds to ingress_polic‐
3177 ing_burst. Initially the bucket is full.
3178 · Whenever a packet is received, its size (converted to
3180 tokens) is compared to the number of tokens currently in
3181 the bucket. If the required number of tokens are avail‐
3182 able, they are removed and the packet is forwarded. Oth‐
3183 erwise, the packet is dropped.
3184 · Whenever it is not full, the bucket is refilled with
3186 tokens at the rate specified by ingress_policing_rate.
3187 Policing interacts badly with some network protocols, and especially
3189 with fragmented IP packets. Suppose that there is enough network activ‐
3190 ity to keep the bucket nearly empty all the time. Then this token
3191 bucket algorithm will forward a single packet every so often, with the
3192 period depending on packet size and on the configured rate. All of the
3193 fragments of an IP packets are normally transmitted back-to-back, as a
3194 group. In such a situation, therefore, only one of these fragments will
3195 be forwarded and the rest will be dropped. IP does not provide any way
3196 for the intended recipient to ask for only the remaining fragments. In
3197 such a case there are two likely possibilities for what will happen
3198 next: either all of the fragments will eventually be retransmitted (as
3199 TCP will do), in which case the same problem will recur, or the sender
3200 will not realize that its packet has been dropped and data will simply
3201 be lost (as some UDP-based protocols will do). Either way, it is possi‐
3202 ble that no forward progress will ever occur.
3203 ingress_policing_rate: integer, at least 0
3205 Maximum rate for data received on this interface, in kbps. Data
3206 received faster than this rate is dropped. Set to 0 (the
3207 default) to disable policing.
3208 ingress_policing_burst: integer, at least 0
3210 Maximum burst size for data received on this interface, in kb.
3211 The default burst size if set to 0 is 8000 kbit. This value has
3212 no effect if ingress_policing_rate is 0.
3213 Specifying a larger burst size lets the algorithm be more for‐
3215 giving, which is important for protocols like TCP that react se‐
3216 verely to dropped packets. The burst size should be at least the
3217 size of the interface’s MTU. Specifying a value that is numeri‐
3218 cally at least as large as 80% of ingress_policing_rate helps
3219 TCP come closer to achieving the full rate.
3220 Bidirectional Forwarding Detection (BFD):
3222 BFD, defined in RFC 5880 and RFC 5881, allows point-to-point detection
3224 of connectivity failures by occasional transmission of BFD control mes‐
3225 sages. Open vSwitch implements BFD to serve as a more popular and stan‐
3226 dards compliant alternative to CFM.
3227 BFD operates by regularly transmitting BFD control messages at a rate
3229 negotiated independently in each direction. Each endpoint specifies the
3230 rate at which it expects to receive control messages, and the rate at
3231 which it is willing to transmit them. By default, Open vSwitch uses a
3232 detection multiplier of three, meaning that an endpoint signals a con‐
3233 nectivity fault if three consecutive BFD control messages fail to
3234 arrive. In the case of a unidirectional connectivity issue, the system
3235 not receiving BFD control messages signals the problem to its peer in
3236 the messages it transmits.
3237 The Open vSwitch implementation of BFD aims to comply faithfully with
3239 RFC 5880 requirements. Open vSwitch does not implement the optional
3240 Authentication or ``Echo Mode’’ features.
3241 BFD Configuration:
3243 A controller sets up key-value pairs in the bfd column to enable and
3245 configure BFD.
3246 bfd : enable: optional string, either true or false
3248 True to enable BFD on this Interface. If not specified, BFD will
3249 not be enabled by default.
3250 bfd : min_rx: optional string, containing an integer, at least 1
3252 The shortest interval, in milliseconds, at which this BFD ses‐
3253 sion offers to receive BFD control messages. The remote endpoint
3254 may choose to send messages at a slower rate. Defaults to 1000.
3255 bfd : min_tx: optional string, containing an integer, at least 1
3257 The shortest interval, in milliseconds, at which this BFD ses‐
3258 sion is willing to transmit BFD control messages. Messages will
3259 actually be transmitted at a slower rate if the remote endpoint
3260 is not willing to receive as quickly as specified. Defaults to
3261 100.
3262 bfd : decay_min_rx: optional string, containing an integer
3264 An alternate receive interval, in milliseconds, that must be
3265 greater than or equal to bfd:min_rx. The implementation switches
3266 from bfd:min_rx to bfd:decay_min_rx when there is no obvious
3267 incoming data traffic at the interface, to reduce the CPU and
3268 bandwidth cost of monitoring an idle interface. This feature may
3269 be disabled by setting a value of 0. This feature is reset when‐
3270 ever bfd:decay_min_rx or bfd:min_rx changes.
3271 bfd : forwarding_if_rx: optional string, either true or false
3273 When true, traffic received on the Interface is used to indicate
3274 the capability of packet I/O. BFD control packets are still
3275 transmitted and received. At least one BFD control packet must
3276 be received every 100 * bfd:min_rx amount of time. Otherwise,
3277 even if traffic are received, the bfd:forwarding will be false.
3278 bfd : cpath_down: optional string, either true or false
3280 Set to true to notify the remote endpoint that traffic should
3281 not be forwarded to this system for some reason other than a
3282 connectivty failure on the interface being monitored. The typi‐
3283 cal underlying reason is ``concatenated path down,’’ that is,
3284 that connectivity beyond the local system is down. Defaults to
3285 false.
3286 bfd : check_tnl_key: optional string, either true or false
3288 Set to true to make BFD accept only control messages with a tun‐
3289 nel key of zero. By default, BFD accepts control messages with
3290 any tunnel key.
3291 bfd : bfd_local_src_mac: optional string
3293 Set to an Ethernet address in the form xx:xx:xx:xx:xx:xx to set
3294 the MAC used as source for transmitted BFD packets. The default
3295 is the mac address of the BFD enabled interface.
3296 bfd : bfd_local_dst_mac: optional string
3298 Set to an Ethernet address in the form xx:xx:xx:xx:xx:xx to set
3299 the MAC used as destination for transmitted BFD packets. The
3300 default is 00:23:20:00:00:01.
3301 bfd : bfd_remote_dst_mac: optional string
3303 Set to an Ethernet address in the form xx:xx:xx:xx:xx:xx to set
3304 the MAC used for checking the destination of received BFD pack‐
3305 ets. Packets with different destination MAC will not be consid‐
3306 ered as BFD packets. If not specified the destination MAC
3307 address of received BFD packets are not checked.
3308 bfd : bfd_src_ip: optional string
3310 Set to an IPv4 address to set the IP address used as source for
3311 transmitted BFD packets. The default is 169.254.1.1.
3312 bfd : bfd_dst_ip: optional string
3314 Set to an IPv4 address to set the IP address used as destination
3315 for transmitted BFD packets. The default is 169.254.1.0.
3316 bfd : oam: optional string
3318 Some tunnel protocols (such as Geneve) include a bit in the
3319 header to indicate that the encapsulated packet is an OAM frame.
3320 By setting this to true, BFD packets will be marked as OAM if
3321 encapsulated in one of these tunnels.
3322 bfd : mult: optional string, containing an integer, in range 1 to 255
3324 The BFD detection multiplier, which defaults to 3. An endpoint
3325 signals a connectivity fault if the given number of consecutive
3326 BFD control messages fail to arrive.
3327 BFD Status:
3329 The switch sets key-value pairs in the bfd_status column to report the
3331 status of BFD on this interface. When BFD is not enabled, with
3332 bfd:enable, the switch clears all key-value pairs from bfd_status.
3333 bfd_status : state: optional string, one of admin_down, down, init, or
3335 up
3336 Reports the state of the BFD session. The BFD session is fully
3337 healthy and negotiated if UP.
3338 bfd_status : forwarding: optional string, either true or false
3340 Reports whether the BFD session believes this Interface may be
3341 used to forward traffic. Typically this means the local session
3342 is signaling UP, and the remote system isn’t signaling a problem
3343 such as concatenated path down.
3344 bfd_status : diagnostic: optional string
3346 A diagnostic code specifying the local system’s reason for the
3347 last change in session state. The error messages are defined in
3348 section 4.1 of [RFC 5880].
3349 bfd_status : remote_state: optional string, one of admin_down, down,
3351 init, or up
3352 Reports the state of the remote endpoint’s BFD session.
3353 bfd_status : remote_diagnostic: optional string
3355 A diagnostic code specifying the remote system’s reason for the
3356 last change in session state. The error messages are defined in
3357 section 4.1 of [RFC 5880].
3358 bfd_status : flap_count: optional string, containing an integer, at
3360 least 0
3361 Counts the number of bfd_status:forwarding flaps since start. A
3362 flap is considered as a change of the bfd_status:forwarding
3363 value.
3364 Connectivity Fault Management:
3366 802.1ag Connectivity Fault Management (CFM) allows a group of Mainte‐
3368 nance Points (MPs) called a Maintenance Association (MA) to detect con‐
3369 nectivity problems with each other. MPs within a MA should have com‐
3370 plete and exclusive interconnectivity. This is verified by occasionally
3371 broadcasting Continuity Check Messages (CCMs) at a configurable trans‐
3372 mission interval.
3373 According to the 802.1ag specification, each Maintenance Point should
3375 be configured out-of-band with a list of Remote Maintenance Points it
3376 should have connectivity to. Open vSwitch differs from the specifica‐
3377 tion in this area. It simply assumes the link is faulted if no Remote
3378 Maintenance Points are reachable, and considers it not faulted other‐
3379 wise.
3380 When operating over tunnels which have no in_key, or an in_key of flow.
3382 CFM will only accept CCMs with a tunnel key of zero.
3383 cfm_mpid: optional integer
3385 A Maintenance Point ID (MPID) uniquely identifies each endpoint
3386 within a Maintenance Association. The MPID is used to identify
3387 this endpoint to other Maintenance Points in the MA. Each end of
3388 a link being monitored should have a different MPID. Must be
3389 configured to enable CFM on this Interface.
3390 According to the 802.1ag specification, MPIDs can only range
3392 between [1, 8191]. However, extended mode (see other_con‐
3393 fig:cfm_extended) supports eight byte MPIDs.
3394 cfm_flap_count: optional integer
3396 Counts the number of cfm fault flapps since boot. A flap is con‐
3397 sidered to be a change of the cfm_fault value.
3398 cfm_fault: optional boolean
3400 Indicates a connectivity fault triggered by an inability to
3401 receive heartbeats from any remote endpoint. When a fault is
3402 triggered on Interfaces participating in bonds, they will be
3403 disabled.
3404 Faults can be triggered for several reasons. Most importantly
3406 they are triggered when no CCMs are received for a period of 3.5
3407 times the transmission interval. Faults are also triggered when
3408 any CCMs indicate that a Remote Maintenance Point is not receiv‐
3409 ing CCMs but able to send them. Finally, a fault is triggered if
3410 a CCM is received which indicates unexpected configuration.
3411 Notably, this case arises when a CCM is received which adver‐
3412 tises the local MPID.
3413 cfm_fault_status : recv: none
3415 Indicates a CFM fault was triggered due to a lack of CCMs
3416 received on the Interface.
3417 cfm_fault_status : rdi: none
3419 Indicates a CFM fault was triggered due to the reception of a
3420 CCM with the RDI bit flagged. Endpoints set the RDI bit in their
3421 CCMs when they are not receiving CCMs themselves. This typically
3422 indicates a unidirectional connectivity failure.
3423 cfm_fault_status : maid: none
3425 Indicates a CFM fault was triggered due to the reception of a
3426 CCM with a MAID other than the one Open vSwitch uses. CFM broad‐
3427 casts are tagged with an identification number in addition to
3428 the MPID called the MAID. Open vSwitch only supports receiving
3429 CCM broadcasts tagged with the MAID it uses internally.
3430 cfm_fault_status : loopback: none
3432 Indicates a CFM fault was triggered due to the reception of a
3433 CCM advertising the same MPID configured in the cfm_mpid column
3434 of this Interface. This may indicate a loop in the network.
3435 cfm_fault_status : overflow: none
3437 Indicates a CFM fault was triggered because the CFM module
3438 received CCMs from more remote endpoints than it can keep track
3439 of.
3440 cfm_fault_status : override: none
3442 Indicates a CFM fault was manually triggered by an administrator
3443 using an ovs-appctl command.
3444 cfm_fault_status : interval: none
3446 Indicates a CFM fault was triggered due to the reception of a
3447 CCM frame having an invalid interval.
3448 cfm_remote_opstate: optional string, either down or up
3450 When in extended mode, indicates the operational state of the
3451 remote endpoint as either up or down. See other_con‐
3452 fig:cfm_opstate.
3453 cfm_health: optional integer, in range 0 to 100
3455 Indicates the health of the interface as a percentage of CCM
3456 frames received over 21 other_config:cfm_intervals. The health
3457 of an interface is undefined if it is communicating with more
3458 than one cfm_remote_mpids. It reduces if healthy heartbeats are
3459 not received at the expected rate, and gradually improves as
3460 healthy heartbeats are received at the desired rate. Every 21
3461 other_config:cfm_intervals, the health of the interface is
3462 refreshed.
3463 As mentioned above, the faults can be triggered for several rea‐
3465 sons. The link health will deteriorate even if heartbeats are
3466 received but they are reported to be unhealthy. An unhealthy
3467 heartbeat in this context is a heartbeat for which either some
3468 fault is set or is out of sequence. The interface health can be
3469 100 only on receiving healthy heartbeats at the desired rate.
3470 cfm_remote_mpids: set of integers
3472 When CFM is properly configured, Open vSwitch will occasionally
3473 receive CCM broadcasts. These broadcasts contain the MPID of the
3474 sending Maintenance Point. The list of MPIDs from which this
3475 Interface is receiving broadcasts from is regularly collected
3476 and written to this column.
3477 other_config : cfm_interval: optional string, containing an integer
3479 The interval, in milliseconds, between transmissions of CFM
3480 heartbeats. Three missed heartbeat receptions indicate a connec‐
3481 tivity fault.
3482 In standard operation only intervals of 3, 10, 100, 1,000,
3484 10,000, 60,000, or 600,000 ms are supported. Other values will
3485 be rounded down to the nearest value on the list. Extended mode
3486 (see other_config:cfm_extended) supports any interval up to
3487 65,535 ms. In either mode, the default is 1000 ms.
3488 We do not recommend using intervals less than 100 ms.
3490 other_config : cfm_extended: optional string, either true or false
3492 When true, the CFM module operates in extended mode. This causes
3493 it to use a nonstandard destination address to avoid conflicting
3494 with compliant implementations which may be running concurrently
3495 on the network. Furthermore, extended mode increases the accu‐
3496 racy of the cfm_interval configuration parameter by breaking
3497 wire compatibility with 802.1ag compliant implementations. And
3498 extended mode allows eight byte MPIDs. Defaults to false.
3499 other_config : cfm_demand: optional string, either true or false
3501 When true, and other_config:cfm_extended is true, the CFM module
3502 operates in demand mode. When in demand mode, traffic received
3503 on the Interface is used to indicate liveness. CCMs are still
3504 transmitted and received. At least one CCM must be received
3505 every 100 * other_config:cfm_interval amount of time. Otherwise,
3506 even if traffic are received, the CFM module will raise the con‐
3507 nectivity fault.
3508 Demand mode has a couple of caveats:
3510 · To ensure that ovs-vswitchd has enough time to pull sta‐
3512 tistics from the datapath, the fault detection interval
3513 is set to 3.5 * MAX(other_config:cfm_interval, 500) ms.
3514 · To avoid ambiguity, demand mode disables itself when
3516 there are multiple remote maintenance points.
3517 · If the Interface is heavily congested, CCMs containing
3519 the other_config:cfm_opstate status may be dropped caus‐
3520 ing changes in the operational state to be delayed. Simi‐
3521 larly, if CCMs containing the RDI bit are not received,
3522 unidirectional link failures may not be detected.
3523 other_config : cfm_opstate: optional string, either down or up
3525 When down, the CFM module marks all CCMs it generates as opera‐
3526 tionally down without triggering a fault. This allows remote
3527 maintenance points to choose not to forward traffic to the
3528 Interface on which this CFM module is running. Currently, in
3529 Open vSwitch, the opdown bit of CCMs affects Interfaces partici‐
3530 pating in bonds, and the bundle OpenFlow action. This setting is
3531 ignored when CFM is not in extended mode. Defaults to up.
3532 other_config : cfm_ccm_vlan: optional string, containing an integer, in
3534 range 1 to 4,095
3535 When set, the CFM module will apply a VLAN tag to all CCMs it
3536 generates with the given value. May be the string random in
3537 which case each CCM will be tagged with a different randomly
3538 generated VLAN.
3539 other_config : cfm_ccm_pcp: optional string, containing an integer, in
3541 range 1 to 7
3542 When set, the CFM module will apply a VLAN tag to all CCMs it
3543 generates with the given PCP value, the VLAN ID of the tag is
3544 governed by the value of other_config:cfm_ccm_vlan. If
3545 other_config:cfm_ccm_vlan is unset, a VLAN ID of zero is used.
3546 Bonding Configuration:
3548 other_config : lacp-port-id: optional string, containing an integer, in
3550 range 1 to 65,535
3551 The LACP port ID of this Interface. Port IDs are used in LACP
3552 negotiations to identify individual ports participating in a
3553 bond.
3554 other_config : lacp-port-priority: optional string, containing an inte‐
3556 ger, in range 1 to 65,535
3557 The LACP port priority of this Interface. In LACP negotiations
3558 Interfaces with numerically lower priorities are preferred for
3559 aggregation.
3560 other_config : lacp-aggregation-key: optional string, containing an
3562 integer, in range 1 to 65,535
3563 The LACP aggregation key of this Interface. Interfaces with dif‐
3564 ferent aggregation keys may not be active within a given Port at
3565 the same time.
3566 Virtual Machine Identifiers:
3568 These key-value pairs specifically apply to an interface that repre‐
3570 sents a virtual Ethernet interface connected to a virtual machine.
3571 These key-value pairs should not be present for other types of inter‐
3572 faces. Keys whose names end in -uuid have values that uniquely identify
3573 the entity in question. For a Citrix XenServer hypervisor, these values
3574 are UUIDs in RFC 4122 format. Other hypervisors may use other formats.
3575 external_ids : attached-mac: optional string
3577 The MAC address programmed into the ``virtual hardware’’ for
3578 this interface, in the form xx:xx:xx:xx:xx:xx. For Citrix
3579 XenServer, this is the value of the MAC field in the VIF record
3580 for this interface.
3581 external_ids : iface-id: optional string
3583 A system-unique identifier for the interface. On XenServer, this
3584 will commonly be the same as external_ids:xs-vif-uuid.
3585 external_ids : iface-status: optional string, either active or inactive
3587 Hypervisors may sometimes have more than one interface associ‐
3588 ated with a given external_ids:iface-id, only one of which is
3589 actually in use at a given time. For example, in some circum‐
3590 stances XenServer has both a ``tap’’ and a ``vif’’ interface for
3591 a single external_ids:iface-id, but only uses one of them at a
3592 time. A hypervisor that behaves this way must mark the currently
3593 in use interface active and the others inactive. A hypervisor
3594 that never has more than one interface for a given exter‐
3595 nal_ids:iface-id may mark that interface active or omit exter‐
3596 nal_ids:iface-status entirely.
3597 During VM migration, a given external_ids:iface-id might tran‐
3599 siently be marked active on two different hypervisors. That is,
3600 active means that this external_ids:iface-id is the active
3601 instance within a single hypervisor, not in a broader scope.
3602 There is one exception: some hypervisors support ``migration’’
3603 from a given hypervisor to itself (most often for test pur‐
3604 poses). During such a ``migration,’’ two instances of a single
3605 external_ids:iface-id might both be briefly marked active on a
3606 single hypervisor.
3607 external_ids : xs-vif-uuid: optional string
3609 The virtual interface associated with this interface.
3610 external_ids : xs-network-uuid: optional string
3612 The virtual network to which this interface is attached.
3613 external_ids : vm-id: optional string
3615 The VM to which this interface belongs. On XenServer, this will
3616 be the same as external_ids:xs-vm-uuid.
3617 external_ids : xs-vm-uuid: optional string
3619 The VM to which this interface belongs.
3620 Auto Attach Configuration:
3622 Auto Attach configuration for a particular interface.
3624 lldp : enable: optional string, either true or false
3626 True to enable LLDP on this Interface. If not specified, LLDP
3627 will be disabled by default.
3628 Flow control Configuration:
3630 Ethernet flow control defined in IEEE 802.1Qbb provides link level flow
3632 control using MAC pause frames. Implemented only for interfaces with
3633 type dpdk.
3634 options : rx-flow-ctrl: optional string, either true or false
3636 Set to true to enable Rx flow control on physical ports. By
3637 default, Rx flow control is disabled.
3638 options : tx-flow-ctrl: optional string, either true or false
3640 Set to true to enable Tx flow control on physical ports. By
3641 default, Tx flow control is disabled.
3642 options : flow-ctrl-autoneg: optional string, either true or false
3644 Set to true to enable flow control auto negotiation on physical
3645 ports. By default, auto-neg is disabled.
3646 Link State Change detection mode:
3648 options : dpdk-lsc-interrupt: optional string, either true or false
3650 Set this value to true to configure interrupt mode for Link
3651 State Change (LSC) detection instead of poll mode for the DPDK
3652 interface.
3653 If this value is not set, poll mode is configured.
3655 This parameter has an effect only on netdev dpdk interfaces.
3657 Common Columns:
3659 The overall purpose of these columns is described under Common Columns
3661 at the beginning of this document.
3662 other_config: map of string-string pairs
3664 external_ids: map of string-string pairs
3666
3668 Configuration for a particular OpenFlow table.
3669 Summary:
3671 name optional string
3672 Eviction Policy:
3673 flow_limit optional integer, at least 0
3674 overflow_policy optional string, either evict or refuse
3675 groups set of strings
3676 Classifier Optimization:
3677 prefixes set of up to 3 strings
3678 Common Columns:
3679 external_ids map of string-string pairs
3680 Details:
3682 name: optional string
3683 The table’s name. Set this column to change the name that con‐
3684 trollers will receive when they request table statistics, e.g.
3685 ovs-ofctl dump-tables. The name does not affect switch behavior.
3686 Eviction Policy:
3688 Open vSwitch supports limiting the number of flows that may be
3690 installed in a flow table, via the flow_limit column. When adding a
3691 flow would exceed this limit, by default Open vSwitch reports an error,
3692 but there are two ways to configure Open vSwitch to instead delete
3693 (``evict’’) a flow to make room for the new one:
3694 · Set the overflow_policy column to evict.
3696 · Send an OpenFlow 1.4+ ``table mod request’’ to enable
3698 eviction for the flow table (e.g. ovs-ofctl -O OpenFlow14
3699 mod-table br0 0 evict to enable eviction on flow table 0
3700 of bridge br0).
3701 When a flow must be evicted due to overflow, the flow to evict is cho‐
3703 sen through an approximation of the following algorithm. This algorithm
3704 is used regardless of how eviction was enabled:
3705 1. Divide the flows in the table into groups based on the val‐
3707 ues of the fields or subfields specified in the groups col‐
3708 umn, so that all of the flows in a given group have the same
3709 values for those fields. If a flow does not specify a given
3710 field, that field’s value is treated as 0. If groups is
3711 empty, then all of the flows in the flow table are treated
3712 as a single group.
3713 2. Consider the flows in the largest group, that is, the group
3715 that contains the greatest number of flows. If two or more
3716 groups all have the same largest number of flows, consider
3717 the flows in all of those groups.
3718 3. If the flows under consideration have different importance
3720 values, eliminate from consideration any flows except those
3721 with the lowest importance. (``Importance,’’ a 16-bit inte‐
3722 ger value attached to each flow, was introduced in OpenFlow
3723 1.4. Flows inserted with older versions of OpenFlow always
3724 have an importance of 0.)
3725 4. Among the flows under consideration, choose the flow that
3727 expires soonest for eviction.
3728 The eviction process only considers flows that have an idle timeout or
3730 a hard timeout. That is, eviction never deletes permanent flows. (Per‐
3731 manent flows do count against flow_limit.)
3732 flow_limit: optional integer, at least 0
3734 If set, limits the number of flows that may be added to the ta‐
3735 ble. Open vSwitch may limit the number of flows in a table for
3736 other reasons, e.g. due to hardware limitations or for resource
3737 availability or performance reasons.
3738 overflow_policy: optional string, either evict or refuse
3740 Controls the switch’s behavior when an OpenFlow flow table modi‐
3741 fication request would add flows in excess of flow_limit. The
3742 supported values are:
3743 refuse Refuse to add the flow or flows. This is also the default
3745 policy when overflow_policy is unset.
3746 evict Delete a flow chosen according to the algorithm described
3748 above.
3749 groups: set of strings
3751 When overflow_policy is evict, this controls how flows are cho‐
3752 sen for eviction when the flow table would otherwise exceed
3753 flow_limit flows. Its value is a set of NXM fields or sub-
3754 fields, each of which takes one of the forms field[] or
3755 field[start..end], e.g. NXM_OF_IN_PORT[]. Please see meta-flow.h
3756 for a complete list of NXM field names.
3757 Open vSwitch ignores any invalid or unknown field specifica‐
3759 tions.
3760 When eviction is not enabled, via overflow_policy or an OpenFlow
3762 1.4+ ``table mod,’’ this column has no effect.
3763 Classifier Optimization:
3765 prefixes: set of up to 3 strings
3767 This string set specifies which fields should be used for
3768 address prefix tracking. Prefix tracking allows the classifier
3769 to skip rules with longer than necessary prefixes, resulting in
3770 better wildcarding for datapath flows.
3771 Prefix tracking may be beneficial when a flow table contains
3773 matches on IP address fields with different prefix lengths. For
3774 example, when a flow table contains IP address matches on both
3775 full addresses and proper prefixes, the full address matches
3776 will typically cause the datapath flow to un-wildcard the whole
3777 address field (depending on flow entry priorities). In this case
3778 each packet with a different address gets handed to the
3779 userspace for flow processing and generates its own datapath
3780 flow. With prefix tracking enabled for the address field in
3781 question packets with addresses matching shorter prefixes would
3782 generate datapath flows where the irrelevant address bits are
3783 wildcarded, allowing the same datapath flow to handle all the
3784 packets within the prefix in question. In this case many
3785 userspace upcalls can be avoided and the overall performance can
3786 be better.
3787 This is a performance optimization only, so packets will receive
3789 the same treatment with or without prefix tracking.
3790 The supported fields are: tun_id, tun_src, tun_dst,
3792 tun_ipv6_src, tun_ipv6_dst, nw_src, nw_dst (or aliases ip_src
3793 and ip_dst), ipv6_src, and ipv6_dst. (Using this feature for
3794 tun_id would only make sense if the tunnel IDs have prefix
3795 structure similar to IP addresses.)
3796 By default, the prefixes=ip_dst,ip_src are used on each flow ta‐
3798 ble. This instructs the flow classifier to track the IP destina‐
3799 tion and source addresses used by the rules in this specific
3800 flow table.
3801 The keyword none is recognized as an explicit override of the
3803 default values, causing no prefix fields to be tracked.
3804 To set the prefix fields, the flow table record needs to exist:
3806 ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- --id=@N1 create
3808 Flow_Table name=table0
3809 Creates a flow table record for the OpenFlow table number
3810 0.
3811 ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src
3813 Enables prefix tracking for IP source and destination
3814 address fields.
3815 There is a maximum number of fields that can be enabled for any
3817 one flow table. Currently this limit is 3.
3818 Common Columns:
3820 The overall purpose of these columns is described under Common Columns
3822 at the beginning of this document.
3823 external_ids: map of string-string pairs
3825
3827 Quality of Service (QoS) configuration for each Port that references
3828 it.
3829 Summary:
3831 type string
3832 queues map of integer-Queue pairs, key in range
3833 0 to 4,294,967,295
3834 Configuration for linux-htb and linux-hfsc:
3835 other_config : max-rate optional string, containing an integer
3836 Configuration for egress-policer QoS:
3837 other_config : cir optional string, containing an integer
3838 other_config : cbs optional string, containing an integer
3839 Configuration for linux-sfq:
3840 other_config : perturb optional string, containing an integer
3841 other_config : quantum optional string, containing an integer
3842 Configuration for linux-netem:
3843 other_config : latency optional string, containing an integer
3844 other_config : limit optional string, containing an integer
3845 other_config : loss optional string, containing an integer
3846 Common Columns:
3847 other_config map of string-string pairs
3848 external_ids map of string-string pairs
3849 Details:
3851 type: string
3852 The type of QoS to implement. The currently defined types are
3853 listed below:
3854 linux-htb
3856 Linux ``hierarchy token bucket’’ classifier. See tc-
3857 htb(8) (also at http://linux.die.net/man/8/tc-htb) and
3858 the HTB manual (http://luxik.cdi.cz/~devik/qos/htb/man‐
3859 ual/userg.htm) for information on how this classifier
3860 works and how to configure it.
3861 linux-hfsc
3863 Linux "Hierarchical Fair Service Curve" classifier. See
3864 http://linux-ip.net/articles/hfsc.en/ for information on
3865 how this classifier works.
3866 linux-sfq
3868 Linux ``Stochastic Fairness Queueing’’ classifier. See
3869 tc-sfq(8) (also at http://linux.die.net/man/8/tc-sfq) for
3870 information on how this classifier works.
3871 linux-codel
3873 Linux ``Controlled Delay’’ classifier. See tc-codel(8)
3874 (also at
3875 http://man7.org/linux/man-pages/man8/tc-codel.8.html) for
3876 information on how this classifier works.
3877 linux-fq_codel
3879 Linux ``Fair Queuing with Controlled Delay’’ classifier.
3880 See tc-fq_codel(8) (also at
3881 http://man7.org/linux/man-pages/man8/tc-fq_codel.8.html)
3882 for information on how this classifier works.
3883 linux-netem
3885 Linux ``Network Emulator’’ classifier. See tc-netem(8)
3886 (also at
3887 http://man7.org/linux/man-pages/man8/tc-netem.8.html) for
3888 information on how this classifier works.
3889 linux-noop
3891 Linux ``No operation.’’ By default, Open vSwitch manages
3892 quality of service on all of its configured ports. This
3893 can be helpful, but sometimes administrators prefer to
3894 use other software to manage QoS. This type prevents Open
3895 vSwitch from changing the QoS configuration for a port.
3896 egress-policer
3898 A DPDK egress policer algorithm using the DPDK rte_meter
3899 library. The rte_meter library provides an implementation
3900 which allows the metering and policing of traffic. The
3901 implementation in OVS essentially creates a single token
3902 bucket used to police traffic. It should be noted that
3903 when the rte_meter is configured as part of QoS there
3904 will be a performance overhead as the rte_meter itself
3905 will consume CPU cycles in order to police traffic. These
3906 CPU cycles ordinarily are used for packet proccessing. As
3907 such the drop in performance will be noticed in terms of
3908 overall aggregate traffic throughput.
3909 queues: map of integer-Queue pairs, key in range 0 to 4,294,967,295
3911 A map from queue numbers to Queue records. The supported range
3912 of queue numbers depend on type. The queue numbers are the same
3913 as the queue_id used in OpenFlow in struct ofp_action_enqueue
3914 and other structures.
3915 Queue 0 is the ``default queue.’’ It is used by OpenFlow output
3917 actions when no specific queue has been set. When no configura‐
3918 tion for queue 0 is present, it is automatically configured as
3919 if a Queue record with empty dscp and other_config columns had
3920 been specified. (Before version 1.6, Open vSwitch would leave
3921 queue 0 unconfigured in this case. With some queuing disci‐
3922 plines, this dropped all packets destined for the default
3923 queue.)
3924 Configuration for linux-htb and linux-hfsc:
3926 The linux-htb and linux-hfsc classes support the following key-value
3928 pair:
3929 other_config : max-rate: optional string, containing an integer
3931 Maximum rate shared by all queued traffic, in bit/s. Optional.
3932 If not specified, for physical interfaces, the default is the
3933 link rate. For other interfaces or if the link rate cannot be
3934 determined, the default is currently 100 Mbps.
3935 Configuration for egress-policer QoS:
3937 QoS type egress-policer provides egress policing for userspace port
3939 types with DPDK. It has the following key-value pairs defined.
3940 other_config : cir: optional string, containing an integer
3942 The Committed Information Rate (CIR) is measured in bytes of IP
3943 packets per second, i.e. it includes the IP header, but not link
3944 specific (e.g. Ethernet) headers. This represents the bytes per
3945 second rate at which the token bucket will be updated. The cir
3946 value is calculated by (pps x packet data size). For example
3947 assuming a user wishes to limit a stream consisting of 64 byte
3948 packets to 1 million packets per second the CIR would be set to
3949 to to 46000000. This value can be broken into ’1,000,000 x 46’.
3950 Where 1,000,000 is the policing rate for the number of packets
3951 per second and 46 represents the size of the packet data for a
3952 64 byte ip packet.
3953 other_config : cbs: optional string, containing an integer
3955 The Committed Burst Size (CBS) is measured in bytes and repre‐
3956 sents a token bucket. At a minimum this value should be be set
3957 to the expected largest size packet in the traffic stream. In
3958 practice larger values may be used to increase the size of the
3959 token bucket. If a packet can be transmitted then the cbs will
3960 be decremented by the number of bytes/tokens of the packet. If
3961 there are not enough tokens in the cbs bucket the packet will be
3962 dropped.
3963 Configuration for linux-sfq:
3965 The linux-sfq QoS supports the following key-value pairs:
3967 other_config : perturb: optional string, containing an integer
3969 Number of seconds between consecutive perturbations in hashing
3970 algorithm. Different flows can end up in the same hash bucket
3971 causing unfairness. Perturbation’s goal is to remove possible
3972 unfairness. The default and recommended value is 10. Too low a
3973 value is discouraged because each perturbation can cause packet
3974 reordering.
3975 other_config : quantum: optional string, containing an integer
3977 Number of bytes linux-sfq QoS can dequeue in one turn in round-
3978 robin from one flow. The default and recommended value is equal
3979 to interface’s MTU.
3980 Configuration for linux-netem:
3982 The linux-netem QoS supports the following key-value pairs:
3984 other_config : latency: optional string, containing an integer
3986 Adds the chosen delay to the packets outgoing to chosen network
3987 interface. The latency value expressed in us.
3988 other_config : limit: optional string, containing an integer
3990 Maximum number of packets the qdisc may hold queued at a time.
3991 The default value is 1000.
3992 other_config : loss: optional string, containing an integer
3994 Adds an independent loss probability to the packets outgoing
3995 from the chosen network interface.
3996 Common Columns:
3998 The overall purpose of these columns is described under Common Columns
4000 at the beginning of this document.
4001 other_config: map of string-string pairs
4003 external_ids: map of string-string pairs
4005
4007 A configuration for a port output queue, used in configuring Quality of
4008 Service (QoS) features. May be referenced by queues column in QoS ta‐
4009 ble.
4010 Summary:
4012 dscp optional integer, in range 0 to 63
4013 Configuration for linux-htb QoS:
4014 other_config : min-rate optional string, containing an integer,
4015 at least 1
4016 other_config : max-rate optional string, containing an integer,
4017 at least 1
4018 other_config : burst optional string, containing an integer,
4019 at least 1
4020 other_config : priority optional string, containing an integer,
4021 in range 0 to 4,294,967,295
4022 Configuration for linux-hfsc QoS:
4023 other_config : min-rate optional string, containing an integer,
4024 at least 1
4025 other_config : max-rate optional string, containing an integer,
4026 at least 1
4027 Common Columns:
4028 other_config map of string-string pairs
4029 external_ids map of string-string pairs
4030 Details:
4032 dscp: optional integer, in range 0 to 63
4033 If set, Open vSwitch will mark all traffic egressing this Queue
4034 with the given DSCP bits. Traffic egressing the default Queue is
4035 only marked if it was explicitly selected as the Queue at the
4036 time the packet was output. If unset, the DSCP bits of traffic
4037 egressing this Queue will remain unchanged.
4038 Configuration for linux-htb QoS:
4040 QoS type linux-htb may use queue_ids less than 61440. It has the fol‐
4042 lowing key-value pairs defined.
4043 other_config : min-rate: optional string, containing an integer, at
4045 least 1
4046 Minimum guaranteed bandwidth, in bit/s.
4047 other_config : max-rate: optional string, containing an integer, at
4049 least 1
4050 Maximum allowed bandwidth, in bit/s. Optional. If specified, the
4051 queue’s rate will not be allowed to exceed the specified value,
4052 even if excess bandwidth is available. If unspecified, defaults
4053 to no limit.
4054 other_config : burst: optional string, containing an integer, at least
4056 1
4057 Burst size, in bits. This is the maximum amount of ``credits’’
4058 that a queue can accumulate while it is idle. Optional. Details
4059 of the linux-htb implementation require a minimum burst size, so
4060 a too-small burst will be silently ignored.
4061 other_config : priority: optional string, containing an integer, in
4063 range 0 to 4,294,967,295
4064 A queue with a smaller priority will receive all the excess
4065 bandwidth that it can use before a queue with a larger value
4066 receives any. Specific priority values are unimportant; only
4067 relative ordering matters. Defaults to 0 if unspecified.
4068 Configuration for linux-hfsc QoS:
4070 QoS type linux-hfsc may use queue_ids less than 61440. It has the fol‐
4072 lowing key-value pairs defined.
4073 other_config : min-rate: optional string, containing an integer, at
4075 least 1
4076 Minimum guaranteed bandwidth, in bit/s.
4077 other_config : max-rate: optional string, containing an integer, at
4079 least 1
4080 Maximum allowed bandwidth, in bit/s. Optional. If specified, the
4081 queue’s rate will not be allowed to exceed the specified value,
4082 even if excess bandwidth is available. If unspecified, defaults
4083 to no limit.
4084 Common Columns:
4086 The overall purpose of these columns is described under Common Columns
4088 at the beginning of this document.
4089 other_config: map of string-string pairs
4091 external_ids: map of string-string pairs
4093
4095 A port mirror within a Bridge.
4096 A port mirror configures a bridge to send selected frames to special
4098 ``mirrored’’ ports, in addition to their normal destinations. Mirroring
4099 traffic may also be referred to as SPAN or RSPAN, depending on how the
4100 mirrored traffic is sent.
4101 When a packet enters an Open vSwitch bridge, it becomes eligible for
4103 mirroring based on its ingress port and VLAN. As the packet travels
4104 through the flow tables, each time it is output to a port, it becomes
4105 eligible for mirroring based on the egress port and VLAN. In Open
4106 vSwitch 2.5 and later, mirroring occurs just after a packet first
4107 becomes eligible, using the packet as it exists at that point; in Open
4108 vSwitch 2.4 and earlier, mirroring occurs only after a packet has tra‐
4109 versed all the flow tables, using the original packet as it entered the
4110 bridge. This makes a difference only when the flow table modifies the
4111 packet: in Open vSwitch 2.4, the modifications are never visible to
4112 mirrors, whereas in Open vSwitch 2.5 and later modifications made
4113 before the first output that makes it eligible for mirroring to a par‐
4114 ticular destination are visible.
4115 A packet that enters an Open vSwitch bridge is mirrored to a particular
4117 destination only once, even if it is eligible for multiple reasons. For
4118 example, a packet would be mirrored to a particular output_port only
4119 once, even if it is selected for mirroring to that port by
4120 select_dst_port and select_src_port in the same or different Mirror
4121 records.
4122 Summary:
4124 name string
4125 Selecting Packets for Mirroring:
4126 select_all boolean
4127 select_dst_port set of weak reference to Ports
4128 select_src_port set of weak reference to Ports
4129 select_vlan set of up to 4,096 integers, in range 0
4130 to 4,095
4131 Mirroring Destination Configuration:
4132 output_port optional weak reference to Port
4133 output_vlan optional integer, in range 1 to 4,095
4134 snaplen optional integer, in range 14 to 65,535
4135 Statistics: Mirror counters:
4136 statistics : tx_packets optional integer
4137 statistics : tx_bytes optional integer
4138 Common Columns:
4139 external_ids map of string-string pairs
4140 Details:
4142 name: string
4143 Arbitrary identifier for the Mirror.
4144 Selecting Packets for Mirroring:
4146 To be selected for mirroring, a given packet must enter or leave the
4148 bridge through a selected port and it must also be in one of the
4149 selected VLANs.
4150 select_all: boolean
4152 If true, every packet arriving or departing on any port is
4153 selected for mirroring.
4154 select_dst_port: set of weak reference to Ports
4156 Ports on which departing packets are selected for mirroring.
4157 select_src_port: set of weak reference to Ports
4159 Ports on which arriving packets are selected for mirroring.
4160 select_vlan: set of up to 4,096 integers, in range 0 to 4,095
4162 VLANs on which packets are selected for mirroring. An empty set
4163 selects packets on all VLANs.
4164 Mirroring Destination Configuration:
4166 These columns are mutually exclusive. Exactly one of them must be
4168 nonempty.
4169 output_port: optional weak reference to Port
4171 Output port for selected packets, if nonempty.
4172 Specifying a port for mirror output reserves that port exclu‐
4174 sively for mirroring. No frames other than those selected for
4175 mirroring via this column will be forwarded to the port, and any
4176 frames received on the port will be discarded.
4177 The output port may be any kind of port supported by Open
4179 vSwitch. It may be, for example, a physical port (sometimes
4180 called SPAN) or a GRE tunnel.
4181 output_vlan: optional integer, in range 1 to 4,095
4183 Output VLAN for selected packets, if nonempty.
4184 The frames will be sent out all ports that trunk output_vlan, as
4186 well as any ports with implicit VLAN output_vlan. When a mir‐
4187 rored frame is sent out a trunk port, the frame’s VLAN tag will
4188 be set to output_vlan, replacing any existing tag; when it is
4189 sent out an implicit VLAN port, the frame will not be tagged.
4190 This type of mirroring is sometimes called RSPAN.
4191 See the documentation for other_config:forward-bpdu in the
4193 Interface table for a list of destination MAC addresses which
4194 will not be mirrored to a VLAN to avoid confusing switches that
4195 interpret the protocols that they represent.
4196 Please note: Mirroring to a VLAN can disrupt a network that con‐
4198 tains unmanaged switches. Consider an unmanaged physical switch
4199 with two ports: port 1, connected to an end host, and port 2,
4200 connected to an Open vSwitch configured to mirror received pack‐
4201 ets into VLAN 123 on port 2. Suppose that the end host sends a
4202 packet on port 1 that the physical switch forwards to port 2.
4203 The Open vSwitch forwards this packet to its destination and
4204 then reflects it back on port 2 in VLAN 123. This reflected
4205 packet causes the unmanaged physical switch to replace the MAC
4206 learning table entry, which correctly pointed to port 1, with
4207 one that incorrectly points to port 2. Afterward, the physical
4208 switch will direct packets destined for the end host to the Open
4209 vSwitch on port 2, instead of to the end host on port 1, dis‐
4210 rupting connectivity. If mirroring to a VLAN is desired in this
4211 scenario, then the physical switch must be replaced by one that
4212 learns Ethernet addresses on a per-VLAN basis. In addition,
4213 learning should be disabled on the VLAN containing mirrored
4214 traffic. If this is not done then intermediate switches will
4215 learn the MAC address of each end host from the mirrored traf‐
4216 fic. If packets being sent to that end host are also mirrored,
4217 then they will be dropped since the switch will attempt to send
4218 them out the input port. Disabling learning for the VLAN will
4219 cause the switch to correctly send the packet out all ports con‐
4220 figured for that VLAN. If Open vSwitch is being used as an
4221 intermediate switch, learning can be disabled by adding the mir‐
4222 rored VLAN to flood_vlans in the appropriate Bridge table or
4223 tables.
4224 Mirroring to a GRE tunnel has fewer caveats than mirroring to a
4226 VLAN and should generally be preferred.
4227 snaplen: optional integer, in range 14 to 65,535
4229 Maximum per-packet number of bytes to mirror.
4230 A mirrored packet with size larger than snaplen will be trun‐
4232 cated in datapath to snaplen bytes before sending to the mirror
4233 output port. If omitted, packets are not truncated.
4234 Statistics: Mirror counters:
4236 Key-value pairs that report mirror statistics. The update period is
4238 controlled by other_config:stats-update-interval in the Open_vSwitch
4239 table.
4240 statistics : tx_packets: optional integer
4242 Number of packets transmitted through this mirror.
4243 statistics : tx_bytes: optional integer
4245 Number of bytes transmitted through this mirror.
4246 Common Columns:
4248 The overall purpose of these columns is described under Common Columns
4250 at the beginning of this document.
4251 external_ids: map of string-string pairs
4253
4255 An OpenFlow controller.
4256 Summary:
4258 Core Features:
4259 type optional string, either primary or ser‐
4260 vice
4261 target string
4262 connection_mode optional string, either in-band or
4263 out-of-band
4264 Controller Failure Detection and Handling:
4265 max_backoff optional integer, at least 1,000
4266 inactivity_probe optional integer
4267 Asynchronous Messages:
4268 enable_async_messages optional boolean
4269 Controller Rate Limiting:
4270 controller_rate_limit optional integer, at least 100
4271 controller_burst_limit optional integer, at least 25
4272 Controller Rate Limiting Statistics:
4273 status : packet-in-TYPE-bypassed
4274 optional string, containing an integer,
4275 at least 0
4276 status : packet-in-TYPE-queued
4277 optional string, containing an integer,
4278 at least 0
4279 status : packet-in-TYPE-dropped
4280 optional string, containing an integer,
4281 at least 0
4282 status : packet-in-TYPE-backlog
4283 optional string, containing an integer,
4284 at least 0
4285 Additional In-Band Configuration:
4286 local_ip optional string
4287 local_netmask optional string
4288 local_gateway optional string
4289 Controller Status:
4290 is_connected boolean
4291 role optional string, one of master, other, or
4292 slave
4293 status : last_error optional string
4294 status : state optional string, one of ACTIVE, BACKOFF,
4295 CONNECTING, IDLE, or VOID
4296 status : sec_since_connect optional string, containing an integer,
4297 at least 0
4298 status : sec_since_disconnect
4299 optional string, containing an integer,
4300 at least 1
4301 Connection Parameters:
4302 other_config : dscp optional string, containing an integer
4303 Common Columns:
4304 external_ids map of string-string pairs
4305 other_config map of string-string pairs
4306 Details:
4308 Core Features:
4309 type: optional string, either primary or service
4311 Open vSwitch supports two kinds of OpenFlow controllers. A
4312 bridge may have any number of each kind:
4313 Primary controllers
4315 This is the kind of controller envisioned by the OpenFlow
4316 specifications. Usually, a primary controller implements
4317 a network policy by taking charge of the switch’s flow
4318 table.
4319 The fail_mode column in the Bridge table applies to pri‐
4321 mary controllers.
4322 When multiple primary controllers are configured, Open
4324 vSwitch connects to all of them simultaneously. OpenFlow
4325 provides few facilities to allow multiple controllers to
4326 coordinate in interacting with a single switch, so more
4327 than one primary controller should be specified only if
4328 the controllers are themselves designed to coordinate
4329 with each other.
4330 Service controllers
4332 These kinds of OpenFlow controller connections are
4333 intended for occasional support and maintenance use, e.g.
4334 with ovs-ofctl. Usually a service controller connects
4335 only briefly to inspect or modify some of a switch’s
4336 state.
4337 The fail_mode column in the Bridge table does not apply
4339 to service controllers.
4340 By default, Open vSwitch treats controllers with active connec‐
4342 tion methods as primary controllers and those with passive con‐
4343 nection methods as service controllers. Set this column to the
4344 desired type to override this default.
4345 target: string
4347 Connection method for controller.
4348 The following active connection methods are currently supported:
4350 ssl:host[:port]
4352 The specified SSL port on the host at the given host,
4353 which can either be a DNS name (if built with unbound
4354 library) or an IP address. The ssl column in the
4355 Open_vSwitch table must point to a valid SSL configura‐
4356 tion when this form is used.
4357 If port is not specified, it defaults to 6653.
4359 SSL support is an optional feature that is not always
4361 built as part of Open vSwitch.
4362 tcp:host[:port]
4364 The specified TCP port on the host at the given host,
4365 which can either be a DNS name (if built with unbound
4366 library) or an IP address (IPv4 or IPv6). If host is an
4367 IPv6 address, wrap it in square brackets, e.g.
4368 tcp:[::1]:6653.
4369 If port is not specified, it defaults to 6653.
4371 The following passive connection methods are currently sup‐
4373 ported:
4374 pssl:[port][:host]
4376 Listens for SSL connections on the specified TCP port. If
4377 host, which can either be a DNS name (if built with
4378 unbound library) or an IP address, is specified, then
4379 connections are restricted to the resolved or specified
4380 local IP address (either IPv4 or IPv6). If host is an
4381 IPv6 address, wrap it in square brackets, e.g.
4382 pssl:6653:[::1].
4383 If port is not specified, it defaults to 6653. If host is
4385 not specified then it listens only on IPv4 (but not IPv6)
4386 addresses. The ssl column in the Open_vSwitch table must
4387 point to a valid SSL configuration when this form is
4388 used.
4389 If port is not specified, it currently to 6653.
4391 SSL support is an optional feature that is not always
4393 built as part of Open vSwitch.
4394 ptcp:[port][:host]
4396 Listens for connections on the specified TCP port. If
4397 host, which can either be a DNS name (if built with
4398 unbound library) or an IP address, is specified, then
4399 connections are restricted to the resolved or specified
4400 local IP address (either IPv4 or IPv6). If host is an
4401 IPv6 address, wrap it in square brackets, e.g.
4402 ptcp:6653:[::1]. If host is not specified then it listens
4403 only on IPv4 addresses.
4404 If port is not specified, it defaults to 6653.
4406 When multiple controllers are configured for a single bridge,
4408 the target values must be unique. Duplicate target values yield
4409 unspecified results.
4410 connection_mode: optional string, either in-band or out-of-band
4412 If it is specified, this setting must be one of the following
4413 strings that describes how Open vSwitch contacts this OpenFlow
4414 controller over the network:
4415 in-band
4417 In this mode, this controller’s OpenFlow traffic travels
4418 over the bridge associated with the controller. With this
4419 setting, Open vSwitch allows traffic to and from the con‐
4420 troller regardless of the contents of the OpenFlow flow
4421 table. (Otherwise, Open vSwitch would never be able to
4422 connect to the controller, because it did not have a flow
4423 to enable it.) This is the most common connection mode
4424 because it is not necessary to maintain two independent
4425 networks.
4426 out-of-band
4428 In this mode, OpenFlow traffic uses a control network
4429 separate from the bridge associated with this controller,
4430 that is, the bridge does not use any of its own network
4431 devices to communicate with the controller. The control
4432 network must be configured separately, before or after
4433 ovs-vswitchd is started.
4434 If not specified, the default is implementation-specific.
4436 Controller Failure Detection and Handling:
4438 max_backoff: optional integer, at least 1,000
4440 Maximum number of milliseconds to wait between connection
4441 attempts. Default is implementation-specific.
4442 inactivity_probe: optional integer
4444 Maximum number of milliseconds of idle time on connection to
4445 controller before sending an inactivity probe message. If Open
4446 vSwitch does not communicate with the controller for the speci‐
4447 fied number of seconds, it will send a probe. If a response is
4448 not received for the same additional amount of time, Open
4449 vSwitch assumes the connection has been broken and attempts to
4450 reconnect. Default is implementation-specific. A value of 0 dis‐
4451 ables inactivity probes.
4452 Asynchronous Messages:
4454 OpenFlow switches send certain messages to controllers spontanenously,
4456 that is, not in response to any request from the controller. These mes‐
4457 sages are called ``asynchronous messages.’’ These columns allow asyn‐
4458 chronous messages to be limited or disabled to ensure the best use of
4459 network resources.
4460 enable_async_messages: optional boolean
4462 The OpenFlow protocol enables asynchronous messages at time of
4463 connection establishment, which means that a controller can
4464 receive asynchronous messages, potentially many of them, even if
4465 it turns them off immediately after connecting. Set this column
4466 to false to change Open vSwitch behavior to disable, by default,
4467 all asynchronous messages. The controller can use the
4468 NXT_SET_ASYNC_CONFIG Nicira extension to OpenFlow to turn on any
4469 messages that it does want to receive, if any.
4470 Controller Rate Limiting:
4472 A switch can forward packets to a controller over the OpenFlow proto‐
4474 col. Forwarding packets this way at too high a rate can overwhelm a
4475 controller, frustrate use of the OpenFlow connection for other pur‐
4476 poses, increase the latency of flow setup, and use an unreasonable
4477 amount of bandwidth. Therefore, Open vSwitch supports limiting the rate
4478 of packet forwarding to a controller.
4479 There are two main reasons in OpenFlow for a packet to be sent to a
4481 controller: either the packet ``misses’’ in the flow table, that is,
4482 there is no matching flow, or a flow table action says to send the
4483 packet to the controller. Open vSwitch limits the rate of each kind of
4484 packet separately at the configured rate. Therefore, the actual rate
4485 that packets are sent to the controller can be up to twice the config‐
4486 ured rate, when packets are sent for both reasons.
4487 This feature is specific to forwarding packets over an OpenFlow connec‐
4489 tion. It is not general-purpose QoS. See the QoS table for quality of
4490 service configuration, and ingress_policing_rate in the Interface table
4491 for ingress policing configuration.
4492 controller_rate_limit: optional integer, at least 100
4494 The maximum rate at which the switch will forward packets to the
4495 OpenFlow controller, in packets per second. If no value is spec‐
4496 ified, rate limiting is disabled.
4497 controller_burst_limit: optional integer, at least 25
4499 When a high rate triggers rate-limiting, Open vSwitch queues
4500 packets to the controller for each port and transmits them to
4501 the controller at the configured rate. This value limits the
4502 number of queued packets. Ports on a bridge share the packet
4503 queue fairly.
4504 This value has no effect unless controller_rate_limit is config‐
4506 ured. The current default when this value is not specified is
4507 one-quarter of controller_rate_limit, meaning that queuing can
4508 delay forwarding a packet to the controller by up to 250 ms.
4509 Controller Rate Limiting Statistics:
4511 These values report the effects of rate limiting. Their values are rel‐
4513 ative to establishment of the most recent OpenFlow connection, or since
4514 rate limiting was enabled, whichever happened more recently. Each con‐
4515 sists of two values, one with TYPE replaced by miss for rate limiting
4516 flow table misses, and the other with TYPE replaced by action for rate
4517 limiting packets sent by OpenFlow actions.
4518 These statistics are reported only when controller rate limiting is
4520 enabled.
4521 status : packet-in-TYPE-bypassed: optional string, containing an inte‐
4523 ger, at least 0
4524 Number of packets sent directly to the controller, without queu‐
4525 ing, because the rate did not exceed the configured maximum.
4526 status : packet-in-TYPE-queued: optional string, containing an integer,
4528 at least 0
4529 Number of packets added to the queue to send later.
4530 status : packet-in-TYPE-dropped: optional string, containing an inte‐
4532 ger, at least 0
4533 Number of packets added to the queue that were later dropped due
4534 to overflow. This value is less than or equal to status:packet-
4535 in-TYPE-queued.
4536 status : packet-in-TYPE-backlog: optional string, containing an inte‐
4538 ger, at least 0
4539 Number of packets currently queued. The other statistics
4540 increase monotonically, but this one fluctuates between 0 and
4541 the controller_burst_limit as conditions change.
4542 Additional In-Band Configuration:
4544 These values are considered only in in-band control mode (see connec‐
4546 tion_mode).
4547 When multiple controllers are configured on a single bridge, there
4549 should be only one set of unique values in these columns. If different
4550 values are set for these columns in different controllers, the effect
4551 is unspecified.
4552 local_ip: optional string
4554 The IP address to configure on the local port, e.g.
4555 192.168.0.123. If this value is unset, then local_netmask and
4556 local_gateway are ignored.
4557 local_netmask: optional string
4559 The IP netmask to configure on the local port, e.g.
4560 255.255.255.0. If local_ip is set but this value is unset, then
4561 the default is chosen based on whether the IP address is class
4562 A, B, or C.
4563 local_gateway: optional string
4565 The IP address of the gateway to configure on the local port, as
4566 a string, e.g. 192.168.0.1. Leave this column unset if this net‐
4567 work has no gateway.
4568 Controller Status:
4570 is_connected: boolean
4572 true if currently connected to this controller, false otherwise.
4573 role: optional string, one of master, other, or slave
4575 The level of authority this controller has on the associated
4576 bridge. Possible values are:
4577 other Allows the controller access to all OpenFlow features.
4579 master Equivalent to other, except that there may be at most one
4581 master controller at a time. When a controller configures
4582 itself as master, any existing master is demoted to the
4583 slave role.
4584 slave Allows the controller read-only access to OpenFlow fea‐
4586 tures. Attempts to modify the flow table will be rejected
4587 with an error. Slave controllers do not receive
4588 OFPT_PACKET_IN or OFPT_FLOW_REMOVED messages, but they do
4589 receive OFPT_PORT_STATUS messages.
4590 status : last_error: optional string
4592 A human-readable description of the last error on the connection
4593 to the controller; i.e. strerror(errno). This key will exist
4594 only if an error has occurred.
4595 status : state: optional string, one of ACTIVE, BACKOFF, CONNECTING,
4597 IDLE, or VOID
4598 The state of the connection to the controller:
4599 VOID Connection is disabled.
4601 BACKOFF
4603 Attempting to reconnect at an increasing period.
4604 CONNECTING
4606 Attempting to connect.
4607 ACTIVE Connected, remote host responsive.
4609 IDLE Connection is idle. Waiting for response to keep-alive.
4611 These values may change in the future. They are provided only
4613 for human consumption.
4614 status : sec_since_connect: optional string, containing an integer, at
4616 least 0
4617 The amount of time since this controller last successfully con‐
4618 nected to the switch (in seconds). Value is empty if controller
4619 has never successfully connected.
4620 status : sec_since_disconnect: optional string, containing an integer,
4622 at least 1
4623 The amount of time since this controller last disconnected from
4624 the switch (in seconds). Value is empty if controller has never
4625 disconnected.
4626 Connection Parameters:
4628 Additional configuration for a connection between the controller and
4630 the Open vSwitch.
4631 other_config : dscp: optional string, containing an integer
4633 The Differentiated Service Code Point (DSCP) is specified using
4634 6 bits in the Type of Service (TOS) field in the IP header. DSCP
4635 provides a mechanism to classify the network traffic and provide
4636 Quality of Service (QoS) on IP networks. The DSCP value speci‐
4637 fied here is used when establishing the connection between the
4638 controller and the Open vSwitch. If no value is specified, a
4639 default value of 48 is chosen. Valid DSCP values must be in the
4640 range 0 to 63.
4641 Common Columns:
4643 The overall purpose of these columns is described under Common Columns
4645 at the beginning of this document.
4646 external_ids: map of string-string pairs
4648 other_config: map of string-string pairs
4650
4652 Configuration for a database connection to an Open vSwitch database
4653 (OVSDB) client.
4654 This table primarily configures the Open vSwitch database
4656 (ovsdb-server), not the Open vSwitch switch (ovs-vswitchd). The switch
4657 does read the table to determine what connections should be treated as
4658 in-band.
4659 The Open vSwitch database server can initiate and maintain active con‐
4661 nections to remote clients. It can also listen for database connec‐
4662 tions.
4663 Summary:
4665 Core Features:
4666 target string (must be unique within table)
4667 connection_mode optional string, either in-band or
4668 out-of-band
4669 Client Failure Detection and Handling:
4670 max_backoff optional integer, at least 1,000
4671 inactivity_probe optional integer
4672 Status:
4673 is_connected boolean
4674 status : last_error optional string
4675 status : state optional string, one of ACTIVE, BACKOFF,
4676 CONNECTING, IDLE, or VOID
4677 status : sec_since_connect optional string, containing an integer,
4678 at least 0
4679 status : sec_since_disconnect
4680 optional string, containing an integer,
4681 at least 0
4682 status : locks_held optional string
4683 status : locks_waiting optional string
4684 status : locks_lost optional string
4685 status : n_connections optional string, containing an integer,
4686 at least 2
4687 status : bound_port optional string, containing an integer
4688 Connection Parameters:
4689 other_config : dscp optional string, containing an integer
4690 Common Columns:
4691 external_ids map of string-string pairs
4692 other_config map of string-string pairs
4693 Details:
4695 Core Features:
4696 target: string (must be unique within table)
4698 Connection method for managers.
4699 The following connection methods are currently supported:
4701 ssl:host[:port]
4703 The specified SSL port on the host at the given host,
4704 which can either be a DNS name (if built with unbound
4705 library) or an IP address. The ssl column in the
4706 Open_vSwitch table must point to a valid SSL configura‐
4707 tion when this form is used.
4708 If port is not specified, it defaults to 6640.
4710 SSL support is an optional feature that is not always
4712 built as part of Open vSwitch.
4713 tcp:host[:port]
4715 The specified TCP port on the host at the given host,
4716 which can either be a DNS name (if built with unbound
4717 library) or an IP address (IPv4 or IPv6). If host is an
4718 IPv6 address, wrap it in square brackets, e.g.
4719 tcp:[::1]:6640.
4720 If port is not specified, it defaults to 6640.
4722 pssl:[port][:host]
4724 Listens for SSL connections on the specified TCP port.
4725 Specify 0 for port to have the kernel automatically
4726 choose an available port. If host, which can either be a
4727 DNS name (if built with unbound library) or an IP
4728 address, is specified, then connections are restricted to
4729 the resolved or specified local IP address (either IPv4
4730 or IPv6 address). If host is an IPv6 address, wrap in
4731 square brackets, e.g. pssl:6640:[::1]. If host is not
4732 specified then it listens only on IPv4 (but not IPv6)
4733 addresses. The ssl column in the Open_vSwitch table must
4734 point to a valid SSL configuration when this form is
4735 used.
4736 If port is not specified, it defaults to 6640.
4738 SSL support is an optional feature that is not always
4740 built as part of Open vSwitch.
4741 ptcp:[port][:host]
4743 Listens for connections on the specified TCP port. Spec‐
4744 ify 0 for port to have the kernel automatically choose an
4745 available port. If host, which can either be a DNS name
4746 (if built with unbound library) or an IP address, is
4747 specified, then connections are restricted to the
4748 resolved or specified local IP address (either IPv4 or
4749 IPv6 address). If host is an IPv6 address, wrap it in
4750 square brackets, e.g. ptcp:6640:[::1]. If host is not
4751 specified then it listens only on IPv4 addresses.
4752 If port is not specified, it defaults to 6640.
4754 When multiple managers are configured, the target values must be
4756 unique. Duplicate target values yield unspecified results.
4757 connection_mode: optional string, either in-band or out-of-band
4759 If it is specified, this setting must be one of the following
4760 strings that describes how Open vSwitch contacts this OVSDB
4761 client over the network:
4762 in-band
4764 In this mode, this connection’s traffic travels over a
4765 bridge managed by Open vSwitch. With this setting, Open
4766 vSwitch allows traffic to and from the client regardless
4767 of the contents of the OpenFlow flow table. (Otherwise,
4768 Open vSwitch would never be able to connect to the
4769 client, because it did not have a flow to enable it.)
4770 This is the most common connection mode because it is not
4771 necessary to maintain two independent networks.
4772 out-of-band
4774 In this mode, the client’s traffic uses a control network
4775 separate from that managed by Open vSwitch, that is, Open
4776 vSwitch does not use any of its own network devices to
4777 communicate with the client. The control network must be
4778 configured separately, before or after ovs-vswitchd is
4779 started.
4780 If not specified, the default is implementation-specific.
4782 Client Failure Detection and Handling:
4784 max_backoff: optional integer, at least 1,000
4786 Maximum number of milliseconds to wait between connection
4787 attempts. Default is implementation-specific.
4788 inactivity_probe: optional integer
4790 Maximum number of milliseconds of idle time on connection to the
4791 client before sending an inactivity probe message. If Open
4792 vSwitch does not communicate with the client for the specified
4793 number of seconds, it will send a probe. If a response is not
4794 received for the same additional amount of time, Open vSwitch
4795 assumes the connection has been broken and attempts to recon‐
4796 nect. Default is implementation-specific. A value of 0 disables
4797 inactivity probes.
4798 Status:
4800 Key-value pair of is_connected is always updated. Other key-value pairs
4802 in the status columns may be updated depends on the target type.
4803 When target specifies a connection method that listens for inbound con‐
4805 nections (e.g. ptcp: or punix:), both n_connections and is_connected
4806 may also be updated while the remaining key-value pairs are omitted.
4807 On the other hand, when target specifies an outbound connection, all
4809 key-value pairs may be updated, except the above-mentioned two key-
4810 value pairs associated with inbound connection targets. They are omit‐
4811 ted.
4812 is_connected: boolean
4814 true if currently connected to this manager, false otherwise.
4815 status : last_error: optional string
4817 A human-readable description of the last error on the connection
4818 to the manager; i.e. strerror(errno). This key will exist only
4819 if an error has occurred.
4820 status : state: optional string, one of ACTIVE, BACKOFF, CONNECTING,
4822 IDLE, or VOID
4823 The state of the connection to the manager:
4824 VOID Connection is disabled.
4826 BACKOFF
4828 Attempting to reconnect at an increasing period.
4829 CONNECTING
4831 Attempting to connect.
4832 ACTIVE Connected, remote host responsive.
4834 IDLE Connection is idle. Waiting for response to keep-alive.
4836 These values may change in the future. They are provided only
4838 for human consumption.
4839 status : sec_since_connect: optional string, containing an integer, at
4841 least 0
4842 The amount of time since this manager last successfully con‐
4843 nected to the database (in seconds). Value is empty if manager
4844 has never successfully connected.
4845 status : sec_since_disconnect: optional string, containing an integer,
4847 at least 0
4848 The amount of time since this manager last disconnected from the
4849 database (in seconds). Value is empty if manager has never dis‐
4850 connected.
4851 status : locks_held: optional string
4853 Space-separated list of the names of OVSDB locks that the con‐
4854 nection holds. Omitted if the connection does not hold any
4855 locks.
4856 status : locks_waiting: optional string
4858 Space-separated list of the names of OVSDB locks that the con‐
4859 nection is currently waiting to acquire. Omitted if the connec‐
4860 tion is not waiting for any locks.
4861 status : locks_lost: optional string
4863 Space-separated list of the names of OVSDB locks that the con‐
4864 nection has had stolen by another OVSDB client. Omitted if no
4865 locks have been stolen from this connection.
4866 status : n_connections: optional string, containing an integer, at
4868 least 2
4869 When target specifies a connection method that listens for
4870 inbound connections (e.g. ptcp: or pssl:) and more than one con‐
4871 nection is actually active, the value is the number of active
4872 connections. Otherwise, this key-value pair is omitted.
4873 status : bound_port: optional string, containing an integer
4875 When target is ptcp: or pssl:, this is the TCP port on which the
4876 OVSDB server is listening. (This is particularly useful when
4877 target specifies a port of 0, allowing the kernel to choose any
4878 available port.)
4879 Connection Parameters:
4881 Additional configuration for a connection between the manager and the
4883 Open vSwitch Database.
4884 other_config : dscp: optional string, containing an integer
4886 The Differentiated Service Code Point (DSCP) is specified using
4887 6 bits in the Type of Service (TOS) field in the IP header. DSCP
4888 provides a mechanism to classify the network traffic and provide
4889 Quality of Service (QoS) on IP networks. The DSCP value speci‐
4890 fied here is used when establishing the connection between the
4891 manager and the Open vSwitch. If no value is specified, a
4892 default value of 48 is chosen. Valid DSCP values must be in the
4893 range 0 to 63.
4894 Common Columns:
4896 The overall purpose of these columns is described under Common Columns
4898 at the beginning of this document.
4899 external_ids: map of string-string pairs
4901 other_config: map of string-string pairs
4903
4905 A NetFlow target. NetFlow is a protocol that exports a number of
4906 details about terminating IP flows, such as the principals involved and
4907 duration.
4908 Summary:
4910 targets set of 1 or more strings
4911 engine_id optional integer, in range 0 to 255
4912 engine_type optional integer, in range 0 to 255
4913 active_timeout integer, at least -1
4914 add_id_to_interface boolean
4915 Common Columns:
4916 external_ids map of string-string pairs
4917 Details:
4919 targets: set of 1 or more strings
4920 NetFlow targets in the form ip:port. The ip must be specified
4921 numerically, not as a DNS name.
4922 engine_id: optional integer, in range 0 to 255
4924 Engine ID to use in NetFlow messages. Defaults to datapath index
4925 if not specified.
4926 engine_type: optional integer, in range 0 to 255
4928 Engine type to use in NetFlow messages. Defaults to datapath
4929 index if not specified.
4930 active_timeout: integer, at least -1
4932 The interval at which NetFlow records are sent for flows that
4933 are still active, in seconds. A value of 0 requests the default
4934 timeout (currently 600 seconds); a value of -1 disables active
4935 timeouts.
4936 The NetFlow passive timeout, for flows that become inactive, is
4938 not configurable. It will vary depending on the Open vSwitch
4939 version, the forms and contents of the OpenFlow flow tables, CPU
4940 and memory usage, and network activity. A typical passive time‐
4941 out is about a second.
4942 add_id_to_interface: boolean
4944 If this column’s value is false, the ingress and egress inter‐
4945 face fields of NetFlow flow records are derived from OpenFlow
4946 port numbers. When it is true, the 7 most significant bits of
4947 these fields will be replaced by the least significant 7 bits of
4948 the engine id. This is useful because many NetFlow collectors do
4949 not expect multiple switches to be sending messages from the
4950 same host, so they do not store the engine information which
4951 could be used to disambiguate the traffic.
4952 When this option is enabled, a maximum of 508 ports are sup‐
4954 ported.
4955 Common Columns:
4957 The overall purpose of these columns is described under Common Columns
4959 at the beginning of this document.
4960 external_ids: map of string-string pairs
4962
4964 SSL configuration for an Open_vSwitch.
4965 Summary:
4967 private_key string
4968 certificate string
4969 ca_cert string
4970 bootstrap_ca_cert boolean
4971 Common Columns:
4972 external_ids map of string-string pairs
4973 Details:
4975 private_key: string
4976 Name of a PEM file containing the private key used as the
4977 switch’s identity for SSL connections to the controller.
4978 certificate: string
4980 Name of a PEM file containing a certificate, signed by the cer‐
4981 tificate authority (CA) used by the controller and manager, that
4982 certifies the switch’s private key, identifying a trustworthy
4983 switch.
4984 ca_cert: string
4986 Name of a PEM file containing the CA certificate used to verify
4987 that the switch is connected to a trustworthy controller.
4988 bootstrap_ca_cert: boolean
4990 If set to true, then Open vSwitch will attempt to obtain the CA
4991 certificate from the controller on its first SSL connection and
4992 save it to the named PEM file. If it is successful, it will
4993 immediately drop the connection and reconnect, and from then on
4994 all SSL connections must be authenticated by a certificate
4995 signed by the CA certificate thus obtained. This option exposes
4996 the SSL connection to a man-in-the-middle attack obtaining the
4997 initial CA certificate. It may still be useful for bootstrap‐
4998 ping.
4999 Common Columns:
5001 The overall purpose of these columns is described under Common Columns
5003 at the beginning of this document.
5004 external_ids: map of string-string pairs
5006
5008 A set of sFlow(R) targets. sFlow is a protocol for remote monitoring of
5009 switches.
5010 Summary:
5012 agent optional string
5013 header optional integer
5014 polling optional integer
5015 sampling optional integer
5016 targets set of 1 or more strings
5017 Common Columns:
5018 external_ids map of string-string pairs
5019 Details:
5021 agent: optional string
5022 Determines the agent address, that is, the IP address reported
5023 to collectors as the source of the sFlow data. It may be an IP
5024 address or the name of a network device. In the latter case, the
5025 network device’s IP address is used,
5026 If not specified, the agent device is figured from the first
5028 target address and the routing table. If the routing table does
5029 not contain a route to the target, the IP address defaults to
5030 the local_ip in the collector’s Controller.
5031 If an agent IP address cannot be determined, sFlow is disabled.
5033 header: optional integer
5035 Number of bytes of a sampled packet to send to the collector. If
5036 not specified, the default is 128 bytes.
5037 polling: optional integer
5039 Polling rate in seconds to send port statistics to the collec‐
5040 tor. If not specified, defaults to 30 seconds.
5041 sampling: optional integer
5043 Rate at which packets should be sampled and sent to the collec‐
5044 tor. If not specified, defaults to 400, which means one out of
5045 400 packets, on average, will be sent to the collector.
5046 targets: set of 1 or more strings
5048 sFlow targets in the form ip:port.
5049 Common Columns:
5051 The overall purpose of these columns is described under Common Columns
5053 at the beginning of this document.
5054 external_ids: map of string-string pairs
5056
5058 Configuration for sending packets to IPFIX collectors.
5059 IPFIX is a protocol that exports a number of details about flows. The
5061 IPFIX implementation in Open vSwitch samples packets at a configurable
5062 rate, extracts flow information from those packets, optionally caches
5063 and aggregates the flow information, and sends the result to one or
5064 more collectors.
5065 IPFIX in Open vSwitch can be configured two different ways:
5067 · With per-bridge sampling, Open vSwitch performs IPFIX
5069 sampling automatically on all packets that pass through a
5070 bridge. To configure per-bridge sampling, create an IPFIX
5071 record and point a Bridge table’s ipfix column to it. The
5072 Flow_Sample_Collector_Set table is not used for per-
5073 bridge sampling.
5074 · With flow-based sampling, sample actions in the OpenFlow
5076 flow table drive IPFIX sampling. See ovs-actions(7) for a
5077 description of the sample action.
5078 Flow-based sampling also requires database configuration:
5080 create a IPFIX record that describes the IPFIX configura‐
5081 tion and a Flow_Sample_Collector_Set record that points
5082 to the Bridge whose flow table holds the sample actions
5083 and to IPFIX record. The ipfix in the Bridge table is not
5084 used for flow-based sampling.
5085 Summary:
5087 targets set of strings
5088 cache_active_timeout optional integer, in range 0 to 4,200
5089 cache_max_flows optional integer, in range 0 to
5090 4,294,967,295
5091 other_config : enable-tunnel-sampling
5092 optional string, either true or false
5093 other_config : virtual_obs_id optional string
5094 Per-Bridge Sampling:
5095 sampling optional integer, in range 1 to
5096 4,294,967,295
5097 obs_domain_id optional integer, in range 0 to
5098 4,294,967,295
5099 obs_point_id optional integer, in range 0 to
5100 4,294,967,295
5101 other_config : enable-input-sampling
5102 optional string, either true or false
5103 other_config : enable-output-sampling
5104 optional string, either true or false
5105 Common Columns:
5106 external_ids map of string-string pairs
5107 Details:
5109 targets: set of strings
5110 IPFIX target collectors in the form ip:port.
5111 cache_active_timeout: optional integer, in range 0 to 4,200
5113 The maximum period in seconds for which an IPFIX flow record is
5114 cached and aggregated before being sent. If not specified,
5115 defaults to 0. If 0, caching is disabled.
5116 cache_max_flows: optional integer, in range 0 to 4,294,967,295
5118 The maximum number of IPFIX flow records that can be cached at a
5119 time. If not specified, defaults to 0. If 0, caching is dis‐
5120 abled.
5121 other_config : enable-tunnel-sampling: optional string, either true or
5123 false
5124 Set to true to enable sampling and reporting tunnel header
5125 7-tuples in IPFIX flow records. Tunnel sampling is enabled by
5126 default.
5127 The following enterprise entities report the sampled tunnel
5129 info:
5130 tunnelType:
5132 ID: 891, and enterprise ID 6876 (VMware).
5133 type: unsigned 8-bit integer.
5135 data type semantics: identifier.
5137 description: Identifier of the layer 2 network overlay
5139 network encapsulation type: 0x01 VxLAN, 0x02 GRE, 0x03
5140 LISP, 0x07 GENEVE.
5141 tunnelKey:
5143 ID: 892, and enterprise ID 6876 (VMware).
5144 type: variable-length octetarray.
5146 data type semantics: identifier.
5148 description: Key which is used for identifying an indi‐
5150 vidual traffic flow within a VxLAN (24-bit VNI), GENEVE
5151 (24-bit VNI), GRE (32-bit key), or LISP (24-bit instance
5152 ID) tunnel. The key is encoded in this octetarray as a
5153 3-, 4-, or 8-byte integer ID in network byte order.
5154 tunnelSourceIPv4Address:
5156 ID: 893, and enterprise ID 6876 (VMware).
5157 type: unsigned 32-bit integer.
5159 data type semantics: identifier.
5161 description: The IPv4 source address in the tunnel IP
5163 packet header.
5164 tunnelDestinationIPv4Address:
5166 ID: 894, and enterprise ID 6876 (VMware).
5167 type: unsigned 32-bit integer.
5169 data type semantics: identifier.
5171 description: The IPv4 destination address in the tunnel
5173 IP packet header.
5174 tunnelProtocolIdentifier:
5176 ID: 895, and enterprise ID 6876 (VMware).
5177 type: unsigned 8-bit integer.
5179 data type semantics: identifier.
5181 description: The value of the protocol number in the tun‐
5183 nel IP packet header. The protocol number identifies the
5184 tunnel IP packet payload type.
5185 tunnelSourceTransportPort:
5187 ID: 896, and enterprise ID 6876 (VMware).
5188 type: unsigned 16-bit integer.
5190 data type semantics: identifier.
5192 description: The source port identifier in the tunnel
5194 transport header. For the transport protocols UDP, TCP,
5195 and SCTP, this is the source port number given in the
5196 respective header.
5197 tunnelDestinationTransportPort:
5199 ID: 897, and enterprise ID 6876 (VMware).
5200 type: unsigned 16-bit integer.
5202 data type semantics: identifier.
5204 description: The destination port identifier in the tun‐
5206 nel transport header. For the transport protocols UDP,
5207 TCP, and SCTP, this is the destination port number given
5208 in the respective header.
5209 Before Open vSwitch 2.5.90, other_config:enable-tunnel-sampling
5211 was only supported with per-bridge sampling, and ignored other‐
5212 wise. Open vSwitch 2.5.90 and later support other_config:enable-
5213 tunnel-sampling for per-bridge and per-flow sampling.
5214 other_config : virtual_obs_id: optional string
5216 A string that accompanies each IPFIX flow record. Its intended
5217 use is for the ``virtual observation ID,’’ an identifier of a
5218 virtual observation point that is locally unique in a virtual
5219 network. It describes a location in the virtual network where IP
5220 packets can be observed. The maximum length is 254 bytes. If not
5221 specified, the field is omitted from the IPFIX flow record.
5222 The following enterprise entity reports the specified virtual
5224 observation ID:
5225 virtualObsID:
5227 ID: 898, and enterprise ID 6876 (VMware).
5228 type: variable-length string.
5230 data type semantics: identifier.
5232 description: A virtual observation domain ID that is
5234 locally unique in a virtual network.
5235 This feature was introduced in Open vSwitch 2.5.90.
5237 Per-Bridge Sampling:
5239 These values affect only per-bridge sampling. See above for a descrip‐
5241 tion of the differences between per-bridge and flow-based sampling.
5242 sampling: optional integer, in range 1 to 4,294,967,295
5244 The rate at which packets should be sampled and sent to each
5245 target collector. If not specified, defaults to 400, which means
5246 one out of 400 packets, on average, will be sent to each target
5247 collector.
5248 obs_domain_id: optional integer, in range 0 to 4,294,967,295
5250 The IPFIX Observation Domain ID sent in each IPFIX packet. If
5251 not specified, defaults to 0.
5252 obs_point_id: optional integer, in range 0 to 4,294,967,295
5254 The IPFIX Observation Point ID sent in each IPFIX flow record.
5255 If not specified, defaults to 0.
5256 other_config : enable-input-sampling: optional string, either true or
5258 false
5259 By default, Open vSwitch samples and reports flows at bridge
5260 port input in IPFIX flow records. Set this column to false to
5261 disable input sampling.
5262 other_config : enable-output-sampling: optional string, either true or
5264 false
5265 By default, Open vSwitch samples and reports flows at bridge
5266 port output in IPFIX flow records. Set this column to false to
5267 disable output sampling.
5268 Common Columns:
5270 The overall purpose of these columns is described under Common Columns
5272 at the beginning of this document.
5273 external_ids: map of string-string pairs
5275
5277 A set of IPFIX collectors of packet samples generated by OpenFlow sam‐
5278 ple actions. This table is used only for IPFIX flow-based sampling, not
5279 for per-bridge sampling (see the IPFIX table for a description of the
5280 two forms).
5281 Summary:
5283 id integer, in range 0 to 4,294,967,295
5284 bridge Bridge
5285 ipfix optional IPFIX
5286 Common Columns:
5287 external_ids map of string-string pairs
5288 Details:
5290 id: integer, in range 0 to 4,294,967,295
5291 The ID of this collector set, unique among the bridge’s collec‐
5292 tor sets, to be used as the collector_set_id in OpenFlow sample
5293 actions.
5294 bridge: Bridge
5296 The bridge into which OpenFlow sample actions can be added to
5297 send packet samples to this set of IPFIX collectors.
5298 ipfix: optional IPFIX
5300 Configuration of the set of IPFIX collectors to send one flow
5301 record per sampled packet to.
5302 Common Columns:
5304 The overall purpose of these columns is described under Common Columns
5306 at the beginning of this document.
5307 external_ids: map of string-string pairs
5309
5311 Auto Attach configuration within a bridge. The IETF Auto-Attach SPBM
5312 draft standard describes a compact method of using IEEE 802.1AB Link
5313 Layer Discovery Protocol (LLDP) together with a IEEE 802.1aq Shortest
5314 Path Bridging (SPB) network to automatically attach network devices to
5315 individual services in a SPB network. The intent here is to allow net‐
5316 work applications and devices using OVS to be able to easily take
5317 advantage of features offered by industry standard SPB networks.
5318 Auto Attach (AA) uses LLDP to communicate between a directly connected
5320 Auto Attach Client (AAC) and Auto Attach Server (AAS). The LLDP proto‐
5321 col is extended to add two new Type-Length-Value tuples (TLVs). The
5322 first new TLV supports the ongoing discovery of directly connected AA
5323 correspondents. Auto Attach operates by regularly transmitting AA dis‐
5324 covery TLVs between the AA client and AA server. By exchanging these
5325 discovery messages, both the AAC and AAS learn the system name and sys‐
5326 tem description of their peer. In the OVS context, OVS operates as the
5327 AA client and the AA server resides on a switch at the edge of the SPB
5328 network.
5329 Once AA discovery has been completed the AAC then uses the second new
5331 TLV to deliver identifier mappings from the AAC to the AAS. A primary
5332 feature of Auto Attach is to facilitate the mapping of VLANs defined
5333 outside the SPB network onto service ids (ISIDs) defined within the SPM
5334 network. By doing so individual external VLANs can be mapped onto spe‐
5335 cific SPB network services. These VLAN id to ISID mappings can be con‐
5336 figured and managed locally using new options added to the ovs-vsctl
5337 command.
5338 The Auto Attach OVS feature does not provide a full implementation of
5340 the LLDP protocol. Support for the mandatory TLVs as defined by the
5341 LLDP standard and support for the AA TLV extensions is provided. LLDP
5342 protocol support in OVS can be enabled or disabled on a port by port
5343 basis. LLDP support is disabled by default.
5344 Summary:
5346 system_name string
5347 system_description string
5348 mappings map of integer-integer pairs, key in
5349 range 0 to 16,777,215, value in range 0
5350 to 4,095
5351 Details:
5353 system_name: string
5354 The system_name string is exported in LLDP messages. It should
5355 uniquely identify the bridge in the network.
5356 system_description: string
5358 The system_description string is exported in LLDP messages. It
5359 should describe the type of software and hardware.
5360 mappings: map of integer-integer pairs, key in range 0 to 16,777,215,
5362 value in range 0 to 4,095
5363 A mapping from SPB network Individual Service Identifier (ISID)
5364 to VLAN id.
5365Open vSwitch 2.12.0 DB Schema 8.0.0 ovs-vswitchd.conf.db(5)