1ovs-vswitchd.conf.db(5) Open vSwitch Manual ovs-vswitchd.conf.db(5)
2
3
4
6 ovs-vswitchd.conf.db - Open_vSwitch database schema
7
8 A database with this schema holds the configuration for one Open
9 vSwitch daemon. The top-level configuration for the daemon is the
10 Open_vSwitch table, which must have exactly one record. Records in
11 other tables are significant only when they can be reached directly or
12 indirectly from the Open_vSwitch table. Records that are not reachable
13 from the Open_vSwitch table are automatically deleted from the data‐
14 base, except for records in a few distinguished ``root set’’ tables.
15
16 Common Columns
17 Most tables contain two special columns, named other_config and exter‐
18 nal_ids. These columns have the same form and purpose each place that
19 they appear, so we describe them here to save space later.
20
21 other_config: map of string-string pairs
22 Key-value pairs for configuring rarely used features.
23 Supported keys, along with the forms taken by their val‐
24 ues, are documented individually for each table.
25
26 A few tables do not have other_config columns because no
27 key-value pairs have yet been defined for them.
28
29 external_ids: map of string-string pairs
30 Key-value pairs for use by external frameworks that inte‐
31 grate with Open vSwitch, rather than by Open vSwitch it‐
32 self. System integrators should either use the Open
33 vSwitch development mailing list to coordinate on common
34 key-value definitions, or choose key names that are
35 likely to be unique. In some cases, where key-value pairs
36 have been defined that are likely to be widely useful,
37 they are documented individually for each table.
38
40 The following list summarizes the purpose of each of the tables in the
41 Open_vSwitch database. Each table is described in more detail on a
42 later page.
43
44 Table Purpose
45 Open_vSwitch
46 Open vSwitch configuration.
47 Bridge Bridge configuration.
48 Port Port configuration.
49 Interface One physical network device in a Port.
50 Flow_Table
51 OpenFlow table configuration
52 QoS Quality of Service configuration
53 Queue QoS output queue.
54 Mirror Port mirroring.
55 Controller
56 OpenFlow controller configuration.
57 Manager OVSDB management connection.
58 NetFlow NetFlow configuration.
59 Datapath Datapath configuration.
60 CT_Zone CT_Zone configuration.
61 CT_Timeout_Policy
62 CT_Timeout_Policy configuration.
63 SSL SSL configuration.
64 sFlow sFlow configuration.
65 IPFIX IPFIX configuration.
66 Flow_Sample_Collector_Set
67 Flow_Sample_Collector_Set configuration.
68 AutoAttach
69 AutoAttach configuration.
70
72 Configuration for an Open vSwitch daemon. There must be exactly one
73 record in the Open_vSwitch table.
74
75 Summary:
76 Configuration:
77 datapaths map of string-Datapath pairs
78 bridges set of Bridges
79 ssl optional SSL
80 external_ids : system-id optional string
81 external_ids : xs-system-uuid
82 optional string
83 external_ids : hostname optional string
84 external_ids : rundir optional string
85 other_config : stats-update-interval
86 optional string, containing an integer,
87 at least 5,000
88 other_config : flow-restore-wait
89 optional string, either true or false
90 other_config : flow-limit optional string, containing an integer,
91 at least 0
92 other_config : max-idle optional string, containing an integer,
93 at least 500
94 other_config : max-revalidator
95 optional string, containing an integer,
96 at least 100
97 other_config : min-revalidate-pps
98 optional string, containing an integer,
99 at least 1
100 other_config : hw-offload optional string, either true or false
101 other_config : n-offload-threads
102 optional string, containing an integer,
103 in range 1 to 10
104 other_config : tc-policy optional string, one of none, skip_hw, or
105 skip_sw
106 other_config : dpdk-init optional string, one of false, true, or
107 try
108 other_config : dpdk-lcore-mask
109 optional string, containing an integer,
110 at least 1
111 other_config : pmd-cpu-mask
112 optional string
113 other_config : dpdk-alloc-mem
114 optional string, containing an integer,
115 at least 0
116 other_config : dpdk-socket-mem
117 optional string
118 other_config : dpdk-socket-limit
119 optional string
120 other_config : dpdk-hugepage-dir
121 optional string
122 other_config : dpdk-extra optional string
123 other_config : vhost-sock-dir
124 optional string
125 other_config : vhost-iommu-support
126 optional string, either true or false
127 other_config : vhost-postcopy-support
128 optional string, either true or false
129 other_config : per-port-memory
130 optional string, either true or false
131 other_config : tx-flush-interval
132 optional string, containing an integer,
133 in range 0 to 1,000,000
134 other_config : pmd-perf-metrics
135 optional string, either true or false
136 other_config : smc-enable optional string, either true or false
137 other_config : pmd-rxq-assign
138 optional string, one of cycles, group, or
139 roundrobin
140 other_config : pmd-rxq-isolate
141 optional string, either true or false
142 other_config : n-handler-threads
143 optional string, containing an integer,
144 at least 1
145 other_config : n-revalidator-threads
146 optional string, containing an integer,
147 at least 1
148 other_config : emc-insert-inv-prob
149 optional string, containing an integer,
150 in range 0 to 4,294,967,295
151 other_config : vlan-limit optional string, containing an integer,
152 at least 0
153 other_config : bundle-idle-timeout
154 optional string, containing an integer,
155 at least 1
156 other_config : offload-rebalance
157 optional string, either true or false
158 other_config : pmd-auto-lb optional string, either true or false
159 other_config : pmd-auto-lb-rebal-interval
160 optional string, containing an integer,
161 in range 0 to 20,000
162 other_config : pmd-auto-lb-load-threshold
163 optional string, containing an integer,
164 in range 0 to 100
165 other_config : pmd-auto-lb-improvement-threshold
166 optional string, containing an integer,
167 in range 0 to 100
168 other_config : userspace-tso-enable
169 optional string, either true or false
170 Status:
171 next_cfg integer
172 cur_cfg integer
173 dpdk_initialized boolean
174 Statistics:
175 other_config : enable-statistics
176 optional string, either true or false
177 statistics : cpu optional string, containing an integer,
178 at least 1
179 statistics : load_average
180 optional string
181 statistics : memory optional string
182 statistics : process_NAME
183 optional string
184 statistics : file_systems
185 optional string
186 Version Reporting:
187 ovs_version optional string
188 db_version optional string
189 system_type optional string
190 system_version optional string
191 dpdk_version optional string
192 Capabilities:
193 datapath_types set of strings
194 iface_types set of strings
195 Database Configuration:
196 manager_options set of Managers
197 IPsec:
198 other_config : private_key optional string
199 other_config : certificate optional string
200 other_config : ca_cert optional string
201 Plaintext Tunnel Policy:
202 other_config : ipsec_skb_mark
203 optional string
204 Common Columns:
205 other_config map of string-string pairs
206 external_ids map of string-string pairs
207
208 Details:
209 Configuration:
210
211 datapaths: map of string-Datapath pairs
212 Map of datapath types to datapaths. The datapath_type column of
213 the Bridge table is used as a key for this map. The value points
214 to a row in the Datapath table.
215
216 bridges: set of Bridges
217 Set of bridges managed by the daemon.
218
219 ssl: optional SSL
220 SSL used globally by the daemon.
221
222 external_ids : system-id: optional string
223 A unique identifier for the Open vSwitch’s physical host. The
224 form of the identifier depends on the type of the host. On a
225 Citrix XenServer, this will likely be the same as exter‐
226 nal_ids:xs-system-uuid.
227
228 external_ids : xs-system-uuid: optional string
229 The Citrix XenServer universally unique identifier for the phys‐
230 ical host as displayed by xe host-list.
231
232 external_ids : hostname: optional string
233 The hostname for the host running Open vSwitch. This is a fully
234 qualified domain name since version 2.6.2.
235
236 external_ids : rundir: optional string
237 In Open vSwitch 2.8 and later, the run directory of the running
238 Open vSwitch daemon. This directory is used for runtime state
239 such as control and management sockets. The value of other_con‐
240 fig:vhost-sock-dir is relative to this directory.
241
242 other_config : stats-update-interval: optional string, containing an
243 integer, at least 5,000
244 Interval for updating statistics to the database, in millisec‐
245 onds. This option will affect the update of the statistics col‐
246 umn in the following tables: Port, Interface , Mirror.
247
248 Default value is 5000 ms.
249
250 Getting statistics more frequently can be achieved via OpenFlow.
251
252 other_config : flow-restore-wait: optional string, either true or false
253 When ovs-vswitchd starts up, it has an empty flow table and
254 therefore it handles all arriving packets in its default fashion
255 according to its configuration, by dropping them or sending them
256 to an OpenFlow controller or switching them as a standalone
257 switch. This behavior is ordinarily desirable. However, if
258 ovs-vswitchd is restarting as part of a ``hot-upgrade,’’ then
259 this leads to a relatively long period during which packets are
260 mishandled.
261
262 This option allows for improvement. When ovs-vswitchd starts
263 with this value set as true, it will neither flush or expire
264 previously set datapath flows nor will it send and receive any
265 packets to or from the datapath. When this value is later set to
266 false, ovs-vswitchd will start receiving packets from the data‐
267 path and re-setup the flows.
268
269 Additionally, ovs-vswitchd is prevented from connecting to con‐
270 trollers when this value is set to true. This prevents con‐
271 trollers from making changes to the flow table in the middle of
272 flow restoration, which could result in undesirable intermediate
273 states. Once this value has been set to false and the desired
274 flow state has been restored, ovs-vswitchd will be able to re‐
275 connect to controllers and process any new flow table modifica‐
276 tions.
277
278 Thus, with this option, the procedure for a hot-upgrade of
279 ovs-vswitchd becomes roughly the following:
280
281 1. Stop ovs-vswitchd.
282
283 2. Set other_config:flow-restore-wait to true.
284
285 3. Start ovs-vswitchd.
286
287 4. Use ovs-ofctl (or some other program, such as an OpenFlow
288 controller) to restore the OpenFlow flow table to the de‐
289 sired state.
290
291 5. Set other_config:flow-restore-wait to false (or remove it
292 entirely from the database).
293
294 The ovs-ctl’s ``restart’’ and ``force-reload-kmod’’ functions
295 use the above config option during hot upgrades.
296
297 other_config : flow-limit: optional string, containing an integer, at
298 least 0
299 The maximum number of flows allowed in the datapath flow table.
300 Internally OVS will choose a flow limit which will likely be
301 lower than this number, based on real time network conditions.
302 Tweaking this value is discouraged unless you know exactly what
303 you’re doing.
304
305 The default is 200000.
306
307 other_config : max-idle: optional string, containing an integer, at
308 least 500
309 The maximum time (in ms) that idle flows will remain cached in
310 the datapath. Internally OVS will check the validity and activ‐
311 ity for datapath flows regularly and may expire flows quicker
312 than this number, based on real time network conditions. Tweak‐
313 ing this value is discouraged unless you know exactly what
314 you’re doing.
315
316 The default is 10000.
317
318 other_config : max-revalidator: optional string, containing an integer,
319 at least 100
320 The maximum time (in ms) that revalidator threads will wait be‐
321 fore executing flow revalidation. Note that this is maximum al‐
322 lowed value. Actual timeout used by OVS is minimum of max-idle
323 and max-revalidator values. Tweaking this value is discouraged
324 unless you know exactly what you’re doing.
325
326 The default is 500.
327
328 other_config : min-revalidate-pps: optional string, containing an inte‐
329 ger, at least 1
330 Set minimum pps that flow must have in order to be revalidated
331 when revalidation duration exceeds half of max-revalidator con‐
332 fig variable.
333
334 The default is 5.
335
336 other_config : hw-offload: optional string, either true or false
337 Set this value to true to enable netdev flow offload.
338
339 The default value is false. Changing this value requires
340 restarting the daemon
341
342 Currently Open vSwitch supports hardware offloading on Linux
343 systems. On other systems, this value is ignored. This function‐
344 ality is considered ’experimental’. Depending on which OpenFlow
345 matches and actions are configured, which kernel version is
346 used, and what hardware is available, Open vSwitch may not be
347 able to offload functionality to hardware.
348
349 In order to dump HW offloaded flows use ovs-appctl
350 dpctl/dump-flows, ovs-dpctl doesn’t support this functionality.
351 See ovs-vswitchd(8) for details.
352
353 other_config : n-offload-threads: optional string, containing an inte‐
354 ger, in range 1 to 10
355 Set this value to the number of threads created to manage hard‐
356 ware offloads.
357
358 The default value is 1. Changing this value requires restarting
359 the daemon.
360
361 This is only relevant for userspace datapath and only if
362 other_config:hw-offload is enabled.
363
364 other_config : tc-policy: optional string, one of none, skip_hw, or
365 skip_sw
366 Specified the policy used with HW offloading. Options:
367
368 none Add software rule and offload rule to HW.
369
370 skip_sw
371 Offload rule to HW only.
372
373 skip_hw
374 Add software rule without offloading rule to HW.
375
376 This is only relevant if other_config:hw-offload is enabled.
377
378 The default value is none.
379
380 other_config : dpdk-init: optional string, one of false, true, or try
381 Set this value to true or try to enable runtime support for DPDK
382 ports. The vswitch must have compile-time support for DPDK as
383 well.
384
385 A value of true will cause the ovs-vswitchd process to abort if
386 DPDK cannot be initialized. A value of try will allow the ovs-
387 vswitchd process to continue running even if DPDK cannot be ini‐
388 tialized.
389
390 The default value is false. Changing this value requires
391 restarting the daemon
392
393 If this value is false at startup, any dpdk ports which are con‐
394 figured in the bridge will fail due to memory errors.
395
396 other_config : dpdk-lcore-mask: optional string, containing an integer,
397 at least 1
398 Specifies the CPU cores where dpdk lcore threads should be
399 spawned. The DPDK lcore threads are used for DPDK library tasks,
400 such as library internal message processing, logging, etc. Value
401 should be in the form of a hex string (so ’0x123’) similar to
402 the ’taskset’ mask input.
403
404 The lowest order bit corresponds to the first CPU core. A set
405 bit means the corresponding core is available and an lcore
406 thread will be created and pinned to it. If the input does not
407 cover all cores, those uncovered cores are considered not set.
408
409 For performance reasons, it is best to set this to a single core
410 on the system, rather than allow lcore threads to float.
411
412 If not specified, the value will be determined by choosing the
413 lowest CPU core from initial cpu affinity list. Otherwise, the
414 value will be passed directly to the DPDK library.
415
416 other_config : pmd-cpu-mask: optional string
417 Specifies CPU mask for setting the cpu affinity of PMD (Poll
418 Mode Driver) threads. Value should be in the form of hex string,
419 similar to the dpdk EAL ’-c COREMASK’ option input or the
420 ’taskset’ mask input.
421
422 The lowest order bit corresponds to the first CPU core. A set
423 bit means the corresponding core is available and a pmd thread
424 will be created and pinned to it. If the input does not cover
425 all cores, those uncovered cores are considered not set.
426
427 If not specified, one pmd thread will be created for each numa
428 node and pinned to any available core on the numa node by de‐
429 fault.
430
431 other_config : dpdk-alloc-mem: optional string, containing an integer,
432 at least 0
433 Specifies the amount of memory to preallocate from the hugepage
434 pool, regardless of socket. It is recommended that dpdk-socket-
435 mem is used instead.
436
437 other_config : dpdk-socket-mem: optional string
438 Specifies the amount of memory to preallocate from the hugepage
439 pool, on a per-socket basis.
440
441 The specifier is a comma-separated string, in ascending order of
442 CPU socket. E.g. On a four socket system 1024,0,2048 would set
443 socket 0 to preallocate 1024MB, socket 1 to preallocate 0MB,
444 socket 2 to preallocate 2048MB and socket 3 (no value given) to
445 preallocate 0MB.
446
447 If other_config:dpdk-socket-mem and other_config:dpdk-alloc-mem
448 are not specified, neither will be used and there will be no de‐
449 fault value for each numa node. DPDK defaults will be used in‐
450 stead. If other_config:dpdk-socket-mem and other_config:dpdk-al‐
451 loc-mem are specified at the same time, other_config:dpdk-
452 socket-mem will be used as default. Changing this value requires
453 restarting the daemon.
454
455 other_config : dpdk-socket-limit: optional string
456 Limits the maximum amount of memory that can be used from the
457 hugepage pool, on a per-socket basis.
458
459 The specifier is a comma-separated list of memory limits per
460 socket. 0 will disable the limit for a particular socket.
461
462 If not specified, OVS will not configure limits by default.
463 Changing this value requires restarting the daemon.
464
465 other_config : dpdk-hugepage-dir: optional string
466 Specifies the path to the hugetlbfs mount point.
467
468 If not specified, this will be guessed by the DPDK library (de‐
469 fault is /dev/hugepages). Changing this value requires restart‐
470 ing the daemon.
471
472 other_config : dpdk-extra: optional string
473 Specifies additional eal command line arguments for DPDK.
474
475 The default is empty. Changing this value requires restarting
476 the daemon
477
478 other_config : vhost-sock-dir: optional string
479 Specifies a relative path from external_ids:rundir to the vhost-
480 user unix domain socket files. If this value is unset, the sock‐
481 ets are put directly in external_ids:rundir.
482
483 Changing this value requires restarting the daemon.
484
485 other_config : vhost-iommu-support: optional string, either true or
486 false
487 vHost IOMMU is a security feature, which restricts the vhost
488 memory that a virtio device may access. vHost IOMMU support is
489 disabled by default, due to a bug in QEMU implementations of the
490 vhost REPLY_ACK protocol, (on which vHost IOMMU relies) prior to
491 v2.9.1. Setting this value to true enables vHost IOMMU support
492 for vHost User Client ports in OvS-DPDK, starting from DPDK
493 v17.11.
494
495 Changing this value requires restarting the daemon.
496
497 other_config : vhost-postcopy-support: optional string, either true or
498 false
499 vHost post-copy is a feature which allows switching live migra‐
500 tion of VM attached to dpdkvhostuserclient port to post-copy
501 mode if default pre-copy migration can not be converged or takes
502 too long to converge. Setting this value to true enables vHost
503 post-copy support for all dpdkvhostuserclient ports. Available
504 starting from DPDK v18.11 and QEMU 2.12.
505
506 Changing this value requires restarting the daemon.
507
508 other_config : per-port-memory: optional string, either true or false
509 By default OVS DPDK uses a shared memory model wherein devices
510 that have the same MTU and socket values can share the same mem‐
511 pool. Setting this value to true changes this behaviour. Per
512 port memory allow DPDK devices to use private memory per device.
513 This can provide greater transparency as regards memory usage
514 but potentially at the cost of greater memory requirements.
515
516 Changing this value requires restarting the daemon if dpdk-init
517 has already been set to true.
518
519 other_config : tx-flush-interval: optional string, containing an inte‐
520 ger, in range 0 to 1,000,000
521 Specifies the time in microseconds that a packet can wait in
522 output batch for sending i.e. amount of time that packet can
523 spend in an intermediate output queue before sending to netdev.
524 This option can be used to configure balance between throughput
525 and latency. Lower values decreases latency while higher values
526 may be useful to achieve higher performance.
527
528 Defaults to 0 i.e. instant packet sending (latency optimized).
529
530 other_config : pmd-perf-metrics: optional string, either true or false
531 Enables recording of detailed PMD performance metrics for analy‐
532 sis and trouble-shooting. This can have a performance impact in
533 the order of 1%.
534
535 Defaults to false but can be changed at any time.
536
537 other_config : smc-enable: optional string, either true or false
538 Signature match cache or SMC is a cache between EMC and megaflow
539 cache. It does not store the full key of the flow, so it is more
540 memory efficient comparing to EMC cache. SMC is especially use‐
541 ful when flow count is larger than EMC capacity.
542
543 Defaults to false but can be changed at any time.
544
545 other_config : pmd-rxq-assign: optional string, one of cycles, group,
546 or roundrobin
547 Specifies how RX queues will be automatically assigned to CPU
548 cores. Options:
549
550 cycles Rxqs will be sorted by order of measured processing cy‐
551 cles before being assigned to CPU cores.
552
553 roundrobin
554 Rxqs will be round-robined across CPU cores.
555
556 group Rxqs will be sorted by order of measured processing cy‐
557 cles before being assigned to CPU cores with lowest esti‐
558 mated load.
559
560 The default value is cycles.
561
562 Changing this value will affect an automatic re-assignment of
563 Rxqs to CPUs. Note: Rxqs mapped to CPU cores with pmd-rxq-affin‐
564 ity are unaffected.
565
566 other_config : pmd-rxq-isolate: optional string, either true or false
567 Specifies if a CPU core will be isolated after being pinned with
568 an Rx queue.
569
570 Set this value to false to non-isolate a CPU core after it is
571 pinned with an Rxq using pmd-rxq-affinity. This will allow OVS
572 to assign other Rxqs to that CPU core.
573
574 The default value is true.
575
576 This can only be false when pmd-rxq-assign is set to group.
577
578 other_config : n-handler-threads: optional string, containing an inte‐
579 ger, at least 1
580 Attempts to specify the number of threads for software datapaths
581 to use for handling new flows. Some datapaths may choose to ig‐
582 nore this and it will be set to a sensible option for the data‐
583 path type.
584
585 This configuration is per datapath. If you have more than one
586 software datapath (e.g. some system bridges and some netdev
587 bridges), then the total number of threads is n-handler-threads
588 times the number of software datapaths.
589
590 other_config : n-revalidator-threads: optional string, containing an
591 integer, at least 1
592 Attempts to specify the number of threads for software datapaths
593 to use for revalidating flows in the datapath. Some datapaths
594 may choose to ignore this and will set to a sensible option for
595 the datapath type.
596
597 Typically, there is a direct correlation between the number of
598 revalidator threads, and the number of flows allowed in the
599 datapath. The default is the number of cpu cores divided by four
600 plus one. If n-handler-threads is set, the default changes to
601 the number of cpu cores minus the number of handler threads.
602
603 This configuration is per datapath. If you have more than one
604 software datapath (e.g. some system bridges and some netdev
605 bridges), then the total number of threads is n-handler-threads
606 times the number of software datapaths.
607
608 other_config : emc-insert-inv-prob: optional string, containing an in‐
609 teger, in range 0 to 4,294,967,295
610 Specifies the inverse probability (1/emc-insert-inv-prob) of a
611 flow being inserted into the Exact Match Cache (EMC). On average
612 one in every emc-insert-inv-prob packets that generate a unique
613 flow will cause an insertion into the EMC. A value of 1 will re‐
614 sult in an insertion for every flow (1/1 = 100%) whereas a value
615 of zero will result in no insertions and essentially disable the
616 EMC.
617
618 Defaults to 100 ie. there is (1/100 =) 1% chance of EMC inser‐
619 tion.
620
621 other_config : vlan-limit: optional string, containing an integer, at
622 least 0
623 Limits the number of VLAN headers that can be matched to the
624 specified number. Further VLAN headers will be treated as pay‐
625 load, e.g. a packet with more 802.1q headers will match Ethernet
626 type 0x8100.
627
628 Open vSwitch userspace currently supports at most 2 VLANs, and
629 each datapath has its own limit. If vlan-limit is nonzero, it
630 acts as a further limit.
631
632 If this value is absent, the default is currently 1. This main‐
633 tains backward compatibility with controllers that were designed
634 for use with Open vSwitch versions earlier than 2.8, which only
635 supported one VLAN.
636
637 other_config : bundle-idle-timeout: optional string, containing an in‐
638 teger, at least 1
639 The maximum time (in seconds) that idle bundles will wait to be
640 expired since it was either opened, modified or closed.
641
642 OpenFlow specification mandates the timeout to be at least one
643 second. The default is 10 seconds.
644
645 other_config : offload-rebalance: optional string, either true or false
646 Configures HW offload rebalancing, that allows to dynamically
647 offload and un-offload flows while an offload-device is out of
648 resources (OOR). This policy allows flows to be selected for of‐
649 floading based on the packets-per-second (pps) rate of flows.
650
651 Set this value to true to enable this option.
652
653 The default value is false. Changing this value requires
654 restarting the daemon.
655
656 This is only relevant if HW offloading is enabled (hw-offload).
657 When this policy is enabled, it also requires ’tc-policy’ to be
658 set to ’skip_sw’.
659
660 other_config : pmd-auto-lb: optional string, either true or false
661 Configures PMD Auto Load Balancing that allows automatic assign‐
662 ment of RX queues to PMDs if any of PMDs is overloaded (i.e. a
663 processing cycles > other_config:pmd-auto-lb-load-threshold).
664
665 It uses current scheme of cycle based assignment of RX queues
666 that are not statically pinned to PMDs.
667
668 The default value is false.
669
670 Set this value to true to enable this option. It is currently
671 disabled by default and an experimental feature.
672
673 This only comes in effect if cycle based assignment is enabled
674 and there are more than one non-isolated PMDs present and at
675 least one of it polls more than one queue.
676
677 other_config : pmd-auto-lb-rebal-interval: optional string, containing
678 an integer, in range 0 to 20,000
679 The minimum time (in minutes) 2 consecutive PMD Auto Load Bal‐
680 ancing iterations.
681
682 The defaul value is 1 min. If configured to 0 then it would be
683 converted to default value i.e. 1 min
684
685 This option can be configured to avoid frequent trigger of auto
686 load balancing of PMDs. For e.g. set the value (in min) such
687 that it occurs once in few hours or a day or a week.
688
689 other_config : pmd-auto-lb-load-threshold: optional string, containing
690 an integer, in range 0 to 100
691 Specifies the minimum PMD thread load threshold (% of used cy‐
692 cles) of any non-isolated PMD threads when a PMD Auto Load Bal‐
693 ance may be triggered.
694
695 The default value is 95%.
696
697 other_config : pmd-auto-lb-improvement-threshold: optional string, con‐
698 taining an integer, in range 0 to 100
699 Specifies the minimum evaluated % improvement in load distribu‐
700 tion across the non-isolated PMD threads that will allow a PMD
701 Auto Load Balance to occur.
702
703 Note, setting this parameter to 0 will always allow an auto load
704 balance to occur regardless of estimated improvement or not.
705
706 The default value is 25%.
707
708 other_config : userspace-tso-enable: optional string, either true or
709 false
710 Set this value to true to enable userspace support for TCP Seg‐
711 mentation Offloading (TSO). When it is enabled, the interfaces
712 can provide an oversized TCP segment to the datapath and the
713 datapath will offload the TCP segmentation and checksum calcula‐
714 tion to the interfaces when necessary.
715
716 The default value is false. Changing this value requires
717 restarting the daemon.
718
719 The feature only works if Open vSwitch is built with DPDK sup‐
720 port.
721
722 The feature is considered experimental.
723
724 Status:
725
726 next_cfg: integer
727 Sequence number for client to increment. When a client modifies
728 any part of the database configuration and wishes to wait for
729 Open vSwitch to finish applying the changes, it may increment
730 this sequence number.
731
732 cur_cfg: integer
733 Sequence number that Open vSwitch sets to the current value of
734 next_cfg after it finishes applying a set of configuration
735 changes.
736
737 dpdk_initialized: boolean
738 True if other_config:dpdk-init is set to true and the DPDK li‐
739 brary is successfully initialized.
740
741 Statistics:
742
743 The statistics column contains key-value pairs that report statistics
744 about a system running an Open vSwitch. These are updated periodically
745 (currently, every 5 seconds). Key-value pairs that cannot be determined
746 or that do not apply to a platform are omitted.
747
748 other_config : enable-statistics: optional string, either true or false
749 Statistics are disabled by default to avoid overhead in the com‐
750 mon case when statistics gathering is not useful. Set this value
751 to true to enable populating the statistics column or to false
752 to explicitly disable it.
753
754 statistics : cpu: optional string, containing an integer, at least 1
755 Number of CPU processors, threads, or cores currently online and
756 available to the operating system on which Open vSwitch is run‐
757 ning, as an integer. This may be less than the number installed,
758 if some are not online or if they are not available to the oper‐
759 ating system.
760
761 Open vSwitch userspace processes are not multithreaded, but the
762 Linux kernel-based datapath is.
763
764 statistics : load_average: optional string
765 A comma-separated list of three floating-point numbers, repre‐
766 senting the system load average over the last 1, 5, and 15 min‐
767 utes, respectively.
768
769 statistics : memory: optional string
770 A comma-separated list of integers, each of which represents a
771 quantity of memory in kilobytes that describes the operating
772 system on which Open vSwitch is running. In respective order,
773 these values are:
774
775 1. Total amount of RAM allocated to the OS.
776
777 2. RAM allocated to the OS that is in use.
778
779 3. RAM that can be flushed out to disk or otherwise discarded
780 if that space is needed for another purpose. This number is
781 necessarily less than or equal to the previous value.
782
783 4. Total disk space allocated for swap.
784
785 5. Swap space currently in use.
786
787 On Linux, all five values can be determined and are included. On
788 other operating systems, only the first two values can be deter‐
789 mined, so the list will only have two values.
790
791 statistics : process_NAME: optional string
792 One such key-value pair, with NAME replaced by a process name,
793 will exist for each running Open vSwitch daemon process, with
794 name replaced by the daemon’s name (e.g. process_ovs-vswitchd).
795 The value is a comma-separated list of integers. The integers
796 represent the following, with memory measured in kilobytes and
797 durations in milliseconds:
798
799 1. The process’s virtual memory size.
800
801 2. The process’s resident set size.
802
803 3. The amount of user and system CPU time consumed by the
804 process.
805
806 4. The number of times that the process has crashed and been
807 automatically restarted by the monitor.
808
809 5. The duration since the process was started.
810
811 6. The duration for which the process has been running.
812
813 The interpretation of some of these values depends on whether
814 the process was started with the --monitor. If it was not, then
815 the crash count will always be 0 and the two durations will al‐
816 ways be the same. If --monitor was given, then the crash count
817 may be positive; if it is, the latter duration is the amount of
818 time since the most recent crash and restart.
819
820 There will be one key-value pair for each file in Open vSwitch’s
821 ``run directory’’ (usually /var/run/openvswitch) whose name ends
822 in .pid, whose contents are a process ID, and which is locked by
823 a running process. The name is taken from the pidfile’s name.
824
825 Currently Open vSwitch is only able to obtain all of the above
826 detail on Linux systems. On other systems, the same key-value
827 pairs will be present but the values will always be the empty
828 string.
829
830 statistics : file_systems: optional string
831 A space-separated list of information on local, writable file
832 systems. Each item in the list describes one file system and
833 consists in turn of a comma-separated list of the following:
834
835 1. Mount point, e.g. / or /var/log. Any spaces or commas in the
836 mount point are replaced by underscores.
837
838 2. Total size, in kilobytes, as an integer.
839
840 3. Amount of storage in use, in kilobytes, as an integer.
841
842 This key-value pair is omitted if there are no local, writable
843 file systems or if Open vSwitch cannot obtain the needed infor‐
844 mation.
845
846 Version Reporting:
847
848 These columns report the types and versions of the hardware and soft‐
849 ware running Open vSwitch. We recommend in general that software should
850 test whether specific features are supported instead of relying on ver‐
851 sion number checks. These values are primarily intended for reporting
852 to human administrators.
853
854 ovs_version: optional string
855 The Open vSwitch version number, e.g. 1.1.0.
856
857 db_version: optional string
858 The database schema version number, e.g. 1.2.3. See ovsdb-
859 tool(1) for an explanation of the numbering scheme.
860
861 The schema version is part of the database schema, so it can
862 also be retrieved by fetching the schema using the Open vSwitch
863 database protocol.
864
865 system_type: optional string
866 An identifier for the type of system on top of which Open
867 vSwitch runs, e.g. XenServer or KVM.
868
869 System integrators are responsible for choosing and setting an
870 appropriate value for this column.
871
872 system_version: optional string
873 The version of the system identified by system_type, e.g.
874 5.6.100-39265p on XenServer 5.6.100 build 39265.
875
876 System integrators are responsible for choosing and setting an
877 appropriate value for this column.
878
879 dpdk_version: optional string
880 The version of the linked DPDK library.
881
882 Capabilities:
883
884 These columns report capabilities of the Open vSwitch instance.
885
886 datapath_types: set of strings
887 This column reports the different dpifs registered with the sys‐
888 tem. These are the values that this instance supports in the
889 datapath_type column of the Bridge table.
890
891 iface_types: set of strings
892 This column reports the different netdevs registered with the
893 system. These are the values that this instance supports in the
894 type column of the Interface table.
895
896 Database Configuration:
897
898 These columns primarily configure the Open vSwitch database
899 (ovsdb-server), not the Open vSwitch switch (ovs-vswitchd). The OVSDB
900 database also uses the ssl settings.
901
902 The Open vSwitch switch does read the database configuration to deter‐
903 mine remote IP addresses to which in-band control should apply.
904
905 manager_options: set of Managers
906 Database clients to which the Open vSwitch database server
907 should connect or to which it should listen, along with options
908 for how these connections should be configured. See the Manager
909 table for more information.
910
911 For this column to serve its purpose, ovsdb-server must be con‐
912 figured to honor it. The easiest way to do this is to invoke
913 ovsdb-server with the option --re‐
914 mote=db:Open_vSwitch,Open_vSwitch,manager_options The startup
915 scripts that accompany Open vSwitch do this by default.
916
917 IPsec:
918
919 These settings control the global configuration of IPsec tunnels. The
920 options column of the Interface table configures IPsec for individual
921 tunnels.
922
923 OVS IPsec supports the following three forms of authentication. Cur‐
924 rently, all IPsec tunnels must use the same form:
925
926 1. Pre-shared keys: Omit the global settings. On each tunnel,
927 set options:psk.
928
929 2. Self-signed certificates: Set the private_key and certifi‐
930 cate global settings. On each tunnel, set options:re‐
931 mote_cert. The remote certificate can be self-signed.
932
933 3. CA-signed certificates: Set all of the global settings. On
934 each tunnel, set options:remote_name to the common name (CN)
935 of the remote certificate. The remote certificate must be
936 signed by the CA.
937
938 other_config : private_key: optional string
939 Name of a PEM file containing the private key used as the
940 switch’s identity for IPsec tunnels.
941
942 other_config : certificate: optional string
943 Name of a PEM file containing a certificate that certifies the
944 switch’s private key, and identifies a trustworthy switch for
945 IPsec tunnels. The certificate must be x.509 version 3 and with
946 the string in common name (CN) also set in the subject alterna‐
947 tive name (SAN).
948
949 other_config : ca_cert: optional string
950 Name of a PEM file containing the CA certificate used to verify
951 that a remote switch of the IPsec tunnel is trustworthy.
952
953 Plaintext Tunnel Policy:
954
955 When an IPsec tunnel is configured in this database, multiple indepen‐
956 dent components take responsibility for implementing it. ovs-vswitchd
957 and its datapath handle packet forwarding to the tunnel and a separate
958 daemon pushes the tunnel’s IPsec policy configuration to the kernel or
959 other entity that implements it. There is a race: if the former config‐
960 uration completes before the latter, then packets sent by the local
961 host over the tunnel can be transmitted in plaintext. Using this set‐
962 ting, OVS users can avoid this undesirable situation.
963
964 other_config : ipsec_skb_mark: optional string
965 This setting takes the form value/mask. If it is specified, then
966 the skb_mark field in every outgoing tunneled packet sent in
967 plaintext is compared against it and, if it matches, the packet
968 is dropped. This is a global setting that is applied to every
969 tunneled packet, regardless of whether IPsec encryption is en‐
970 abled for the tunnel, the type of tunnel, or whether OVS is in‐
971 volved.
972
973 Example policies:
974
975 1/1 Drop all unencrypted tunneled packets in which the least-
976 significant bit of skb_mark is 1. This would be a useful
977 policy given an OpenFlow flow table that sets skb_mark to
978 1 for traffic that should be encrypted. The default
979 skb_mark is 0, so this would not affect other traffic.
980
981 0/1 Drop all unencrypted tunneled packets in which the least-
982 significant bit of skb_mark is 0. This would be a useful
983 policy if no unencrypted tunneled traffic should exit the
984 system without being specially permitted by setting
985 skb_mark to 1.
986
987 (empty)
988 If this setting is empty or unset, then all unencrypted
989 tunneled packets are transmitted in the usual way.
990
991 Common Columns:
992
993 The overall purpose of these columns is described under Common Columns
994 at the beginning of this document.
995
996 other_config: map of string-string pairs
997
998 external_ids: map of string-string pairs
999
1001 Configuration for a bridge within an Open_vSwitch.
1002
1003 A Bridge record represents an Ethernet switch with one or more
1004 ``ports,’’ which are the Port records pointed to by the Bridge’s ports
1005 column.
1006
1007 Summary:
1008 Core Features:
1009 name immutable string (must be unique within
1010 table)
1011 ports set of Ports
1012 mirrors set of Mirrors
1013 netflow optional NetFlow
1014 sflow optional sFlow
1015 ipfix optional IPFIX
1016 flood_vlans set of up to 4,096 integers, in range 0
1017 to 4,095
1018 auto_attach optional AutoAttach
1019 OpenFlow Configuration:
1020 controller set of Controllers
1021 flow_tables map of integer-Flow_Table pairs, key in
1022 range 0 to 254
1023 fail_mode optional string, either secure or stand‐
1024 alone
1025 datapath_id optional string
1026 datapath_version string
1027 other_config : datapath-id optional string
1028 other_config : dp-desc optional string
1029 other_config : dp-sn optional string
1030 other_config : disable-in-band
1031 optional string, either true or false
1032 other_config : in-band-queue
1033 optional string, containing an integer,
1034 in range 0 to 4,294,967,295
1035 other_config : controller-queue-size
1036 optional string, containing an integer,
1037 in range 1 to 512
1038 protocols set of strings, one of OpenFlow10, Open‐
1039 Flow11, OpenFlow12, OpenFlow13, Open‐
1040 Flow14, or OpenFlow15
1041 Spanning Tree Configuration:
1042 STP Configuration:
1043 stp_enable boolean
1044 other_config : stp-system-id
1045 optional string
1046 other_config : stp-priority
1047 optional string, containing an integer,
1048 in range 0 to 65,535
1049 other_config : stp-hello-time
1050 optional string, containing an integer,
1051 in range 1 to 10
1052 other_config : stp-max-age
1053 optional string, containing an integer,
1054 in range 6 to 40
1055 other_config : stp-forward-delay
1056 optional string, containing an integer,
1057 in range 4 to 30
1058 other_config : mcast-snooping-aging-time
1059 optional string, containing an integer,
1060 at least 1
1061 other_config : mcast-snooping-table-size
1062 optional string, containing an integer,
1063 at least 1
1064 other_config : mcast-snooping-disable-flood-unregistered
1065 optional string, either true or false
1066 STP Status:
1067 status : stp_bridge_id optional string
1068 status : stp_designated_root
1069 optional string
1070 status : stp_root_path_cost
1071 optional string
1072 Rapid Spanning Tree:
1073 RSTP Configuration:
1074 rstp_enable boolean
1075 other_config : rstp-address
1076 optional string
1077 other_config : rstp-priority
1078 optional string, containing an integer,
1079 in range 0 to 61,440
1080 other_config : rstp-ageing-time
1081 optional string, containing an integer,
1082 in range 10 to 1,000,000
1083 other_config : rstp-force-protocol-version
1084 optional string, containing an integer
1085 other_config : rstp-max-age
1086 optional string, containing an integer,
1087 in range 6 to 40
1088 other_config : rstp-forward-delay
1089 optional string, containing an integer,
1090 in range 4 to 30
1091 other_config : rstp-transmit-hold-count
1092 optional string, containing an integer,
1093 in range 1 to 10
1094 RSTP Status:
1095 rstp_status : rstp_bridge_id
1096 optional string
1097 rstp_status : rstp_root_id
1098 optional string
1099 rstp_status : rstp_root_path_cost
1100 optional string, containing an integer,
1101 at least 0
1102 rstp_status : rstp_designated_id
1103 optional string
1104 rstp_status : rstp_designated_port_id
1105 optional string
1106 rstp_status : rstp_bridge_port_id
1107 optional string
1108 Multicast Snooping Configuration:
1109 mcast_snooping_enable boolean
1110 Other Features:
1111 datapath_type string
1112 external_ids : bridge-id optional string
1113 external_ids : xs-network-uuids
1114 optional string
1115 other_config : hwaddr optional string
1116 other_config : forward-bpdu
1117 optional string, either true or false
1118 other_config : mac-aging-time
1119 optional string, containing an integer,
1120 at least 1
1121 other_config : mac-table-size
1122 optional string, containing an integer,
1123 at least 1
1124 Common Columns:
1125 other_config map of string-string pairs
1126 external_ids map of string-string pairs
1127
1128 Details:
1129 Core Features:
1130
1131 name: immutable string (must be unique within table)
1132 Bridge identifier. Must be unique among the names of ports, in‐
1133 terfaces, and bridges on a host.
1134
1135 The name must be alphanumeric and must not contain forward or
1136 backward slashes. The name of a bridge is also the name of an
1137 Interface (and a Port) within the bridge, so the restrictions on
1138 the name column in the Interface table, particularly on length,
1139 also apply to bridge names. Refer to the documentation for In‐
1140 terface names for details.
1141
1142 ports: set of Ports
1143 Ports included in the bridge.
1144
1145 mirrors: set of Mirrors
1146 Port mirroring configuration.
1147
1148 netflow: optional NetFlow
1149 NetFlow configuration.
1150
1151 sflow: optional sFlow
1152 sFlow(R) configuration.
1153
1154 ipfix: optional IPFIX
1155 IPFIX configuration.
1156
1157 flood_vlans: set of up to 4,096 integers, in range 0 to 4,095
1158 VLAN IDs of VLANs on which MAC address learning should be dis‐
1159 abled, so that packets are flooded instead of being sent to spe‐
1160 cific ports that are believed to contain packets’ destination
1161 MACs. This should ordinarily be used to disable MAC learning on
1162 VLANs used for mirroring (RSPAN VLANs). It may also be useful
1163 for debugging.
1164
1165 SLB bonding (see the bond_mode column in the Port table) is in‐
1166 compatible with flood_vlans. Consider using another bonding mode
1167 or a different type of mirror instead.
1168
1169 auto_attach: optional AutoAttach
1170 Auto Attach configuration.
1171
1172 OpenFlow Configuration:
1173
1174 controller: set of Controllers
1175 OpenFlow controller set. If unset, then no OpenFlow controllers
1176 will be used.
1177
1178 If there are primary controllers, removing all of them clears
1179 the OpenFlow flow tables, group table, and meter table. If there
1180 are no primary controllers, adding one also clears these tables.
1181 Other changes to the set of controllers, such as adding or re‐
1182 moving a service controller, adding another primary controller
1183 to supplement an existing primary controller, or removing only
1184 one of two primary controllers, have no effect on these tables.
1185
1186 flow_tables: map of integer-Flow_Table pairs, key in range 0 to 254
1187 Configuration for OpenFlow tables. Each pair maps from an Open‐
1188 Flow table ID to configuration for that table.
1189
1190 fail_mode: optional string, either secure or standalone
1191 When a controller is configured, it is, ordinarily, responsible
1192 for setting up all flows on the switch. Thus, if the connection
1193 to the controller fails, no new network connections can be set
1194 up. If the connection to the controller stays down long enough,
1195 no packets can pass through the switch at all. This setting de‐
1196 termines the switch’s response to such a situation. It may be
1197 set to one of the following:
1198
1199 standalone
1200 If no message is received from the controller for three
1201 times the inactivity probe interval (see inactiv‐
1202 ity_probe), then Open vSwitch will take over responsibil‐
1203 ity for setting up flows. In this mode, Open vSwitch
1204 causes the bridge to act like an ordinary MAC-learning
1205 switch. Open vSwitch will continue to retry connecting to
1206 the controller in the background and, when the connection
1207 succeeds, it will discontinue its standalone behavior.
1208
1209 secure Open vSwitch will not set up flows on its own when the
1210 controller connection fails or when no controllers are
1211 defined. The bridge will continue to retry connecting to
1212 any defined controllers forever.
1213
1214 The default is standalone if the value is unset, but future ver‐
1215 sions of Open vSwitch may change the default.
1216
1217 The standalone mode can create forwarding loops on a bridge that
1218 has more than one uplink port unless STP is enabled. To avoid
1219 loops on such a bridge, configure secure mode or enable STP (see
1220 stp_enable).
1221
1222 The fail_mode setting applies only to primary controllers. When
1223 more than one primary controller is configured, fail_mode is
1224 considered only when none of the configured controllers can be
1225 contacted.
1226
1227 Changing fail_mode when no primary controllers are configured
1228 clears the OpenFlow flow tables, group table, and meter table.
1229
1230 datapath_id: optional string
1231 Reports the OpenFlow datapath ID in use. Exactly 16 hex digits.
1232 (Setting this column has no useful effect. Set other-con‐
1233 fig:datapath-id instead.)
1234
1235 datapath_version: string
1236 Reports the datapath version. This column is maintained for
1237 backwards compatibility. The preferred locatation is the data‐
1238 path_id column of the Datapath table. The full documentation for
1239 this column is there.
1240
1241 other_config : datapath-id: optional string
1242 Overrides the default OpenFlow datapath ID, setting it to the
1243 specified value specified in hex. The value must either have a
1244 0x prefix or be exactly 16 hex digits long. May not be all-zero.
1245
1246 other_config : dp-desc: optional string
1247 Human readable description of datapath. It is a maximum 256
1248 byte-long free-form string to describe the datapath for debug‐
1249 ging purposes, e.g. switch3 in room 3120. The value is returned
1250 by the switch as a part of reply to OFPMP_DESC request
1251 (ofp_desc). The OpenFlow specification (e.g. 1.3.5) describes
1252 the ofp_desc structure to contaion "NULL terminated ASCII
1253 strings". For the compatibility reasons no more than 255 ASCII
1254 characters should be used.
1255
1256 other_config : dp-sn: optional string
1257 Serial number. It is a maximum 32 byte-long free-form string to
1258 provide an additional switch identification. The value is re‐
1259 turned by the switch as a part of reply to OFPMP_DESC request
1260 (ofp_desc). Same as mentioned in the description of other-con‐
1261 fig:dp-desc, the string should be no more than 31 ASCII charac‐
1262 ters for the compatibility.
1263
1264 other_config : disable-in-band: optional string, either true or false
1265 If set to true, disable in-band control on the bridge regardless
1266 of controller and manager settings.
1267
1268 other_config : in-band-queue: optional string, containing an integer,
1269 in range 0 to 4,294,967,295
1270 A queue ID as a nonnegative integer. This sets the OpenFlow
1271 queue ID that will be used by flows set up by in-band control on
1272 this bridge. If unset, or if the port used by an in-band control
1273 flow does not have QoS configured, or if the port does not have
1274 a queue with the specified ID, the default queue is used in‐
1275 stead.
1276
1277 other_config : controller-queue-size: optional string, containing an
1278 integer, in range 1 to 512
1279 This sets the maximum size of the queue of packets that need to
1280 be sent to the OpenFlow management controller. The value must be
1281 less than 512. If not specified the queue size is limited to 100
1282 packets by default. Note: increasing the queue size might have a
1283 negative impact on latency.
1284
1285 protocols: set of strings, one of OpenFlow10, OpenFlow11, OpenFlow12,
1286 OpenFlow13, OpenFlow14, or OpenFlow15
1287 List of OpenFlow protocols that may be used when negotiating a
1288 connection with a controller. OpenFlow 1.0, 1.1, 1.2, 1.3, 1.4,
1289 and 1.5 are enabled by default if this column is empty.
1290
1291 Spanning Tree Configuration:
1292
1293 The IEEE 802.1D Spanning Tree Protocol (STP) is a network protocol that
1294 ensures loop-free topologies. It allows redundant links to be included
1295 in the network to provide automatic backup paths if the active links
1296 fails.
1297
1298 These settings configure the slower-to-converge but still widely sup‐
1299 ported version of Spanning Tree Protocol, sometimes known as
1300 802.1D-1998. Open vSwitch also supports the newer Rapid Spanning Tree
1301 Protocol (RSTP), documented later in the section titled Rapid Spanning
1302 Tree Configuration.
1303
1304 STP Configuration:
1305
1306 stp_enable: boolean
1307 Enable spanning tree on the bridge. By default, STP is disabled
1308 on bridges. Bond, internal, and mirror ports are not supported
1309 and will not participate in the spanning tree.
1310
1311 STP and RSTP are mutually exclusive. If both are enabled, RSTP
1312 will be used.
1313
1314 other_config : stp-system-id: optional string
1315 The bridge’s STP identifier (the lower 48 bits of the bridge-id)
1316 in the form xx:xx:xx:xx:xx:xx. By default, the identifier is the
1317 MAC address of the bridge.
1318
1319 other_config : stp-priority: optional string, containing an integer, in
1320 range 0 to 65,535
1321 The bridge’s relative priority value for determining the root
1322 bridge (the upper 16 bits of the bridge-id). A bridge with the
1323 lowest bridge-id is elected the root. By default, the priority
1324 is 0x8000.
1325
1326 other_config : stp-hello-time: optional string, containing an integer,
1327 in range 1 to 10
1328 The interval between transmissions of hello messages by desig‐
1329 nated ports, in seconds. By default the hello interval is 2 sec‐
1330 onds.
1331
1332 other_config : stp-max-age: optional string, containing an integer, in
1333 range 6 to 40
1334 The maximum age of the information transmitted by the bridge
1335 when it is the root bridge, in seconds. By default, the maximum
1336 age is 20 seconds.
1337
1338 other_config : stp-forward-delay: optional string, containing an inte‐
1339 ger, in range 4 to 30
1340 The delay to wait between transitioning root and designated
1341 ports to forwarding, in seconds. By default, the forwarding de‐
1342 lay is 15 seconds.
1343
1344 other_config : mcast-snooping-aging-time: optional string, containing
1345 an integer, at least 1
1346 The maximum number of seconds to retain a multicast snooping en‐
1347 try for which no packets have been seen. The default is cur‐
1348 rently 300 seconds (5 minutes). The value, if specified, is
1349 forced into a reasonable range, currently 15 to 3600 seconds.
1350
1351 other_config : mcast-snooping-table-size: optional string, containing
1352 an integer, at least 1
1353 The maximum number of multicast snooping addresses to learn. The
1354 default is currently 2048. The value, if specified, is forced
1355 into a reasonable range, currently 10 to 1,000,000.
1356
1357 other_config : mcast-snooping-disable-flood-unregistered: optional
1358 string, either true or false
1359 If set to false, unregistered multicast packets are forwarded to
1360 all ports. If set to true, unregistered multicast packets are
1361 forwarded to ports connected to multicast routers.
1362
1363 STP Status:
1364
1365 These key-value pairs report the status of 802.1D-1998. They are
1366 present only if STP is enabled (via the stp_enable column).
1367
1368 status : stp_bridge_id: optional string
1369 The bridge ID used in spanning tree advertisements, in the form
1370 xxxx.yyyyyyyyyyyy where the xs are the STP priority, the ys are
1371 the STP system ID, and each x and y is a hex digit.
1372
1373 status : stp_designated_root: optional string
1374 The designated root for this spanning tree, in the same form as
1375 status:stp_bridge_id. If this bridge is the root, this will have
1376 the same value as status:stp_bridge_id, otherwise it will dif‐
1377 fer.
1378
1379 status : stp_root_path_cost: optional string
1380 The path cost of reaching the designated bridge. A lower number
1381 is better. The value is 0 if this bridge is the root, otherwise
1382 it is higher.
1383
1384 Rapid Spanning Tree:
1385
1386 Rapid Spanning Tree Protocol (RSTP), like STP, is a network protocol
1387 that ensures loop-free topologies. RSTP superseded STP with the publi‐
1388 cation of 802.1D-2004. Compared to STP, RSTP converges more quickly and
1389 recovers more quickly from failures.
1390
1391 RSTP Configuration:
1392
1393 rstp_enable: boolean
1394 Enable Rapid Spanning Tree on the bridge. By default, RSTP is
1395 disabled on bridges. Bond, internal, and mirror ports are not
1396 supported and will not participate in the spanning tree.
1397
1398 STP and RSTP are mutually exclusive. If both are enabled, RSTP
1399 will be used.
1400
1401 other_config : rstp-address: optional string
1402 The bridge’s RSTP address (the lower 48 bits of the bridge-id)
1403 in the form xx:xx:xx:xx:xx:xx. By default, the address is the
1404 MAC address of the bridge.
1405
1406 other_config : rstp-priority: optional string, containing an integer,
1407 in range 0 to 61,440
1408 The bridge’s relative priority value for determining the root
1409 bridge (the upper 16 bits of the bridge-id). A bridge with the
1410 lowest bridge-id is elected the root. By default, the priority
1411 is 0x8000 (32768). This value needs to be a multiple of 4096,
1412 otherwise it’s rounded to the nearest inferior one.
1413
1414 other_config : rstp-ageing-time: optional string, containing an inte‐
1415 ger, in range 10 to 1,000,000
1416 The Ageing Time parameter for the Bridge. The default value is
1417 300 seconds.
1418
1419 other_config : rstp-force-protocol-version: optional string, containing
1420 an integer
1421 The Force Protocol Version parameter for the Bridge. This can
1422 take the value 0 (STP Compatibility mode) or 2 (the default,
1423 normal operation).
1424
1425 other_config : rstp-max-age: optional string, containing an integer, in
1426 range 6 to 40
1427 The maximum age of the information transmitted by the Bridge
1428 when it is the Root Bridge. The default value is 20.
1429
1430 other_config : rstp-forward-delay: optional string, containing an inte‐
1431 ger, in range 4 to 30
1432 The delay used by STP Bridges to transition Root and Designated
1433 Ports to Forwarding. The default value is 15.
1434
1435 other_config : rstp-transmit-hold-count: optional string, containing an
1436 integer, in range 1 to 10
1437 The Transmit Hold Count used by the Port Transmit state machine
1438 to limit transmission rate. The default value is 6.
1439
1440 RSTP Status:
1441
1442 These key-value pairs report the status of 802.1D-2004. They are
1443 present only if RSTP is enabled (via the rstp_enable column).
1444
1445 rstp_status : rstp_bridge_id: optional string
1446 The bridge ID used in rapid spanning tree advertisements, in the
1447 form x.yyy.zzzzzzzzzzzz where x is the RSTP priority, the ys are
1448 a locally assigned system ID extension, the zs are the STP sys‐
1449 tem ID, and each x, y, or z is a hex digit.
1450
1451 rstp_status : rstp_root_id: optional string
1452 The root of this spanning tree, in the same form as rstp_sta‐
1453 tus:rstp_bridge_id. If this bridge is the root, this will have
1454 the same value as rstp_status:rstp_bridge_id, otherwise it will
1455 differ.
1456
1457 rstp_status : rstp_root_path_cost: optional string, containing an inte‐
1458 ger, at least 0
1459 The path cost of reaching the root. A lower number is better.
1460 The value is 0 if this bridge is the root, otherwise it is
1461 higher.
1462
1463 rstp_status : rstp_designated_id: optional string
1464 The RSTP designated ID, in the same form as rstp_sta‐
1465 tus:rstp_bridge_id.
1466
1467 rstp_status : rstp_designated_port_id: optional string
1468 The RSTP designated port ID, as a 4-digit hex number.
1469
1470 rstp_status : rstp_bridge_port_id: optional string
1471 The RSTP bridge port ID, as a 4-digit hex number.
1472
1473 Multicast Snooping Configuration:
1474
1475 Multicast snooping (RFC 4541) monitors the Internet Group Management
1476 Protocol (IGMP) and Multicast Listener Discovery traffic between hosts
1477 and multicast routers. The switch uses what IGMP and MLD snooping
1478 learns to forward multicast traffic only to interfaces that are con‐
1479 nected to interested receivers. Currently it supports IGMPv1, IGMPv2,
1480 IGMPv3, MLDv1 and MLDv2 protocols.
1481
1482 mcast_snooping_enable: boolean
1483 Enable multicast snooping on the bridge. For now, the default is
1484 disabled.
1485
1486 Other Features:
1487
1488 datapath_type: string
1489 Name of datapath provider. The kernel datapath has type system.
1490 The userspace datapath has type netdev. A manager may refer to
1491 the datapath_types column of the Open_vSwitch table for a list
1492 of the types accepted by this Open vSwitch instance.
1493
1494 external_ids : bridge-id: optional string
1495 A unique identifier of the bridge. On Citrix XenServer this will
1496 commonly be the same as external_ids:xs-network-uuids.
1497
1498 external_ids : xs-network-uuids: optional string
1499 Semicolon-delimited set of universally unique identifier(s) for
1500 the network with which this bridge is associated on a Citrix
1501 XenServer host. The network identifiers are RFC 4122 UUIDs as
1502 displayed by, e.g., xe network-list.
1503
1504 other_config : hwaddr: optional string
1505 An Ethernet address in the form xx:xx:xx:xx:xx:xx to set the
1506 hardware address of the local port and influence the datapath
1507 ID.
1508
1509 other_config : forward-bpdu: optional string, either true or false
1510 Controls forwarding of BPDUs and other network control frames
1511 when NORMAL action is invoked. When this option is false or un‐
1512 set, frames with reserved Ethernet addresses (see table below)
1513 will not be forwarded. When this option is true, such frames
1514 will not be treated specially.
1515
1516 The above general rule has the following exceptions:
1517
1518 • If STP is enabled on the bridge (see the stp_enable col‐
1519 umn in the Bridge table), the bridge processes all re‐
1520 ceived STP packets and never passes them to OpenFlow or
1521 forwards them. This is true even if STP is disabled on an
1522 individual port.
1523
1524 • If LLDP is enabled on an interface (see the lldp column
1525 in the Interface table), the interface processes received
1526 LLDP packets and never passes them to OpenFlow or for‐
1527 wards them.
1528
1529 Set this option to true if the Open vSwitch bridge connects dif‐
1530 ferent Ethernet networks and is not configured to participate in
1531 STP.
1532
1533 This option affects packets with the following destination MAC
1534 addresses:
1535
1536 01:80:c2:00:00:00
1537 IEEE 802.1D Spanning Tree Protocol (STP).
1538
1539 01:80:c2:00:00:01
1540 IEEE Pause frame.
1541
1542 01:80:c2:00:00:0x
1543 Other reserved protocols.
1544
1545 00:e0:2b:00:00:00
1546 Extreme Discovery Protocol (EDP).
1547
1548 00:e0:2b:00:00:04 and 00:e0:2b:00:00:06
1549 Ethernet Automatic Protection Switching (EAPS).
1550
1551 01:00:0c:cc:cc:cc
1552 Cisco Discovery Protocol (CDP), VLAN Trunking Protocol
1553 (VTP), Dynamic Trunking Protocol (DTP), Port Aggregation
1554 Protocol (PAgP), and others.
1555
1556 01:00:0c:cc:cc:cd
1557 Cisco Shared Spanning Tree Protocol PVSTP+.
1558
1559 01:00:0c:cd:cd:cd
1560 Cisco STP Uplink Fast.
1561
1562 01:00:0c:00:00:00
1563 Cisco Inter Switch Link.
1564
1565 01:00:0c:cc:cc:cx
1566 Cisco CFM.
1567
1568 other_config : mac-aging-time: optional string, containing an integer,
1569 at least 1
1570 The maximum number of seconds to retain a MAC learning entry for
1571 which no packets have been seen. The default is currently 300
1572 seconds (5 minutes). The value, if specified, is forced into a
1573 reasonable range, currently 15 to 3600 seconds.
1574
1575 A short MAC aging time allows a network to more quickly detect
1576 that a host is no longer connected to a switch port. However, it
1577 also makes it more likely that packets will be flooded unneces‐
1578 sarily, when they are addressed to a connected host that rarely
1579 transmits packets. To reduce the incidence of unnecessary flood‐
1580 ing, use a MAC aging time longer than the maximum interval at
1581 which a host will ordinarily transmit packets.
1582
1583 other_config : mac-table-size: optional string, containing an integer,
1584 at least 1
1585 The maximum number of MAC addresses to learn. The default is
1586 currently 8192. The value, if specified, is forced into a rea‐
1587 sonable range, currently 10 to 1,000,000.
1588
1589 Common Columns:
1590
1591 The overall purpose of these columns is described under Common Columns
1592 at the beginning of this document.
1593
1594 other_config: map of string-string pairs
1595
1596 external_ids: map of string-string pairs
1597
1599 A port within a Bridge.
1600
1601 Most commonly, a port has exactly one ``interface,’’ pointed to by its
1602 interfaces column. Such a port logically corresponds to a port on a
1603 physical Ethernet switch. A port with more than one interface is a
1604 ``bonded port’’ (see Bonding Configuration).
1605
1606 Some properties that one might think as belonging to a port are actu‐
1607 ally part of the port’s Interface members.
1608
1609 Summary:
1610 name immutable string (must be unique within
1611 table)
1612 interfaces set of 1 or more Interfaces
1613 VLAN Configuration:
1614 vlan_mode optional string, one of access,
1615 dot1q-tunnel, native-tagged, native-un‐
1616 tagged, or trunk
1617 tag optional integer, in range 0 to 4,095
1618 trunks set of up to 4,096 integers, in range 0
1619 to 4,095
1620 cvlans set of up to 4,096 integers, in range 0
1621 to 4,095
1622 other_config : qinq-ethtype
1623 optional string, either 802.1ad or 802.1q
1624 other_config : priority-tags
1625 optional string, one of always, if-non‐
1626 zero, or never
1627 Bonding Configuration:
1628 bond_mode optional string, one of active-backup,
1629 balance-slb, or balance-tcp
1630 other_config : bond-hash-basis
1631 optional string, containing an integer
1632 other_config : lb-output-action
1633 optional string, either true or false
1634 other_config : bond-primary
1635 optional string
1636 Link Failure Detection:
1637 other_config : bond-detect-mode
1638 optional string, either carrier or miimon
1639 other_config : bond-miimon-interval
1640 optional string, containing an integer
1641 bond_updelay integer
1642 bond_downdelay integer
1643 LACP Configuration:
1644 lacp optional string, one of active, off, or
1645 passive
1646 other_config : lacp-system-id
1647 optional string
1648 other_config : lacp-system-priority
1649 optional string, containing an integer,
1650 in range 1 to 65,535
1651 other_config : lacp-time optional string, either fast or slow
1652 other_config : lacp-fallback-ab
1653 optional string, either true or false
1654 Rebalancing Configuration:
1655 other_config : bond-rebalance-interval
1656 optional string, containing an integer,
1657 in range 0 to 2,147,483,647
1658 bond_fake_iface boolean
1659 Spanning Tree Protocol:
1660 STP Configuration:
1661 other_config : stp-enable
1662 optional string, either true or false
1663 other_config : stp-port-num
1664 optional string, containing an integer,
1665 in range 1 to 255
1666 other_config : stp-port-priority
1667 optional string, containing an integer,
1668 in range 0 to 255
1669 other_config : stp-path-cost
1670 optional string, containing an integer,
1671 in range 0 to 65,535
1672 STP Status:
1673 status : stp_port_id optional string
1674 status : stp_state optional string, one of blocking, dis‐
1675 abled, forwarding, learning, or listening
1676 status : stp_sec_in_state
1677 optional string, containing an integer,
1678 at least 0
1679 status : stp_role optional string, one of alternate, desig‐
1680 nated, or root
1681 Rapid Spanning Tree Protocol:
1682 RSTP Configuration:
1683 other_config : rstp-enable
1684 optional string, either true or false
1685 other_config : rstp-port-priority
1686 optional string, containing an integer,
1687 in range 0 to 240
1688 other_config : rstp-port-num
1689 optional string, containing an integer,
1690 in range 1 to 4,095
1691 other_config : rstp-port-path-cost
1692 optional string, containing an integer
1693 other_config : rstp-port-admin-edge
1694 optional string, either true or false
1695 other_config : rstp-port-auto-edge
1696 optional string, either true or false
1697 other_config : rstp-port-mcheck
1698 optional string, either true or false
1699 RSTP Status:
1700 rstp_status : rstp_port_id
1701 optional string
1702 rstp_status : rstp_port_role
1703 optional string, one of Alternate,
1704 Backup, Designated, Disabled, or Root
1705 rstp_status : rstp_port_state
1706 optional string, one of Disabled, Dis‐
1707 carding, Forwarding, or Learning
1708 rstp_status : rstp_designated_bridge_id
1709 optional string
1710 rstp_status : rstp_designated_port_id
1711 optional string
1712 rstp_status : rstp_designated_path_cost
1713 optional string, containing an integer
1714 RSTP Statistics:
1715 rstp_statistics : rstp_tx_count
1716 optional integer
1717 rstp_statistics : rstp_rx_count
1718 optional integer
1719 rstp_statistics : rstp_error_count
1720 optional integer
1721 rstp_statistics : rstp_uptime
1722 optional integer
1723 Multicast Snooping:
1724 other_config : mcast-snooping-flood
1725 optional string, either true or false
1726 other_config : mcast-snooping-flood-reports
1727 optional string, either true or false
1728 Other Features:
1729 qos optional QoS
1730 mac optional string
1731 fake_bridge boolean
1732 protected boolean
1733 external_ids : fake-bridge-id-*
1734 optional string
1735 other_config : transient optional string, either true or false
1736 bond_active_slave optional string
1737 Port Statistics:
1738 Statistics: STP transmit and receive counters:
1739 statistics : stp_tx_count
1740 optional integer
1741 statistics : stp_rx_count
1742 optional integer
1743 statistics : stp_error_count
1744 optional integer
1745 Common Columns:
1746 other_config map of string-string pairs
1747 external_ids map of string-string pairs
1748
1749 Details:
1750 name: immutable string (must be unique within table)
1751 Port name. For a non-bonded port, this should be the same as its
1752 interface’s name. Port names must otherwise be unique among the
1753 names of ports, interfaces, and bridges on a host. Because port
1754 and interfaces names are usually the same, the restrictions on
1755 the name column in the Interface table, particularly on length,
1756 also apply to port names. Refer to the documentation for Inter‐
1757 face names for details.
1758
1759 interfaces: set of 1 or more Interfaces
1760 The port’s interfaces. If there is more than one, this is a
1761 bonded Port.
1762
1763 VLAN Configuration:
1764
1765 In short, a VLAN (short for ``virtual LAN’’) is a way to partition a
1766 single switch into multiple switches. VLANs can be confusing, so for an
1767 introduction, please refer to the question ``What’s a VLAN?’’ in the
1768 Open vSwitch FAQ.
1769
1770 A VLAN is sometimes encoded into a packet using a 802.1Q or 802.1ad
1771 VLAN header, but every packet is part of some VLAN whether or not it is
1772 encoded in the packet. (A packet that appears to have no VLAN is part
1773 of VLAN 0, by default.) As a result, it’s useful to think of a VLAN as
1774 a metadata property of a packet, separate from how the VLAN is encoded.
1775 For a given port, this column determines how the encoding of a packet
1776 that ingresses or egresses the port maps to the packet’s VLAN. When a
1777 packet enters the switch, its VLAN is determined based on its setting
1778 in this column and its VLAN headers, if any, and then, conceptually,
1779 the VLAN headers are then stripped off. Conversely, when a packet exits
1780 the switch, its VLAN and the settings in this column determine what
1781 VLAN headers, if any, are pushed onto the packet before it egresses the
1782 port.
1783
1784 The VLAN configuration in this column affects Open vSwitch only when it
1785 is doing ``normal switching.’’ It does not affect flows set up by an
1786 OpenFlow controller, outside of the OpenFlow ``normal action.’’
1787
1788 Bridge ports support the following types of VLAN configuration:
1789
1790 trunk A trunk port carries packets on one or more specified
1791 VLANs specified in the trunks column (often, on every
1792 VLAN). A packet that ingresses on a trunk port is in the
1793 VLAN specified in its 802.1Q header, or VLAN 0 if the
1794 packet has no 802.1Q header. A packet that egresses
1795 through a trunk port will have an 802.1Q header if it has
1796 a nonzero VLAN ID.
1797
1798 Any packet that ingresses on a trunk port tagged with a
1799 VLAN that the port does not trunk is dropped.
1800
1801 access An access port carries packets on exactly one VLAN speci‐
1802 fied in the tag column. Packets egressing on an access
1803 port have no 802.1Q header.
1804
1805 Any packet with an 802.1Q header with a nonzero VLAN ID
1806 that ingresses on an access port is dropped, regardless
1807 of whether the VLAN ID in the header is the access port’s
1808 VLAN ID.
1809
1810 native-tagged
1811 A native-tagged port resembles a trunk port, with the ex‐
1812 ception that a packet without an 802.1Q header that in‐
1813 gresses on a native-tagged port is in the ``native VLAN’’
1814 (specified in the tag column).
1815
1816 native-untagged
1817 A native-untagged port resembles a native-tagged port,
1818 with the exception that a packet that egresses on a na‐
1819 tive-untagged port in the native VLAN will not have an
1820 802.1Q header.
1821
1822 dot1q-tunnel
1823 A dot1q-tunnel port is somewhat like an access port. Like
1824 an access port, it carries packets on the single VLAN
1825 specified in the tag column and this VLAN, called the
1826 service VLAN, does not appear in an 802.1Q header for
1827 packets that ingress or egress on the port. The main dif‐
1828 ference lies in the behavior when packets that include a
1829 802.1Q header ingress on the port. Whereas an access port
1830 drops such packets, a dot1q-tunnel port treats these as
1831 double-tagged with the outer service VLAN tag and the in‐
1832 ner customer VLAN taken from the 802.1Q header. Corre‐
1833 spondingly, to egress on the port, a packet outer VLAN
1834 (or only VLAN) must be tag, which is removed before
1835 egress, which exposes the inner (customer) VLAN if one is
1836 present.
1837
1838 If cvlans is set, only allows packets in the specified
1839 customer VLANs.
1840
1841 A packet will only egress through bridge ports that carry the VLAN of
1842 the packet, as described by the rules above.
1843
1844 vlan_mode: optional string, one of access, dot1q-tunnel, native-tagged,
1845 native-untagged, or trunk
1846 The VLAN mode of the port, as described above. When this column
1847 is empty, a default mode is selected as follows:
1848
1849 • If tag contains a value, the port is an access port. The
1850 trunks column should be empty.
1851
1852 • Otherwise, the port is a trunk port. The trunks column
1853 value is honored if it is present.
1854
1855 tag: optional integer, in range 0 to 4,095
1856 For an access port, the port’s implicitly tagged VLAN. For a na‐
1857 tive-tagged or native-untagged port, the port’s native VLAN.
1858 Must be empty if this is a trunk port.
1859
1860 trunks: set of up to 4,096 integers, in range 0 to 4,095
1861 For a trunk, native-tagged, or native-untagged port, the 802.1Q
1862 VLAN or VLANs that this port trunks; if it is empty, then the
1863 port trunks all VLANs. Must be empty if this is an access port.
1864
1865 A native-tagged or native-untagged port always trunks its native
1866 VLAN, regardless of whether trunks includes that VLAN.
1867
1868 cvlans: set of up to 4,096 integers, in range 0 to 4,095
1869 For a dot1q-tunnel port, the customer VLANs that this port in‐
1870 cludes. If this is empty, the port includes all customer VLANs.
1871
1872 For other kinds of ports, this setting is ignored.
1873
1874 other_config : qinq-ethtype: optional string, either 802.1ad or 802.1q
1875 For a dot1q-tunnel port, this is the TPID for the service tag,
1876 that is, for the 802.1Q header that contains the service VLAN
1877 ID. Because packets that actually ingress and egress a dot1q-
1878 tunnel port do not include an 802.1Q header for the service
1879 VLAN, this does not affect packets on the dot1q-tunnel port it‐
1880 self. Rather, it determines the service VLAN for a packet that
1881 ingresses on a dot1q-tunnel port and egresses on a trunk port.
1882
1883 The value 802.1ad specifies TPID 0x88a8, which is also the de‐
1884 fault if the setting is omitted. The value 802.1q specifies TPID
1885 0x8100.
1886
1887 For other kinds of ports, this setting is ignored.
1888
1889 other_config : priority-tags: optional string, one of always, if-non‐
1890 zero, or never
1891 An 802.1Q header contains two important pieces of information: a
1892 VLAN ID and a priority. A frame with a zero VLAN ID, called a
1893 ``priority-tagged’’ frame, is supposed to be treated the same
1894 way as a frame without an 802.1Q header at all (except for the
1895 priority).
1896
1897 However, some network elements ignore any frame that has 802.1Q
1898 header at all, even when the VLAN ID is zero. Therefore, by de‐
1899 fault Open vSwitch does not output priority-tagged frames, in‐
1900 stead omitting the 802.1Q header entirely if the VLAN ID is
1901 zero. Set this key to if-nonzero to enable priority-tagged
1902 frames on a port.
1903
1904 For if-nonzero Open vSwitch omits the 802.1Q header on output if
1905 both the VLAN ID and priority would be zero. Set to always to
1906 retain the 802.1Q header in such frames as well.
1907
1908 All frames output to native-tagged ports have a nonzero VLAN ID,
1909 so this setting is not meaningful on native-tagged ports.
1910
1911 Bonding Configuration:
1912
1913 A port that has more than one interface is a ``bonded port.’’ Bonding
1914 allows for load balancing and fail-over.
1915
1916 The following types of bonding will work with any kind of upstream
1917 switch. On the upstream switch, do not configure the interfaces as a
1918 bond:
1919
1920 balance-slb
1921 Balances flows among members based on source MAC address
1922 and output VLAN, with periodic rebalancing as traffic
1923 patterns change.
1924
1925 active-backup
1926 Assigns all flows to one member, failing over to a backup
1927 member when the active member is disabled. This is the
1928 only bonding mode in which interfaces may be plugged into
1929 different upstream switches.
1930
1931 The following modes require the upstream switch to support 802.3ad with
1932 successful LACP negotiation. If LACP negotiation fails and other-con‐
1933 fig:lacp-fallback-ab is true, then active-backup mode is used:
1934
1935 balance-tcp
1936 Balances flows among members based on L3 and L4 protocol
1937 information such as IP addresses and TCP/UDP ports.
1938
1939 These columns apply only to bonded ports. Their values are otherwise
1940 ignored.
1941
1942 bond_mode: optional string, one of active-backup, balance-slb, or bal‐
1943 ance-tcp
1944 The type of bonding used for a bonded port. Defaults to ac‐
1945 tive-backup if unset.
1946
1947 other_config : bond-hash-basis: optional string, containing an integer
1948 An integer hashed along with flows when choosing output members
1949 in load balanced bonds. When changed, all flows will be assigned
1950 different hash values possibly causing member selection deci‐
1951 sions to change. Does not affect bonding modes which do not em‐
1952 ploy load balancing such as active-backup.
1953
1954 other_config : lb-output-action: optional string, either true or false
1955 Enable/disable usage of optimized lb_output action for balancing
1956 flows among output members in load balanced bonds in bal‐
1957 ance-tcp. When enabled, it uses optimized path for balance-tcp
1958 mode by using rss hash and avoids recirculation. This knob does
1959 not affect other balancing modes.
1960
1961 other_config : bond-primary: optional string
1962 If a slave interface with this name exists in the bond and is
1963 up, it will be made active. Relevant only when other_con‐
1964 fig:bond_mode is active-backup or if balance-tcp falls back to
1965 active-backup (e.g., LACP negotiation fails and other_con‐
1966 fig:lacp-fallback-ab is true).
1967
1968 Link Failure Detection:
1969
1970 An important part of link bonding is detecting that links are down so
1971 that they may be disabled. These settings determine how Open vSwitch
1972 detects link failure.
1973
1974 other_config : bond-detect-mode: optional string, either carrier or mi‐
1975 imon
1976 The means used to detect link failures. Defaults to carrier
1977 which uses each interface’s carrier to detect failures. When set
1978 to miimon, will check for failures by polling each interface’s
1979 MII.
1980
1981 other_config : bond-miimon-interval: optional string, containing an in‐
1982 teger
1983 The interval, in milliseconds, between successive attempts to
1984 poll each interface’s MII. Relevant only when other_config:bond-
1985 detect-mode is miimon.
1986
1987 bond_updelay: integer
1988 The number of milliseconds for which the link must stay up on an
1989 interface before the interface is considered to be up. Specify 0
1990 to enable the interface immediately.
1991
1992 This setting is honored only when at least one bonded interface
1993 is already enabled. When no interfaces are enabled, then the
1994 first bond interface to come up is enabled immediately.
1995
1996 bond_downdelay: integer
1997 The number of milliseconds for which the link must stay down on
1998 an interface before the interface is considered to be down.
1999 Specify 0 to disable the interface immediately.
2000
2001 LACP Configuration:
2002
2003 LACP, the Link Aggregation Control Protocol, is an IEEE standard that
2004 allows switches to automatically detect that they are connected by mul‐
2005 tiple links and aggregate across those links. These settings control
2006 LACP behavior.
2007
2008 lacp: optional string, one of active, off, or passive
2009 Configures LACP on this port. LACP allows directly connected
2010 switches to negotiate which links may be bonded. LACP may be en‐
2011 abled on non-bonded ports for the benefit of any switches they
2012 may be connected to. active ports are allowed to initiate LACP
2013 negotiations. passive ports are allowed to participate in LACP
2014 negotiations initiated by a remote switch, but not allowed to
2015 initiate such negotiations themselves. If LACP is enabled on a
2016 port whose partner switch does not support LACP, the bond will
2017 be disabled, unless other-config:lacp-fallback-ab is set to
2018 true. Defaults to off if unset.
2019
2020 other_config : lacp-system-id: optional string
2021 The LACP system ID of this Port. The system ID of a LACP bond is
2022 used to identify itself to its partners. Must be a nonzero MAC
2023 address. Defaults to the bridge Ethernet address if unset.
2024
2025 other_config : lacp-system-priority: optional string, containing an in‐
2026 teger, in range 1 to 65,535
2027 The LACP system priority of this Port. In LACP negotiations,
2028 link status decisions are made by the system with the numeri‐
2029 cally lower priority.
2030
2031 other_config : lacp-time: optional string, either fast or slow
2032 The LACP timing which should be used on this Port. By default
2033 slow is used. When configured to be fast LACP heartbeats are re‐
2034 quested at a rate of once per second causing connectivity prob‐
2035 lems to be detected more quickly. In slow mode, heartbeats are
2036 requested at a rate of once every 30 seconds.
2037
2038 other_config : lacp-fallback-ab: optional string, either true or false
2039 Determines the behavior of openvswitch bond in LACP mode. If the
2040 partner switch does not support LACP, setting this option to
2041 true allows openvswitch to fallback to active-backup. If the op‐
2042 tion is set to false, the bond will be disabled. In both the
2043 cases, once the partner switch is configured to LACP mode, the
2044 bond will use LACP.
2045
2046 Rebalancing Configuration:
2047
2048 These settings control behavior when a bond is in balance-slb or bal‐
2049 ance-tcp mode.
2050
2051 other_config : bond-rebalance-interval: optional string, containing an
2052 integer, in range 0 to 2,147,483,647
2053 For a load balanced bonded port, the number of milliseconds be‐
2054 tween successive attempts to rebalance the bond, that is, to
2055 move flows from one interface on the bond to another in an at‐
2056 tempt to keep usage of each interface roughly equal. If zero,
2057 load balancing is disabled on the bond (link failure still cause
2058 flows to move). If less than 1000ms, the rebalance interval will
2059 be 1000ms.
2060
2061 bond_fake_iface: boolean
2062 For a bonded port, whether to create a fake internal interface
2063 with the name of the port. Use only for compatibility with
2064 legacy software that requires this.
2065
2066 Spanning Tree Protocol:
2067
2068 The configuration here is only meaningful, and the status is only popu‐
2069 lated, when 802.1D-1998 Spanning Tree Protocol is enabled on the port’s
2070 Bridge with its stp_enable column.
2071
2072 STP Configuration:
2073
2074 other_config : stp-enable: optional string, either true or false
2075 When STP is enabled on a bridge, it is enabled by default on all
2076 of the bridge’s ports except bond, internal, and mirror ports
2077 (which do not work with STP). If this column’s value is false,
2078 STP is disabled on the port.
2079
2080 other_config : stp-port-num: optional string, containing an integer, in
2081 range 1 to 255
2082 The port number used for the lower 8 bits of the port-id. By de‐
2083 fault, the numbers will be assigned automatically. If any port’s
2084 number is manually configured on a bridge, then they must all
2085 be.
2086
2087 other_config : stp-port-priority: optional string, containing an inte‐
2088 ger, in range 0 to 255
2089 The port’s relative priority value for determining the root port
2090 (the upper 8 bits of the port-id). A port with a lower port-id
2091 will be chosen as the root port. By default, the priority is
2092 0x80.
2093
2094 other_config : stp-path-cost: optional string, containing an integer,
2095 in range 0 to 65,535
2096 Spanning tree path cost for the port. A lower number indicates a
2097 faster link. By default, the cost is based on the maximum speed
2098 of the link.
2099
2100 STP Status:
2101
2102 status : stp_port_id: optional string
2103 The port ID used in spanning tree advertisements for this port,
2104 as 4 hex digits. Configuring the port ID is described in the
2105 stp-port-num and stp-port-priority keys of the other_config sec‐
2106 tion earlier.
2107
2108 status : stp_state: optional string, one of blocking, disabled, for‐
2109 warding, learning, or listening
2110 STP state of the port.
2111
2112 status : stp_sec_in_state: optional string, containing an integer, at
2113 least 0
2114 The amount of time this port has been in the current STP state,
2115 in seconds.
2116
2117 status : stp_role: optional string, one of alternate, designated, or
2118 root
2119 STP role of the port.
2120
2121 Rapid Spanning Tree Protocol:
2122
2123 The configuration here is only meaningful, and the status and statis‐
2124 tics are only populated, when 802.1D-1998 Spanning Tree Protocol is en‐
2125 abled on the port’s Bridge with its stp_enable column.
2126
2127 RSTP Configuration:
2128
2129 other_config : rstp-enable: optional string, either true or false
2130 When RSTP is enabled on a bridge, it is enabled by default on
2131 all of the bridge’s ports except bond, internal, and mirror
2132 ports (which do not work with RSTP). If this column’s value is
2133 false, RSTP is disabled on the port.
2134
2135 other_config : rstp-port-priority: optional string, containing an inte‐
2136 ger, in range 0 to 240
2137 The port’s relative priority value for determining the root
2138 port, in multiples of 16. By default, the port priority is 0x80
2139 (128). Any value in the lower 4 bits is rounded off. The signif‐
2140 icant upper 4 bits become the upper 4 bits of the port-id. A
2141 port with the lowest port-id is elected as the root.
2142
2143 other_config : rstp-port-num: optional string, containing an integer,
2144 in range 1 to 4,095
2145 The local RSTP port number, used as the lower 12 bits of the
2146 port-id. By default the port numbers are assigned automatically,
2147 and typically may not correspond to the OpenFlow port numbers. A
2148 port with the lowest port-id is elected as the root.
2149
2150 other_config : rstp-port-path-cost: optional string, containing an in‐
2151 teger
2152 The port path cost. The Port’s contribution, when it is the Root
2153 Port, to the Root Path Cost for the Bridge. By default the cost
2154 is automatically calculated from the port’s speed.
2155
2156 other_config : rstp-port-admin-edge: optional string, either true or
2157 false
2158 The admin edge port parameter for the Port. Default is false.
2159
2160 other_config : rstp-port-auto-edge: optional string, either true or
2161 false
2162 The auto edge port parameter for the Port. Default is true.
2163
2164 other_config : rstp-port-mcheck: optional string, either true or false
2165 The mcheck port parameter for the Port. Default is false. May be
2166 set to force the Port Protocol Migration state machine to trans‐
2167 mit RST BPDUs for a MigrateTime period, to test whether all STP
2168 Bridges on the attached LAN have been removed and the Port can
2169 continue to transmit RSTP BPDUs. Setting mcheck has no effect if
2170 the Bridge is operating in STP Compatibility mode.
2171
2172 Changing the value from true to false has no effect, but needs
2173 to be done if this behavior is to be triggered again by subse‐
2174 quently changing the value from false to true.
2175
2176 RSTP Status:
2177
2178 rstp_status : rstp_port_id: optional string
2179 The port ID used in spanning tree advertisements for this port,
2180 as 4 hex digits. Configuring the port ID is described in the
2181 rstp-port-num and rstp-port-priority keys of the other_config
2182 section earlier.
2183
2184 rstp_status : rstp_port_role: optional string, one of Alternate,
2185 Backup, Designated, Disabled, or Root
2186 RSTP role of the port.
2187
2188 rstp_status : rstp_port_state: optional string, one of Disabled, Dis‐
2189 carding, Forwarding, or Learning
2190 RSTP state of the port.
2191
2192 rstp_status : rstp_designated_bridge_id: optional string
2193 The port’s RSTP designated bridge ID, in the same form as
2194 rstp_status:rstp_bridge_id in the Bridge table.
2195
2196 rstp_status : rstp_designated_port_id: optional string
2197 The port’s RSTP designated port ID, as 4 hex digits.
2198
2199 rstp_status : rstp_designated_path_cost: optional string, containing an
2200 integer
2201 The port’s RSTP designated path cost. Lower is better.
2202
2203 RSTP Statistics:
2204
2205 rstp_statistics : rstp_tx_count: optional integer
2206 Number of RSTP BPDUs transmitted through this port.
2207
2208 rstp_statistics : rstp_rx_count: optional integer
2209 Number of valid RSTP BPDUs received by this port.
2210
2211 rstp_statistics : rstp_error_count: optional integer
2212 Number of invalid RSTP BPDUs received by this port.
2213
2214 rstp_statistics : rstp_uptime: optional integer
2215 The duration covered by the other RSTP statistics, in seconds.
2216
2217 Multicast Snooping:
2218
2219 other_config : mcast-snooping-flood: optional string, either true or
2220 false
2221 If set to true, multicast packets (except Reports) are uncondi‐
2222 tionally forwarded to the specific port.
2223
2224 other_config : mcast-snooping-flood-reports: optional string, either
2225 true or false
2226 If set to true, multicast Reports are unconditionally forwarded
2227 to the specific port.
2228
2229 Other Features:
2230
2231 qos: optional QoS
2232 Quality of Service configuration for this port.
2233
2234 mac: optional string
2235 The MAC address to use for this port for the purpose of choosing
2236 the bridge’s MAC address. This column does not necessarily re‐
2237 flect the port’s actual MAC address, nor will setting it change
2238 the port’s actual MAC address.
2239
2240 fake_bridge: boolean
2241 Does this port represent a sub-bridge for its tagged VLAN within
2242 the Bridge? See ovs-vsctl(8) for more information.
2243
2244 protected: boolean
2245 The protected ports feature allows certain ports to be desig‐
2246 nated as protected. Traffic between protected ports is blocked.
2247 Protected ports can send traffic to unprotected ports. Unpro‐
2248 tected ports can send traffic to any port. Default is false.
2249
2250 external_ids : fake-bridge-id-*: optional string
2251 External IDs for a fake bridge (see the fake_bridge column) are
2252 defined by prefixing a Bridge external_ids key with
2253 fake-bridge-, e.g. fake-bridge-xs-network-uuids.
2254
2255 other_config : transient: optional string, either true or false
2256 If set to true, the port will be removed when ovs-ctl start
2257 --delete-transient-ports is used.
2258
2259 bond_active_slave: optional string
2260 For a bonded port, record the MAC address of the current active
2261 member.
2262
2263 Port Statistics:
2264
2265 Key-value pairs that report port statistics. The update period is con‐
2266 trolled by other_config:stats-update-interval in the Open_vSwitch ta‐
2267 ble.
2268
2269 Statistics: STP transmit and receive counters:
2270
2271 statistics : stp_tx_count: optional integer
2272 Number of STP BPDUs sent on this port by the spanning tree li‐
2273 brary.
2274
2275 statistics : stp_rx_count: optional integer
2276 Number of STP BPDUs received on this port and accepted by the
2277 spanning tree library.
2278
2279 statistics : stp_error_count: optional integer
2280 Number of bad STP BPDUs received on this port. Bad BPDUs include
2281 runt packets and those with an unexpected protocol ID.
2282
2283 Common Columns:
2284
2285 The overall purpose of these columns is described under Common Columns
2286 at the beginning of this document.
2287
2288 other_config: map of string-string pairs
2289
2290 external_ids: map of string-string pairs
2291
2293 An interface within a Port.
2294
2295 Summary:
2296 Core Features:
2297 name immutable string (must be unique within
2298 table)
2299 ifindex optional integer, in range 0 to
2300 4,294,967,295
2301 mac_in_use optional string
2302 mac optional string
2303 error optional string
2304 OpenFlow Port Number:
2305 ofport optional integer
2306 ofport_request optional integer, in range 1 to 65,279
2307 System-Specific Details:
2308 type string
2309 Tunnel Options:
2310 options : remote_ip optional string
2311 options : local_ip optional string
2312 options : in_key optional string
2313 options : out_key optional string
2314 options : dst_port optional string
2315 options : key optional string
2316 options : tos optional string
2317 options : ttl optional string
2318 options : df_default optional string, either true or false
2319 options : egress_pkt_mark optional string
2320 Tunnel Options: lisp only:
2321 options : packet_type optional string, either legacy_l3 or ptap
2322 Tunnel Options: vxlan only:
2323 options : exts optional string
2324 options : packet_type optional string, one of legacy_l2,
2325 legacy_l3, or ptap
2326 Tunnel Options: gre only:
2327 options : packet_type optional string, one of legacy_l2,
2328 legacy_l3, or ptap
2329 options : seq optional string, either true or false
2330 Tunnel Options: gre, ip6gre, geneve, bareudp and vxlan:
2331 options : csum optional string, either true or false
2332 Tunnel Options: IPsec:
2333 options : psk optional string
2334 options : remote_cert optional string
2335 options : remote_name optional string
2336 Tunnel Options: erspan only:
2337 options : erspan_idx optional string
2338 options : erspan_ver optional string
2339 options : erspan_dir optional string
2340 options : erspan_hwid optional string
2341 Tunnel Options: Bareudp only:
2342 options : payload_type optional string
2343 Patch Options:
2344 options : peer optional string
2345 PMD (Poll Mode Driver) Options:
2346 options : n_rxq optional string, containing an integer,
2347 at least 1
2348 options : dpdk-devargs optional string
2349 other_config : pmd-rxq-affinity
2350 optional string
2351 options : xdp-mode optional string, one of best-effort,
2352 generic, native-with-zerocopy, or native
2353 options : use-need-wakeup optional string, either true or false
2354 options : vhost-server-path
2355 optional string
2356 options : tx-retries-max optional string, containing an integer,
2357 in range 0 to 32
2358 options : n_rxq_desc optional string, containing an integer,
2359 in range 1 to 4,096
2360 options : n_txq_desc optional string, containing an integer,
2361 in range 1 to 4,096
2362 options : dpdk-vf-mac optional string
2363 other_config : tx-steering optional string, either hash or thread
2364 EMC (Exact Match Cache) Configuration:
2365 other_config : emc-enable optional string, either true or false
2366 MTU:
2367 mtu optional integer
2368 mtu_request optional integer, at least 1
2369 Interface Status:
2370 admin_state optional string, either down or up
2371 link_state optional string, either down or up
2372 link_resets optional integer
2373 link_speed optional integer
2374 duplex optional string, either full or half
2375 lacp_current optional boolean
2376 status map of string-string pairs
2377 status : driver_name optional string
2378 status : driver_version optional string
2379 status : firmware_version optional string
2380 status : source_ip optional string
2381 status : tunnel_egress_iface
2382 optional string
2383 status : tunnel_egress_iface_carrier
2384 optional string, either down or up
2385 dpdk:
2386 status : port_no optional string
2387 status : numa_id optional string
2388 status : min_rx_bufsize optional string
2389 status : max_rx_pktlen optional string
2390 status : max_rx_queues optional string
2391 status : max_tx_queues optional string
2392 status : max_mac_addrs optional string
2393 status : max_hash_mac_addrs
2394 optional string
2395 status : max_vfs optional string
2396 status : max_vmdq_pools optional string
2397 status : if_type optional string
2398 status : if_descr optional string
2399 status : pci-vendor_id optional string
2400 status : pci-device_id optional string
2401 Statistics:
2402 Statistics: Successful transmit and receive counters:
2403 statistics : rx_packets optional integer
2404 statistics : rx_bytes optional integer
2405 statistics : tx_packets optional integer
2406 statistics : tx_bytes optional integer
2407 Statistics: Receive errors:
2408 statistics : rx_dropped optional integer
2409 statistics : rx_frame_err
2410 optional integer
2411 statistics : rx_over_err optional integer
2412 statistics : rx_crc_err optional integer
2413 statistics : rx_errors optional integer
2414 Statistics: Transmit errors:
2415 statistics : tx_dropped optional integer
2416 statistics : collisions optional integer
2417 statistics : tx_errors optional integer
2418 Ingress Policing:
2419 ingress_policing_rate integer, at least 0
2420 ingress_policing_kpkts_rate
2421 integer, at least 0
2422 ingress_policing_burst integer, at least 0
2423 ingress_policing_kpkts_burst
2424 integer, at least 0
2425 Bidirectional Forwarding Detection (BFD):
2426 BFD Configuration:
2427 bfd : enable optional string, either true or false
2428 bfd : min_rx optional string, containing an integer,
2429 at least 1
2430 bfd : min_tx optional string, containing an integer,
2431 at least 1
2432 bfd : decay_min_rx optional string, containing an integer
2433 bfd : forwarding_if_rx optional string, either true or false
2434 bfd : cpath_down optional string, either true or false
2435 bfd : check_tnl_key optional string, either true or false
2436 bfd : bfd_local_src_mac optional string
2437 bfd : bfd_local_dst_mac optional string
2438 bfd : bfd_remote_dst_mac optional string
2439 bfd : bfd_src_ip optional string
2440 bfd : bfd_dst_ip optional string
2441 bfd : oam optional string
2442 bfd : mult optional string, containing an integer,
2443 in range 1 to 255
2444 BFD Status:
2445 bfd_status : state optional string, one of admin_down, down,
2446 init, or up
2447 bfd_status : forwarding optional string, either true or false
2448 bfd_status : diagnostic optional string
2449 bfd_status : remote_state
2450 optional string, one of admin_down, down,
2451 init, or up
2452 bfd_status : remote_diagnostic
2453 optional string
2454 bfd_status : flap_count optional string, containing an integer,
2455 at least 0
2456 Connectivity Fault Management:
2457 cfm_mpid optional integer
2458 cfm_flap_count optional integer
2459 cfm_fault optional boolean
2460 cfm_fault_status : recv none
2461 cfm_fault_status : rdi none
2462 cfm_fault_status : maid none
2463 cfm_fault_status : loopback
2464 none
2465 cfm_fault_status : overflow
2466 none
2467 cfm_fault_status : override
2468 none
2469 cfm_fault_status : interval
2470 none
2471 cfm_remote_opstate optional string, either down or up
2472 cfm_health optional integer, in range 0 to 100
2473 cfm_remote_mpids set of integers
2474 other_config : cfm_interval
2475 optional string, containing an integer
2476 other_config : cfm_extended
2477 optional string, either true or false
2478 other_config : cfm_demand optional string, either true or false
2479 other_config : cfm_opstate optional string, either down or up
2480 other_config : cfm_ccm_vlan
2481 optional string, containing an integer,
2482 in range 1 to 4,095
2483 other_config : cfm_ccm_pcp optional string, containing an integer,
2484 in range 1 to 7
2485 Bonding Configuration:
2486 other_config : lacp-port-id
2487 optional string, containing an integer,
2488 in range 1 to 65,535
2489 other_config : lacp-port-priority
2490 optional string, containing an integer,
2491 in range 1 to 65,535
2492 other_config : lacp-aggregation-key
2493 optional string, containing an integer,
2494 in range 1 to 65,535
2495 Virtual Machine Identifiers:
2496 external_ids : attached-mac
2497 optional string
2498 external_ids : iface-id optional string
2499 external_ids : iface-status
2500 optional string, either active or inac‐
2501 tive
2502 external_ids : xs-vif-uuid optional string
2503 external_ids : xs-network-uuid
2504 optional string
2505 external_ids : vm-id optional string
2506 external_ids : xs-vm-uuid optional string
2507 Auto Attach Configuration:
2508 lldp : enable optional string, either true or false
2509 Flow control Configuration:
2510 options : rx-flow-ctrl optional string, either true or false
2511 options : tx-flow-ctrl optional string, either true or false
2512 options : flow-ctrl-autoneg
2513 optional string, either true or false
2514 Link State Change detection mode:
2515 options : dpdk-lsc-interrupt
2516 optional string, either true or false
2517 Common Columns:
2518 other_config map of string-string pairs
2519 external_ids map of string-string pairs
2520
2521 Details:
2522 Core Features:
2523
2524 name: immutable string (must be unique within table)
2525 Interface name. Should be alphanumeric. For non-bonded port,
2526 this should be the same as the port name. It must otherwise be
2527 unique among the names of ports, interfaces, and bridges on a
2528 host.
2529
2530 The maximum length of an interface name depends on the underly‐
2531 ing datapath:
2532
2533 • The names of interfaces implemented as Linux and BSD net‐
2534 work devices, including interfaces with type internal,
2535 tap, or system plus the different types of tunnel ports,
2536 are limited to 15 bytes. Windows limits these names to
2537 255 bytes.
2538
2539 • The names of patch ports are not used in the underlying
2540 datapath, so operating system restrictions do not apply.
2541 Thus, they may have arbitrary length.
2542
2543 Regardless of other restrictions, OpenFlow only supports 15-byte
2544 names, which means that ovs-ofctl and OpenFlow controllers will
2545 show names truncated to 15 bytes.
2546
2547 ifindex: optional integer, in range 0 to 4,294,967,295
2548 A positive interface index as defined for SNMP MIB-II in RFCs
2549 1213 and 2863, if the interface has one, otherwise 0. The
2550 ifindex is useful for seamless integration with protocols such
2551 as SNMP and sFlow.
2552
2553 mac_in_use: optional string
2554 The MAC address in use by this interface.
2555
2556 mac: optional string
2557 Ethernet address to set for this interface. If unset then the
2558 default MAC address is used:
2559
2560 • For the local interface, the default is the lowest-num‐
2561 bered MAC address among the other bridge ports, either
2562 the value of the mac in its Port record, if set, or its
2563 actual MAC (for bonded ports, the MAC of its member whose
2564 name is first in alphabetical order). Internal ports and
2565 bridge ports that are used as port mirroring destinations
2566 (see the Mirror table) are ignored.
2567
2568 • For other internal interfaces, the default MAC is ran‐
2569 domly generated.
2570
2571 • External interfaces typically have a MAC address associ‐
2572 ated with their hardware.
2573
2574 Some interfaces may not have a software-controllable MAC ad‐
2575 dress. This option only affects internal ports. For other type
2576 ports, you can change the MAC address outside Open vSwitch, us‐
2577 ing ip command.
2578
2579 error: optional string
2580 If the configuration of the port failed, as indicated by -1 in
2581 ofport, Open vSwitch sets this column to an error description in
2582 human readable form. Otherwise, Open vSwitch clears this column.
2583
2584 OpenFlow Port Number:
2585
2586 When a client adds a new interface, Open vSwitch chooses an OpenFlow
2587 port number for the new port. If the client that adds the port fills in
2588 ofport_request, then Open vSwitch tries to use its value as the Open‐
2589 Flow port number. Otherwise, or if the requested port number is already
2590 in use or cannot be used for another reason, Open vSwitch automatically
2591 assigns a free port number. Regardless of how the port number was ob‐
2592 tained, Open vSwitch then reports in ofport the port number actually
2593 assigned.
2594
2595 Open vSwitch limits the port numbers that it automatically assigns to
2596 the range 1 through 32,767, inclusive. Controllers therefore have free
2597 use of ports 32,768 and up.
2598
2599 ofport: optional integer
2600 OpenFlow port number for this interface. Open vSwitch sets this
2601 column’s value, so other clients should treat it as read-only.
2602
2603 The OpenFlow ``local’’ port (OFPP_LOCAL) is 65,534. The other
2604 valid port numbers are in the range 1 to 65,279, inclusive.
2605 Value -1 indicates an error adding the interface.
2606
2607 ofport_request: optional integer, in range 1 to 65,279
2608 Requested OpenFlow port number for this interface.
2609
2610 A client should ideally set this column’s value in the same
2611 database transaction that it uses to create the interface. Open
2612 vSwitch version 2.1 and later will honor a later request for a
2613 specific port number, althuogh it might confuse some con‐
2614 trollers: OpenFlow does not have a way to announce a port number
2615 change, so Open vSwitch represents it over OpenFlow as a port
2616 deletion followed immediately by a port addition.
2617
2618 If ofport_request is set or changed to some other port’s auto‐
2619 matically assigned port number, Open vSwitch chooses a new port
2620 number for the latter port.
2621
2622 System-Specific Details:
2623
2624 type: string
2625 The interface type. The types supported by a particular instance
2626 of Open vSwitch are listed in the iface_types column in the
2627 Open_vSwitch table. The following types are defined:
2628
2629 system An ordinary network device, e.g. eth0 on Linux. Sometimes
2630 referred to as ``external interfaces’’ since they are
2631 generally connected to hardware external to that on which
2632 the Open vSwitch is running. The empty string is a syn‐
2633 onym for system.
2634
2635 internal
2636 A simulated network device that sends and receives traf‐
2637 fic. An internal interface whose name is the same as its
2638 bridge’s name is called the ``local interface.’’ It does
2639 not make sense to bond an internal interface, so the
2640 terms ``port’’ and ``interface’’ are often used impre‐
2641 cisely for internal interfaces.
2642
2643 tap A TUN/TAP device managed by Open vSwitch.
2644
2645 Open vSwitch checks the interface state before send pack‐
2646 ets to the device. When it is down, the packets are
2647 dropped and the tx_dropped statistic is updated accord‐
2648 ingly. Older versions of Open vSwitch did not check the
2649 interface state and then the tx_packets was incremented
2650 along with tx_dropped.
2651
2652 geneve An Ethernet over Geneve
2653 (http://tools.ietf.org/html/draft-ietf-nvo3-geneve)
2654 IPv4/IPv6 tunnel. A description of how to match and set
2655 Geneve options can be found in the ovs-ofctl manual page.
2656
2657 gre Generic Routing Encapsulation (GRE) over IPv4 tunnel,
2658 configurable to encapsulate layer 2 or layer 3 traffic.
2659
2660 ip6gre Generic Routing Encapsulation (GRE) over IPv6 tunnel, en‐
2661 capsulate layer 2 traffic.
2662
2663 vxlan An Ethernet tunnel over the UDP-based VXLAN protocol de‐
2664 scribed in RFC 7348.
2665
2666 Open vSwitch uses IANA-assigned UDP destination port
2667 4789. The source port used for VXLAN traffic varies on a
2668 per-flow basis and is in the ephemeral port range.
2669
2670 lisp A layer 3 tunnel over the experimental, UDP-based Loca‐
2671 tor/ID Separation Protocol (RFC 6830).
2672
2673 Only IPv4 and IPv6 packets are supported by the protocol,
2674 and they are sent and received without an Ethernet
2675 header. Traffic to/from LISP ports is expected to be con‐
2676 figured explicitly, and the ports are not intended to
2677 participate in learning based switching. As such, they
2678 are always excluded from packet flooding.
2679
2680 stt The Stateless TCP Tunnel (STT) is particularly useful
2681 when tunnel endpoints are in end-systems, as it utilizes
2682 the capabilities of standard network interface cards to
2683 improve performance. STT utilizes a TCP-like header in‐
2684 side the IP header. It is stateless, i.e., there is no
2685 TCP connection state of any kind associated with the tun‐
2686 nel. The TCP-like header is used to leverage the capabil‐
2687 ities of existing network interface cards, but should not
2688 be interpreted as implying any sort of connection state
2689 between endpoints. Since the STT protocol does not engage
2690 in the usual TCP 3-way handshake, so it will have diffi‐
2691 culty traversing stateful firewalls. The protocol is doc‐
2692 umented at https://tools.ietf.org/html/draft-davie-stt
2693 All traffic uses a default destination port of 7471.
2694
2695 patch A pair of virtual devices that act as a patch cable.
2696
2697 gtpu GPRS Tunneling Protocol (GTP) is a group of IP-based com‐
2698 munications protocols used to carry general packet radio
2699 service (GPRS) within GSM, UMTS and LTE networks. GTP-U
2700 is used for carrying user data within the GPRS core net‐
2701 work and between the radio access network and the core
2702 network. The user data transported can be packets in any
2703 of IPv4, IPv6, or PPP formats.
2704
2705 The protocol is documented at http://www.3gpp.org/DynaRe‐
2706 port/29281.htm
2707
2708 Open vSwitch uses UDP destination port 2152. The source
2709 port used for GTP traffic varies on a per-flow basis and
2710 is in the ephemeral port range.
2711
2712 Bareudp
2713 The Bareudp tunnel provides a generic L3 encapsulation
2714 support for tunnelling different L3 protocols like MPLS,
2715 IP, NSH etc. inside a UDP tunnel.
2716
2717 Tunnel Options:
2718
2719 These options apply to interfaces with type of geneve, bareudp, gre,
2720 ip6gre, vxlan, lisp and stt.
2721
2722 Each tunnel must be uniquely identified by the combination of type, op‐
2723 tions:remote_ip, options:local_ip, and options:in_key. If two ports are
2724 defined that are the same except one has an optional identifier and the
2725 other does not, the more specific one is matched first. options:in_key
2726 is considered more specific than options:local_ip if a port defines one
2727 and another port defines the other. options:in_key is not applicable
2728 for bareudp tunnels. Hence it is not considered while identifying a
2729 bareudp tunnel.
2730
2731 options : remote_ip: optional string
2732 Required. The remote tunnel endpoint, one of:
2733
2734 • An IPv4 or IPv6 address (not a DNS name), e.g.
2735 192.168.0.123. Only unicast endpoints are supported.
2736
2737 • The word flow. The tunnel accepts packets from any remote
2738 tunnel endpoint. To process only packets from a specific
2739 remote tunnel endpoint, the flow entries may match on the
2740 tun_src or tun_ipv6_srcfield. When sending packets to a
2741 remote_ip=flow tunnel, the flow actions must explicitly
2742 set the tun_dst or tun_ipv6_dst field to the IP address
2743 of the desired remote tunnel endpoint, e.g. with a
2744 set_field action.
2745
2746 The remote tunnel endpoint for any packet received from a tunnel
2747 is available in the tun_src field for matching in the flow ta‐
2748 ble.
2749
2750 options : local_ip: optional string
2751 Optional. The tunnel destination IP that received packets must
2752 match. Default is to match all addresses. If specified, may be
2753 one of:
2754
2755 • An IPv4/IPv6 address (not a DNS name), e.g. 192.168.12.3.
2756
2757 • The word flow. The tunnel accepts packets sent to any of
2758 the local IP addresses of the system running OVS. To
2759 process only packets sent to a specific IP address, the
2760 flow entries may match on the tun_dst or tun_ipv6_dst
2761 field. When sending packets to a local_ip=flow tunnel,
2762 the flow actions may explicitly set the tun_src or
2763 tun_ipv6_src field to the desired IP address, e.g. with a
2764 set_field action. However, while routing the tunneled
2765 packet out, the local system may override the specified
2766 address with the local IP address configured for the out‐
2767 going system interface.
2768
2769 This option is valid only for tunnels also configured
2770 with the remote_ip=flow option.
2771
2772 The tunnel destination IP address for any packet received from a
2773 tunnel is available in the tun_dst or tun_ipv6_dst field for
2774 matching in the flow table.
2775
2776 options : in_key: optional string
2777 Optional, not applicable for bareudp. The key that received
2778 packets must contain, one of:
2779
2780 • 0. The tunnel receives packets with no key or with a key
2781 of 0. This is equivalent to specifying no options:in_key
2782 at all.
2783
2784 • A positive 24-bit (for Geneve, VXLAN, and LISP), 32-bit
2785 (for GRE) or 64-bit (for STT) number. The tunnel receives
2786 only packets with the specified key.
2787
2788 • The word flow. The tunnel accepts packets with any key.
2789 The key will be placed in the tun_id field for matching
2790 in the flow table. The ovs-fields(7) manual page contains
2791 additional information about matching fields in OpenFlow
2792 flows.
2793
2794 options : out_key: optional string
2795 Optional, not applicable for bareudp. The key to be set on out‐
2796 going packets, one of:
2797
2798 • 0. Packets sent through the tunnel will have no key. This
2799 is equivalent to specifying no options:out_key at all.
2800
2801 • A positive 24-bit (for Geneve, VXLAN and LISP), 32-bit
2802 (for GRE) or 64-bit (for STT) number. Packets sent
2803 through the tunnel will have the specified key.
2804
2805 • The word flow. Packets sent through the tunnel will have
2806 the key set using the set_tunnel Nicira OpenFlow vendor
2807 extension (0 is used in the absence of an action). The
2808 ovs-fields(7) manual page contains additional information
2809 about the Nicira OpenFlow vendor extensions.
2810
2811 options : dst_port: optional string
2812 Optional. The tunnel transport layer destination port, for UDP
2813 and TCP based tunnel protocols (Geneve, VXLAN, LISP, and STT).
2814
2815 options : key: optional string
2816 Optional. Shorthand to set in_key and out_key at the same time.
2817
2818 options : tos: optional string
2819 Optional. The value of the ToS bits to be set on the encapsulat‐
2820 ing packet. ToS is interpreted as DSCP and ECN bits, ECN part
2821 must be zero. It may also be the word inherit, in which case the
2822 ToS will be copied from the inner packet if it is IPv4 or IPv6
2823 (otherwise it will be 0). The ECN fields are always inherited.
2824 Default is 0.
2825
2826 options : ttl: optional string
2827 Optional. The TTL to be set on the encapsulating packet. It may
2828 also be the word inherit, in which case the TTL will be copied
2829 from the inner packet if it is IPv4 or IPv6 (otherwise it will
2830 be the system default, typically 64). Default is the system de‐
2831 fault TTL.
2832
2833 options : df_default: optional string, either true or false
2834 Optional. If enabled, the Don’t Fragment bit will be set on tun‐
2835 nel outer headers to allow path MTU discovery. Default is en‐
2836 abled; set to false to disable.
2837
2838 options : egress_pkt_mark: optional string
2839 Optional. The pkt_mark to be set on the encapsulating packet.
2840 This option sets packet mark for the tunnel endpoint for all
2841 tunnel packets including tunnel monitoring.
2842
2843 Tunnel Options: lisp only:
2844
2845 options : packet_type: optional string, either legacy_l3 or ptap
2846 A LISP tunnel sends and receives only IPv4 and IPv6 packets.
2847 This option controls what how the tunnel represents the packets
2848 that it sends and receives:
2849
2850 • By default, or if this option is legacy_l3, the tunnel
2851 represents packets as Ethernet frames for compatibility
2852 with legacy OpenFlow controllers that expect this behav‐
2853 ior.
2854
2855 • If this option is ptap, the tunnel represents packets us‐
2856 ing the packet_type mechanism introduced in OpenFlow 1.5.
2857
2858 Tunnel Options: vxlan only:
2859
2860 options : exts: optional string
2861 Optional. Comma separated list of optional VXLAN extensions to
2862 enable. The following extensions are supported:
2863
2864 • gbp: VXLAN-GBP allows to transport the group policy con‐
2865 text of a packet across the VXLAN tunnel to other network
2866 peers. See the description of tun_gbp_id and
2867 tun_gbp_flags in ovs-fields(7) for additional informa‐
2868 tion.
2869 (https://tools.ietf.org/html/draft-smith-vxlan-group-pol‐
2870 icy)
2871
2872 • gpe: Support for Generic Protocol Encapsulation in accor‐
2873 dance with IETF draft
2874 https://tools.ietf.org/html/draft-ietf-nvo3-vxlan-gpe.
2875 Without this option, a VXLAN packet always encapsulates
2876 an Ethernet frame. With this option, an VXLAN packet may
2877 also encapsulate an IPv4, IPv6, NSH, or MPLS packet.
2878
2879 options : packet_type: optional string, one of legacy_l2, legacy_l3, or
2880 ptap
2881 This option controls what types of packets the tunnel sends and
2882 receives and how it represents them:
2883
2884 • By default, or if this option is legacy_l2, the tunnel
2885 sends and receives only Ethernet frames.
2886
2887 • If this option is legacy_l3, the tunnel sends and re‐
2888 ceives only non-Ethernet (L3) packet, but the packets are
2889 represented as Ethernet frames for compatibility with
2890 legacy OpenFlow controllers that expect this behavior.
2891 This requires enabling gpe in options:exts.
2892
2893 • If this option is ptap, Open vSwitch represents packets
2894 in the tunnel using the packet_type mechanism introduced
2895 in OpenFlow 1.5. This mechanism supports any kind of
2896 packet, but actually sending and receiving non-Ethernet
2897 packets requires additionally enabling gpe in op‐
2898 tions:exts.
2899
2900 Tunnel Options: gre only:
2901
2902 gre interfaces support these options.
2903
2904 options : packet_type: optional string, one of legacy_l2, legacy_l3, or
2905 ptap
2906 This option controls what types of packets the tunnel sends and
2907 receives and how it represents them:
2908
2909 • By default, or if this option is legacy_l2, the tunnel
2910 sends and receives only Ethernet frames.
2911
2912 • If this option is legacy_l3, the tunnel sends and re‐
2913 ceives only non-Ethernet (L3) packet, but the packets are
2914 represented as Ethernet frames for compatibility with
2915 legacy OpenFlow controllers that expect this behavior.
2916
2917 • The legacy_l3 option is only available via the user space
2918 datapath. The OVS kernel datapath does not support de‐
2919 vices of type ARPHRD_IPGRE which is the requirement for
2920 legacy_l3 type packets.
2921
2922 • If this option is ptap, the tunnel sends and receives any
2923 kind of packet. Open vSwitch represents packets in the
2924 tunnel using the packet_type mechanism introduced in
2925 OpenFlow 1.5.
2926
2927 options : seq: optional string, either true or false
2928 Optional. A 4-byte sequence number field for GRE tunnel only.
2929 Default is disabled, set to true to enable. Sequence number is
2930 incremented by one on each outgoing packet.
2931
2932 Tunnel Options: gre, ip6gre, geneve, bareudp and vxlan:
2933
2934 gre, ip6gre, geneve, bareudp and vxlan interfaces support these op‐
2935 tions.
2936
2937 options : csum: optional string, either true or false
2938 Optional. Compute encapsulation header (either GRE or UDP)
2939 checksums on outgoing packets. Default is disabled, set to true
2940 to enable. Checksums present on incoming packets will be vali‐
2941 dated regardless of this setting.
2942
2943 When using the upstream Linux kernel module, computation of
2944 checksums for geneve and vxlan requires Linux kernel version 4.0
2945 or higher. gre and ip6gre support checksums for all versions of
2946 Open vSwitch that support GRE. The out of tree kernel module
2947 distributed as part of OVS can compute all tunnel checksums on
2948 any kernel version that it is compatible with.
2949
2950 Tunnel Options: IPsec:
2951
2952 Setting any of these options enables IPsec support for a given tunnel.
2953 gre, geneve, vxlan and stt interfaces support these options. See the
2954 IPsec section in the Open_vSwitch table for a description of each mode.
2955
2956 options : psk: optional string
2957 In PSK mode only, the preshared secret to negotiate tunnel. This
2958 value must match on both tunnel ends.
2959
2960 options : remote_cert: optional string
2961 In self-signed certificate mode only, name of a PEM file con‐
2962 taining a certificate of the remote switch. The certificate must
2963 be x.509 version 3 and with the string in common name (CN) also
2964 set in the subject alternative name (SAN).
2965
2966 options : remote_name: optional string
2967 In CA-signed certificate mode only, common name (CN) of the re‐
2968 mote certificate.
2969
2970 Tunnel Options: erspan only:
2971
2972 Only erspan interfaces support these options.
2973
2974 options : erspan_idx: optional string
2975 20 bit index/port number associated with the ERSPAN traffic’s
2976 source port and direction (ingress/egress). This field is plat‐
2977 form dependent.
2978
2979 options : erspan_ver: optional string
2980 ERSPAN version: 1 for version 1 (type II) or 2 for version 2
2981 (type III).
2982
2983 options : erspan_dir: optional string
2984 Specifies the ERSPAN v2 mirrored traffic’s direction. 1 for
2985 egress traffic, and 0 for ingress traffic.
2986
2987 options : erspan_hwid: optional string
2988 ERSPAN hardware ID is a 6-bit unique identifier of an ERSPAN v2
2989 engine within a system.
2990
2991 Tunnel Options: Bareudp only:
2992
2993 options : payload_type: optional string
2994 Specifies the ethertype of the l3 protocol the bareudp device is
2995 tunnelling. For the tunnels which supports multiple ethertypes
2996 of a l3 protocol (IP, MPLS) this field specifies the protocol
2997 name as a string.
2998
2999 Patch Options:
3000
3001 These options apply only to patch ports, that is, interfaces whose type
3002 column is patch. Patch ports are mainly a way to connect otherwise in‐
3003 dependent bridges to one another, similar to how one might plug an Eth‐
3004 ernet cable (a ``patch cable’’) into two physical switches to connect
3005 those switches. The effect of plugging a patch port into two switches
3006 is conceptually similar to that of plugging the two ends of a Linux
3007 veth device into those switches, but the implementation of patch ports
3008 makes them much more efficient.
3009
3010 Patch ports may connect two different bridges (the usual case) or the
3011 same bridge. In the latter case, take special care to avoid loops, e.g.
3012 by programming appropriate flows with OpenFlow. Patch ports do not work
3013 if its ends are attached to bridges on different datapaths, e.g. to
3014 connect bridges in system and netdev datapaths.
3015
3016 The following command creates and connects patch ports p0 and p1 and
3017 adds them to bridges br0 and br1, respectively:
3018
3019 ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
3020 -- add-port br1 p1 -- set Interface p1 type=patch options:peer=p0
3021
3022
3023 options : peer: optional string
3024 The name of the Interface for the other side of the patch. The
3025 named Interface’s own peer option must specify this Interface’s
3026 name. That is, the two patch interfaces must have reversed name
3027 and peer values.
3028
3029 PMD (Poll Mode Driver) Options:
3030
3031 Only PMD netdevs support these options.
3032
3033 options : n_rxq: optional string, containing an integer, at least 1
3034 Specifies the maximum number of rx queues to be created for PMD
3035 netdev. If not specified or specified to 0, one rx queue will be
3036 created by default. Not supported by DPDK vHost interfaces.
3037
3038 options : dpdk-devargs: optional string
3039 Specifies the PCI address associated with the port for physical
3040 devices, or the virtual driver to be used for the port when a
3041 virtual PMD is intended to be used. For the latter, the argument
3042 string typically takes the form of eth_driver_namex, where
3043 driver_name is a valid virtual DPDK PMD driver name and x is a
3044 unique identifier of your choice for the given port. Only sup‐
3045 ported by the dpdk port type.
3046
3047 other_config : pmd-rxq-affinity: optional string
3048 Specifies mapping of RX queues of this interface to CPU cores.
3049
3050 Value should be set in the following form:
3051
3052 other_config:pmd-rxq-affinity=<rxq-affinity-list>
3053
3054 where
3055
3056 • <rxq-affinity-list> ::= NULL | <non-empty-list>
3057
3058 • <non-empty-list> ::= <affinity-pair> | <affinity-pair> ,
3059 <non-empty-list>
3060
3061 • <affinity-pair> ::= <queue-id> : <core-id>
3062
3063 options : xdp-mode: optional string, one of best-effort, generic, na‐
3064 tive-with-zerocopy, or native
3065 Specifies the operational mode of the XDP program.
3066
3067 In native-with-zerocopy mode the XDP program is loaded into the
3068 device driver with zero-copy RX and TX enabled. This mode re‐
3069 quires device driver support and has the best performance be‐
3070 cause there should be no copying of packets.
3071
3072 native is the same as native-with-zerocopy, but without zero-
3073 copy capability. This requires at least one copy between kernel
3074 and the userspace. This mode also requires support from device
3075 driver.
3076
3077 In generic case the XDP program in kernel works after skb allo‐
3078 cation on early stages of packet processing inside the network
3079 stack. This mode doesn’t require driver support, but has much
3080 lower performance.
3081
3082 best-effort tries to detect and choose the best (fastest) from
3083 the available modes for current interface.
3084
3085 Note that this option is specific to netdev-afxdp. Defaults to
3086 best-effort mode.
3087
3088 options : use-need-wakeup: optional string, either true or false
3089 Specifies whether to use need_wakeup feature in afxdp netdev. If
3090 enabled, OVS explicitly wakes up the kernel RX, using poll()
3091 syscall and wakes up TX, using sendto() syscall. For physical
3092 devices, this feature improves the performance by avoiding un‐
3093 necessary sendto syscalls. Defaults to true if supported by
3094 libbpf.
3095
3096 options : vhost-server-path: optional string
3097 The value specifies the path to the socket associated with a
3098 vHost User client mode device that has been or will be created
3099 by QEMU. Only supported by dpdkvhostuserclient interfaces.
3100
3101 options : tx-retries-max: optional string, containing an integer, in
3102 range 0 to 32
3103 The value specifies the maximum amount of vhost tx retries that
3104 can be made while trying to send a batch of packets to an inter‐
3105 face. Only supported by dpdkvhostuserclient interfaces.
3106
3107 Default value is 8.
3108
3109 options : n_rxq_desc: optional string, containing an integer, in range
3110 1 to 4,096
3111 Specifies the rx queue size (number rx descriptors) for dpdk
3112 ports. The value must be a power of 2, less than 4096 and sup‐
3113 ported by the hardware of the device being configured. If not
3114 specified or an incorrect value is specified, 2048 rx descrip‐
3115 tors will be used by default.
3116
3117 options : n_txq_desc: optional string, containing an integer, in range
3118 1 to 4,096
3119 Specifies the tx queue size (number tx descriptors) for dpdk
3120 ports. The value must be a power of 2, less than 4096 and sup‐
3121 ported by the hardware of the device being configured. If not
3122 specified or an incorrect value is specified, 2048 tx descrip‐
3123 tors will be used by default.
3124
3125 options : dpdk-vf-mac: optional string
3126 Ethernet address to set for this VF interface. If unset then the
3127 default MAC address is used:
3128
3129 • For most drivers, the default MAC address assigned by
3130 their hardware.
3131
3132 • For bifurcated drivers, the MAC currently used by the
3133 kernel netdevice.
3134
3135 This option may only be used with dpdk VF representors.
3136
3137 other_config : tx-steering: optional string, either hash or thread
3138 Specifies the Tx steering mode for the interface.
3139
3140 thread enables static (1:1) thread-to-txq mapping when the num‐
3141 ber of Tx queues is greater than number of PMD threads, and dy‐
3142 namic (N:1) mapping if equal or lower. In this mode a single
3143 thread can not use more than 1 transmit queue of a given port.
3144
3145 hash enables hash-based Tx steering, which distributes the pack‐
3146 ets on all the transmit queues based on their 5-tuples hashes.
3147
3148 Defaults to thread.
3149
3150 EMC (Exact Match Cache) Configuration:
3151
3152 These settings controls behaviour of EMC lookups/insertions for packets
3153 received from the interface.
3154
3155 other_config : emc-enable: optional string, either true or false
3156 Specifies if Exact Match Cache (EMC) should be used while pro‐
3157 cessing packets received from this interface. If true,
3158 other_config:emc-insert-inv-prob will have effect on this inter‐
3159 face.
3160
3161 Defaults to true.
3162
3163 MTU:
3164
3165 The MTU (maximum transmission unit) is the largest amount of data that
3166 can fit into a single Ethernet frame. The standard Ethernet MTU is 1500
3167 bytes. Some physical media and many kinds of virtual interfaces can be
3168 configured with higher MTUs.
3169
3170 A client may change an interface MTU by filling in mtu_request. Open
3171 vSwitch then reports in mtu the currently configured value.
3172
3173 mtu: optional integer
3174 The currently configured MTU for the interface.
3175
3176 This column will be empty for an interface that does not have an
3177 MTU as, for example, some kinds of tunnels do not.
3178
3179 Open vSwitch sets this column’s value, so other clients should
3180 treat it as read-only.
3181
3182 mtu_request: optional integer, at least 1
3183 Requested MTU (Maximum Transmission Unit) for the interface. A
3184 client can fill this column to change the MTU of an interface.
3185
3186 RFC 791 requires every internet module to be able to forward a
3187 datagram of 68 octets without further fragmentation. The maximum
3188 size of an IP packet is 65535 bytes.
3189
3190 If this is not set and if the interface has internal type, Open
3191 vSwitch will change the MTU to match the minimum of the other
3192 interfaces in the bridge.
3193
3194 Interface Status:
3195
3196 Status information about interfaces attached to bridges, updated every
3197 5 seconds. Not all interfaces have all of these properties; virtual in‐
3198 terfaces don’t have a link speed, for example. Non-applicable columns
3199 will have empty values.
3200
3201 admin_state: optional string, either down or up
3202 The administrative state of the physical network link.
3203
3204 link_state: optional string, either down or up
3205 The observed state of the physical network link. This is ordi‐
3206 narily the link’s carrier status. If the interface’s Port is a
3207 bond configured for miimon monitoring, it is instead the network
3208 link’s miimon status.
3209
3210 link_resets: optional integer
3211 The number of times Open vSwitch has observed the link_state of
3212 this Interface change.
3213
3214 link_speed: optional integer
3215 The negotiated speed of the physical network link. Valid values
3216 are positive integers greater than 0.
3217
3218 duplex: optional string, either full or half
3219 The duplex mode of the physical network link.
3220
3221 lacp_current: optional boolean
3222 Boolean value indicating LACP status for this interface. If
3223 true, this interface has current LACP information about its LACP
3224 partner. This information may be used to monitor the health of
3225 interfaces in a LACP enabled port. This column will be empty if
3226 LACP is not enabled.
3227
3228 status: map of string-string pairs
3229 Key-value pairs that report port status. Supported status values
3230 are type-dependent; some interfaces may not have a valid sta‐
3231 tus:driver_name, for example.
3232
3233 status : driver_name: optional string
3234 The name of the device driver controlling the network adapter.
3235
3236 status : driver_version: optional string
3237 The version string of the device driver controlling the network
3238 adapter.
3239
3240 status : firmware_version: optional string
3241 The version string of the network adapter’s firmware, if avail‐
3242 able.
3243
3244 status : source_ip: optional string
3245 The source IP address used for an IPv4/IPv6 tunnel end-point,
3246 such as gre.
3247
3248 status : tunnel_egress_iface: optional string
3249 Egress interface for tunnels. Currently only relevant for tun‐
3250 nels on Linux systems, this column will show the name of the in‐
3251 terface which is responsible for routing traffic destined for
3252 the configured options:remote_ip. This could be an internal in‐
3253 terface such as a bridge port.
3254
3255 status : tunnel_egress_iface_carrier: optional string, either down or
3256 up
3257 Whether carrier is detected on status:tunnel_egress_iface.
3258
3259 dpdk:
3260
3261 DPDK specific interface status options.
3262
3263 status : port_no: optional string
3264 DPDK port ID.
3265
3266 status : numa_id: optional string
3267 NUMA socket ID to which an Ethernet device is connected.
3268
3269 status : min_rx_bufsize: optional string
3270 Minimum size of RX buffer.
3271
3272 status : max_rx_pktlen: optional string
3273 Maximum configurable length of RX pkt.
3274
3275 status : max_rx_queues: optional string
3276 Maximum number of RX queues.
3277
3278 status : max_tx_queues: optional string
3279 Maximum number of TX queues.
3280
3281 status : max_mac_addrs: optional string
3282 Maximum number of MAC addresses.
3283
3284 status : max_hash_mac_addrs: optional string
3285 Maximum number of hash MAC addresses for MTA and UTA.
3286
3287 status : max_vfs: optional string
3288 Maximum number of hash MAC addresses for MTA and UTA. Maximum
3289 number of VFs.
3290
3291 status : max_vmdq_pools: optional string
3292 Maximum number of VMDq pools.
3293
3294 status : if_type: optional string
3295 Interface type ID according to IANA ifTYPE MIB definitions.
3296
3297 status : if_descr: optional string
3298 Interface description string.
3299
3300 status : pci-vendor_id: optional string
3301 Vendor ID of PCI device.
3302
3303 status : pci-device_id: optional string
3304 Device ID of PCI device.
3305
3306 Statistics:
3307
3308 Key-value pairs that report interface statistics. The current implemen‐
3309 tation updates these counters periodically. The update period is con‐
3310 trolled by other_config:stats-update-interval in the Open_vSwitch ta‐
3311 ble. Future implementations may update them when an interface is cre‐
3312 ated, when they are queried (e.g. using an OVSDB select operation), and
3313 just before an interface is deleted due to virtual interface hot-unplug
3314 or VM shutdown, and perhaps at other times, but not on any regular pe‐
3315 riodic basis.
3316
3317 These are the same statistics reported by OpenFlow in its struct
3318 ofp_port_stats structure. If an interface does not support a given
3319 statistic, then that pair is omitted.
3320
3321 Statistics: Successful transmit and receive counters:
3322
3323 statistics : rx_packets: optional integer
3324 Number of received packets.
3325
3326 statistics : rx_bytes: optional integer
3327 Number of received bytes.
3328
3329 statistics : tx_packets: optional integer
3330 Number of transmitted packets.
3331
3332 statistics : tx_bytes: optional integer
3333 Number of transmitted bytes.
3334
3335 Statistics: Receive errors:
3336
3337 statistics : rx_dropped: optional integer
3338 Number of packets dropped by RX.
3339
3340 statistics : rx_frame_err: optional integer
3341 Number of frame alignment errors.
3342
3343 statistics : rx_over_err: optional integer
3344 Number of packets with RX overrun.
3345
3346 statistics : rx_crc_err: optional integer
3347 Number of CRC errors.
3348
3349 statistics : rx_errors: optional integer
3350 Total number of receive errors, greater than or equal to the sum
3351 of the above.
3352
3353 Statistics: Transmit errors:
3354
3355 statistics : tx_dropped: optional integer
3356 Number of packets dropped by TX.
3357
3358 statistics : collisions: optional integer
3359 Number of collisions.
3360
3361 statistics : tx_errors: optional integer
3362 Total number of transmit errors, greater than or equal to the
3363 sum of the above.
3364
3365 Ingress Policing:
3366
3367 These settings control ingress policing for packets received on this
3368 interface. On a physical interface, this limits the rate at which traf‐
3369 fic is allowed into the system from the outside; on a virtual interface
3370 (one connected to a virtual machine), this limits the rate at which the
3371 VM is able to transmit.
3372
3373 Policing is a simple form of quality-of-service that simply drops pack‐
3374 ets received in excess of the configured rate. Due to its simplicity,
3375 policing is usually less accurate and less effective than egress QoS
3376 (which is configured using the QoS and Queue tables).
3377
3378 Policing settings can be set with byte rate or packet rate, and they
3379 can be configured together, in which case they take effect together,
3380 that means the smaller speed limit of them is in effect.
3381
3382 Currently, byte rate policing is implemented on Linux and OVS with
3383 DPDK, while packet rate policing is only implemented on Linux. Both
3384 Linux and OVS DPDK implementations use a simple ``token bucket’’ ap‐
3385 proach.
3386
3387 Byte rate policing:
3388
3389 • The size of the bucket corresponds to ingress_polic‐
3390 ing_burst. Initially the bucket is full.
3391
3392 • Whenever a packet is received, its size (converted to to‐
3393 kens) is compared to the number of tokens currently in
3394 the bucket. If the required number of tokens are avail‐
3395 able, they are removed and the packet is forwarded. Oth‐
3396 erwise, the packet is dropped.
3397
3398 • Whenever it is not full, the bucket is refilled with to‐
3399 kens at the rate specified by ingress_policing_rate.
3400
3401 Packet rate policing:
3402
3403 • The size of the bucket corresponds to ingress_polic‐
3404 ing_kpkts_burst. Initially the bucket is full.
3405
3406 • Whenever a packet is received, it will consume one token
3407 from the current bucket. If the token is available in the
3408 bucket, it’s removed and the packet is forwarded. Other‐
3409 wise, the packet is dropped.
3410
3411 • Whenever it is not full, the bucket is refilled with to‐
3412 kens at the rate specified by ingress_policing_kp‐
3413 kts_rate.
3414
3415 Policing interacts badly with some network protocols, and especially
3416 with fragmented IP packets. Suppose that there is enough network activ‐
3417 ity to keep the bucket nearly empty all the time. Then this token
3418 bucket algorithm will forward a single packet every so often, with the
3419 period depending on packet size and on the configured rate. All of the
3420 fragments of an IP packets are normally transmitted back-to-back, as a
3421 group. In such a situation, therefore, only one of these fragments will
3422 be forwarded and the rest will be dropped. IP does not provide any way
3423 for the intended recipient to ask for only the remaining fragments. In
3424 such a case there are two likely possibilities for what will happen
3425 next: either all of the fragments will eventually be retransmitted (as
3426 TCP will do), in which case the same problem will recur, or the sender
3427 will not realize that its packet has been dropped and data will simply
3428 be lost (as some UDP-based protocols will do). Either way, it is possi‐
3429 ble that no forward progress will ever occur.
3430
3431 ingress_policing_rate: integer, at least 0
3432 Maximum rate for data received on this interface, in kbps. Data
3433 received faster than this rate is dropped. Set to 0 (the de‐
3434 fault) to disable policing.
3435
3436 ingress_policing_kpkts_rate: integer, at least 0
3437 Maximum rate for data received on this interface, in kpps (1
3438 kpps is 1000 pps). Data received faster than this rate is
3439 dropped. Set to 0 (the default) to disable policing.
3440
3441 ingress_policing_burst: integer, at least 0
3442 Maximum burst size for data received on this interface, in kb.
3443 The default burst size if set to 0 is 8000 kbit. This value has
3444 no effect if ingress_policing_rate is 0.
3445
3446 Specifying a larger burst size lets the algorithm be more for‐
3447 giving, which is important for protocols like TCP that react se‐
3448 verely to dropped packets. The burst size should be at least the
3449 size of the interface’s MTU. Specifying a value that is numeri‐
3450 cally at least as large as 80% of ingress_policing_rate helps
3451 TCP come closer to achieving the full rate.
3452
3453 ingress_policing_kpkts_burst: integer, at least 0
3454 Maximum burst size for data received on this interface, in kpkts
3455 (1 kpkts is 1000 packets). The default burst size if set to 0 is
3456 16 kpkts. This value has no effect if ingress_policing_kp‐
3457 kts_rate is 0.
3458
3459 Specifying a larger burst size lets the algorithm be more for‐
3460 giving, which is important for protocols like TCP that react se‐
3461 verely to dropped packets. Specifying a value that is numeri‐
3462 cally at least as large as 80% of ingress_policing_kpkts_rate
3463 helps TCP come closer to achieving the full rate.
3464
3465 Bidirectional Forwarding Detection (BFD):
3466
3467 BFD, defined in RFC 5880 and RFC 5881, allows point-to-point detection
3468 of connectivity failures by occasional transmission of BFD control mes‐
3469 sages. Open vSwitch implements BFD to serve as a more popular and stan‐
3470 dards compliant alternative to CFM.
3471
3472 BFD operates by regularly transmitting BFD control messages at a rate
3473 negotiated independently in each direction. Each endpoint specifies the
3474 rate at which it expects to receive control messages, and the rate at
3475 which it is willing to transmit them. By default, Open vSwitch uses a
3476 detection multiplier of three, meaning that an endpoint signals a con‐
3477 nectivity fault if three consecutive BFD control messages fail to ar‐
3478 rive. In the case of a unidirectional connectivity issue, the system
3479 not receiving BFD control messages signals the problem to its peer in
3480 the messages it transmits.
3481
3482 The Open vSwitch implementation of BFD aims to comply faithfully with
3483 RFC 5880 requirements. Open vSwitch does not implement the optional Au‐
3484 thentication or ``Echo Mode’’ features.
3485
3486 OVS 2.13 and earlier intercepted and processed all BFD packets. OVS
3487 2.14 and later only intercept and process BFD packets destined to a
3488 configured BFD instance, and other BFD packets are made available to
3489 the OVS flow table for forwarding.
3490
3491 BFD Configuration:
3492
3493 A controller sets up key-value pairs in the bfd column to enable and
3494 configure BFD.
3495
3496 bfd : enable: optional string, either true or false
3497 True to enable BFD on this Interface. If not specified, BFD will
3498 not be enabled by default.
3499
3500 bfd : min_rx: optional string, containing an integer, at least 1
3501 The shortest interval, in milliseconds, at which this BFD ses‐
3502 sion offers to receive BFD control messages. The remote endpoint
3503 may choose to send messages at a slower rate. Defaults to 1000.
3504
3505 bfd : min_tx: optional string, containing an integer, at least 1
3506 The shortest interval, in milliseconds, at which this BFD ses‐
3507 sion is willing to transmit BFD control messages. Messages will
3508 actually be transmitted at a slower rate if the remote endpoint
3509 is not willing to receive as quickly as specified. Defaults to
3510 100.
3511
3512 bfd : decay_min_rx: optional string, containing an integer
3513 An alternate receive interval, in milliseconds, that must be
3514 greater than or equal to bfd:min_rx. The implementation switches
3515 from bfd:min_rx to bfd:decay_min_rx when there is no obvious in‐
3516 coming data traffic at the interface, to reduce the CPU and
3517 bandwidth cost of monitoring an idle interface. This feature may
3518 be disabled by setting a value of 0. This feature is reset when‐
3519 ever bfd:decay_min_rx or bfd:min_rx changes.
3520
3521 bfd : forwarding_if_rx: optional string, either true or false
3522 When true, traffic received on the Interface is used to indicate
3523 the capability of packet I/O. BFD control packets are still
3524 transmitted and received. At least one BFD control packet must
3525 be received every 100 * bfd:min_rx amount of time. Otherwise,
3526 even if traffic are received, the bfd:forwarding will be false.
3527
3528 bfd : cpath_down: optional string, either true or false
3529 Set to true to notify the remote endpoint that traffic should
3530 not be forwarded to this system for some reason other than a
3531 connectivty failure on the interface being monitored. The typi‐
3532 cal underlying reason is ``concatenated path down,’’ that is,
3533 that connectivity beyond the local system is down. Defaults to
3534 false.
3535
3536 bfd : check_tnl_key: optional string, either true or false
3537 Set to true to make BFD accept only control messages with a tun‐
3538 nel key of zero. By default, BFD accepts control messages with
3539 any tunnel key.
3540
3541 bfd : bfd_local_src_mac: optional string
3542 Set to an Ethernet address in the form xx:xx:xx:xx:xx:xx to set
3543 the MAC used as source for transmitted BFD packets. The default
3544 is the mac address of the BFD enabled interface.
3545
3546 bfd : bfd_local_dst_mac: optional string
3547 Set to an Ethernet address in the form xx:xx:xx:xx:xx:xx to set
3548 the MAC used as destination for transmitted BFD packets. The de‐
3549 fault is 00:23:20:00:00:01.
3550
3551 bfd : bfd_remote_dst_mac: optional string
3552 Set to an Ethernet address in the form xx:xx:xx:xx:xx:xx to set
3553 the MAC used for checking the destination of received BFD pack‐
3554 ets. Packets with different destination MAC will not be consid‐
3555 ered as BFD packets. If not specified the destination MAC ad‐
3556 dress of received BFD packets are not checked.
3557
3558 bfd : bfd_src_ip: optional string
3559 Set to an IPv4 address to set the IP address used as source for
3560 transmitted BFD packets. The default is 169.254.1.1.
3561
3562 bfd : bfd_dst_ip: optional string
3563 Set to an IPv4 address to set the IP address used as destination
3564 for transmitted BFD packets. The default is 169.254.1.0.
3565
3566 bfd : oam: optional string
3567 Some tunnel protocols (such as Geneve) include a bit in the
3568 header to indicate that the encapsulated packet is an OAM frame.
3569 By setting this to true, BFD packets will be marked as OAM if
3570 encapsulated in one of these tunnels.
3571
3572 bfd : mult: optional string, containing an integer, in range 1 to 255
3573 The BFD detection multiplier, which defaults to 3. An endpoint
3574 signals a connectivity fault if the given number of consecutive
3575 BFD control messages fail to arrive.
3576
3577 BFD Status:
3578
3579 The switch sets key-value pairs in the bfd_status column to report the
3580 status of BFD on this interface. When BFD is not enabled, with bfd:en‐
3581 able, the switch clears all key-value pairs from bfd_status.
3582
3583 bfd_status : state: optional string, one of admin_down, down, init, or
3584 up
3585 Reports the state of the BFD session. The BFD session is fully
3586 healthy and negotiated if UP.
3587
3588 bfd_status : forwarding: optional string, either true or false
3589 Reports whether the BFD session believes this Interface may be
3590 used to forward traffic. Typically this means the local session
3591 is signaling UP, and the remote system isn’t signaling a problem
3592 such as concatenated path down.
3593
3594 bfd_status : diagnostic: optional string
3595 A diagnostic code specifying the local system’s reason for the
3596 last change in session state. The error messages are defined in
3597 section 4.1 of [RFC 5880].
3598
3599 bfd_status : remote_state: optional string, one of admin_down, down,
3600 init, or up
3601 Reports the state of the remote endpoint’s BFD session.
3602
3603 bfd_status : remote_diagnostic: optional string
3604 A diagnostic code specifying the remote system’s reason for the
3605 last change in session state. The error messages are defined in
3606 section 4.1 of [RFC 5880].
3607
3608 bfd_status : flap_count: optional string, containing an integer, at
3609 least 0
3610 Counts the number of bfd_status:forwarding flaps since start. A
3611 flap is considered as a change of the bfd_status:forwarding
3612 value.
3613
3614 Connectivity Fault Management:
3615
3616 802.1ag Connectivity Fault Management (CFM) allows a group of Mainte‐
3617 nance Points (MPs) called a Maintenance Association (MA) to detect con‐
3618 nectivity problems with each other. MPs within a MA should have com‐
3619 plete and exclusive interconnectivity. This is verified by occasionally
3620 broadcasting Continuity Check Messages (CCMs) at a configurable trans‐
3621 mission interval.
3622
3623 According to the 802.1ag specification, each Maintenance Point should
3624 be configured out-of-band with a list of Remote Maintenance Points it
3625 should have connectivity to. Open vSwitch differs from the specifica‐
3626 tion in this area. It simply assumes the link is faulted if no Remote
3627 Maintenance Points are reachable, and considers it not faulted other‐
3628 wise.
3629
3630 When operating over tunnels which have no in_key, or an in_key of flow.
3631 CFM will only accept CCMs with a tunnel key of zero.
3632
3633 cfm_mpid: optional integer
3634 A Maintenance Point ID (MPID) uniquely identifies each endpoint
3635 within a Maintenance Association. The MPID is used to identify
3636 this endpoint to other Maintenance Points in the MA. Each end of
3637 a link being monitored should have a different MPID. Must be
3638 configured to enable CFM on this Interface.
3639
3640 According to the 802.1ag specification, MPIDs can only range be‐
3641 tween [1, 8191]. However, extended mode (see other_con‐
3642 fig:cfm_extended) supports eight byte MPIDs.
3643
3644 cfm_flap_count: optional integer
3645 Counts the number of cfm fault flapps since boot. A flap is con‐
3646 sidered to be a change of the cfm_fault value.
3647
3648 cfm_fault: optional boolean
3649 Indicates a connectivity fault triggered by an inability to re‐
3650 ceive heartbeats from any remote endpoint. When a fault is trig‐
3651 gered on Interfaces participating in bonds, they will be dis‐
3652 abled.
3653
3654 Faults can be triggered for several reasons. Most importantly
3655 they are triggered when no CCMs are received for a period of 3.5
3656 times the transmission interval. Faults are also triggered when
3657 any CCMs indicate that a Remote Maintenance Point is not receiv‐
3658 ing CCMs but able to send them. Finally, a fault is triggered if
3659 a CCM is received which indicates unexpected configuration. No‐
3660 tably, this case arises when a CCM is received which advertises
3661 the local MPID.
3662
3663 cfm_fault_status : recv: none
3664 Indicates a CFM fault was triggered due to a lack of CCMs re‐
3665 ceived on the Interface.
3666
3667 cfm_fault_status : rdi: none
3668 Indicates a CFM fault was triggered due to the reception of a
3669 CCM with the RDI bit flagged. Endpoints set the RDI bit in their
3670 CCMs when they are not receiving CCMs themselves. This typically
3671 indicates a unidirectional connectivity failure.
3672
3673 cfm_fault_status : maid: none
3674 Indicates a CFM fault was triggered due to the reception of a
3675 CCM with a MAID other than the one Open vSwitch uses. CFM broad‐
3676 casts are tagged with an identification number in addition to
3677 the MPID called the MAID. Open vSwitch only supports receiving
3678 CCM broadcasts tagged with the MAID it uses internally.
3679
3680 cfm_fault_status : loopback: none
3681 Indicates a CFM fault was triggered due to the reception of a
3682 CCM advertising the same MPID configured in the cfm_mpid column
3683 of this Interface. This may indicate a loop in the network.
3684
3685 cfm_fault_status : overflow: none
3686 Indicates a CFM fault was triggered because the CFM module re‐
3687 ceived CCMs from more remote endpoints than it can keep track
3688 of.
3689
3690 cfm_fault_status : override: none
3691 Indicates a CFM fault was manually triggered by an administrator
3692 using an ovs-appctl command.
3693
3694 cfm_fault_status : interval: none
3695 Indicates a CFM fault was triggered due to the reception of a
3696 CCM frame having an invalid interval.
3697
3698 cfm_remote_opstate: optional string, either down or up
3699 When in extended mode, indicates the operational state of the
3700 remote endpoint as either up or down. See other_config:cfm_op‐
3701 state.
3702
3703 cfm_health: optional integer, in range 0 to 100
3704 Indicates the health of the interface as a percentage of CCM
3705 frames received over 21 other_config:cfm_intervals. The health
3706 of an interface is undefined if it is communicating with more
3707 than one cfm_remote_mpids. It reduces if healthy heartbeats are
3708 not received at the expected rate, and gradually improves as
3709 healthy heartbeats are received at the desired rate. Every 21
3710 other_config:cfm_intervals, the health of the interface is re‐
3711 freshed.
3712
3713 As mentioned above, the faults can be triggered for several rea‐
3714 sons. The link health will deteriorate even if heartbeats are
3715 received but they are reported to be unhealthy. An unhealthy
3716 heartbeat in this context is a heartbeat for which either some
3717 fault is set or is out of sequence. The interface health can be
3718 100 only on receiving healthy heartbeats at the desired rate.
3719
3720 cfm_remote_mpids: set of integers
3721 When CFM is properly configured, Open vSwitch will occasionally
3722 receive CCM broadcasts. These broadcasts contain the MPID of the
3723 sending Maintenance Point. The list of MPIDs from which this In‐
3724 terface is receiving broadcasts from is regularly collected and
3725 written to this column.
3726
3727 other_config : cfm_interval: optional string, containing an integer
3728 The interval, in milliseconds, between transmissions of CFM
3729 heartbeats. Three missed heartbeat receptions indicate a connec‐
3730 tivity fault.
3731
3732 In standard operation only intervals of 3, 10, 100, 1,000,
3733 10,000, 60,000, or 600,000 ms are supported. Other values will
3734 be rounded down to the nearest value on the list. Extended mode
3735 (see other_config:cfm_extended) supports any interval up to
3736 65,535 ms. In either mode, the default is 1000 ms.
3737
3738 We do not recommend using intervals less than 100 ms.
3739
3740 other_config : cfm_extended: optional string, either true or false
3741 When true, the CFM module operates in extended mode. This causes
3742 it to use a nonstandard destination address to avoid conflicting
3743 with compliant implementations which may be running concurrently
3744 on the network. Furthermore, extended mode increases the accu‐
3745 racy of the cfm_interval configuration parameter by breaking
3746 wire compatibility with 802.1ag compliant implementations. And
3747 extended mode allows eight byte MPIDs. Defaults to false.
3748
3749 other_config : cfm_demand: optional string, either true or false
3750 When true, and other_config:cfm_extended is true, the CFM module
3751 operates in demand mode. When in demand mode, traffic received
3752 on the Interface is used to indicate liveness. CCMs are still
3753 transmitted and received. At least one CCM must be received ev‐
3754 ery 100 * other_config:cfm_interval amount of time. Otherwise,
3755 even if traffic are received, the CFM module will raise the con‐
3756 nectivity fault.
3757
3758 Demand mode has a couple of caveats:
3759
3760 • To ensure that ovs-vswitchd has enough time to pull sta‐
3761 tistics from the datapath, the fault detection interval
3762 is set to 3.5 * MAX(other_config:cfm_interval, 500) ms.
3763
3764 • To avoid ambiguity, demand mode disables itself when
3765 there are multiple remote maintenance points.
3766
3767 • If the Interface is heavily congested, CCMs containing
3768 the other_config:cfm_opstate status may be dropped caus‐
3769 ing changes in the operational state to be delayed. Simi‐
3770 larly, if CCMs containing the RDI bit are not received,
3771 unidirectional link failures may not be detected.
3772
3773 other_config : cfm_opstate: optional string, either down or up
3774 When down, the CFM module marks all CCMs it generates as opera‐
3775 tionally down without triggering a fault. This allows remote
3776 maintenance points to choose not to forward traffic to the In‐
3777 terface on which this CFM module is running. Currently, in Open
3778 vSwitch, the opdown bit of CCMs affects Interfaces participating
3779 in bonds, and the bundle OpenFlow action. This setting is ig‐
3780 nored when CFM is not in extended mode. Defaults to up.
3781
3782 other_config : cfm_ccm_vlan: optional string, containing an integer, in
3783 range 1 to 4,095
3784 When set, the CFM module will apply a VLAN tag to all CCMs it
3785 generates with the given value. May be the string random in
3786 which case each CCM will be tagged with a different randomly
3787 generated VLAN.
3788
3789 other_config : cfm_ccm_pcp: optional string, containing an integer, in
3790 range 1 to 7
3791 When set, the CFM module will apply a VLAN tag to all CCMs it
3792 generates with the given PCP value, the VLAN ID of the tag is
3793 governed by the value of other_config:cfm_ccm_vlan. If
3794 other_config:cfm_ccm_vlan is unset, a VLAN ID of zero is used.
3795
3796 Bonding Configuration:
3797
3798 other_config : lacp-port-id: optional string, containing an integer, in
3799 range 1 to 65,535
3800 The LACP port ID of this Interface. Port IDs are used in LACP
3801 negotiations to identify individual ports participating in a
3802 bond.
3803
3804 other_config : lacp-port-priority: optional string, containing an inte‐
3805 ger, in range 1 to 65,535
3806 The LACP port priority of this Interface. In LACP negotiations
3807 Interfaces with numerically lower priorities are preferred for
3808 aggregation.
3809
3810 other_config : lacp-aggregation-key: optional string, containing an in‐
3811 teger, in range 1 to 65,535
3812 The LACP aggregation key of this Interface. Interfaces with dif‐
3813 ferent aggregation keys may not be active within a given Port at
3814 the same time.
3815
3816 Virtual Machine Identifiers:
3817
3818 These key-value pairs specifically apply to an interface that repre‐
3819 sents a virtual Ethernet interface connected to a virtual machine.
3820 These key-value pairs should not be present for other types of inter‐
3821 faces. Keys whose names end in -uuid have values that uniquely identify
3822 the entity in question. For a Citrix XenServer hypervisor, these values
3823 are UUIDs in RFC 4122 format. Other hypervisors may use other formats.
3824
3825 external_ids : attached-mac: optional string
3826 The MAC address programmed into the ``virtual hardware’’ for
3827 this interface, in the form xx:xx:xx:xx:xx:xx. For Citrix
3828 XenServer, this is the value of the MAC field in the VIF record
3829 for this interface.
3830
3831 external_ids : iface-id: optional string
3832 A system-unique identifier for the interface. On XenServer, this
3833 will commonly be the same as external_ids:xs-vif-uuid.
3834
3835 external_ids : iface-status: optional string, either active or inactive
3836 Hypervisors may sometimes have more than one interface associ‐
3837 ated with a given external_ids:iface-id, only one of which is
3838 actually in use at a given time. For example, in some circum‐
3839 stances XenServer has both a ``tap’’ and a ``vif’’ interface for
3840 a single external_ids:iface-id, but only uses one of them at a
3841 time. A hypervisor that behaves this way must mark the currently
3842 in use interface active and the others inactive. A hypervisor
3843 that never has more than one interface for a given exter‐
3844 nal_ids:iface-id may mark that interface active or omit exter‐
3845 nal_ids:iface-status entirely.
3846
3847 During VM migration, a given external_ids:iface-id might tran‐
3848 siently be marked active on two different hypervisors. That is,
3849 active means that this external_ids:iface-id is the active in‐
3850 stance within a single hypervisor, not in a broader scope. There
3851 is one exception: some hypervisors support ``migration’’ from a
3852 given hypervisor to itself (most often for test purposes). Dur‐
3853 ing such a ``migration,’’ two instances of a single exter‐
3854 nal_ids:iface-id might both be briefly marked active on a single
3855 hypervisor.
3856
3857 external_ids : xs-vif-uuid: optional string
3858 The virtual interface associated with this interface.
3859
3860 external_ids : xs-network-uuid: optional string
3861 The virtual network to which this interface is attached.
3862
3863 external_ids : vm-id: optional string
3864 The VM to which this interface belongs. On XenServer, this will
3865 be the same as external_ids:xs-vm-uuid.
3866
3867 external_ids : xs-vm-uuid: optional string
3868 The VM to which this interface belongs.
3869
3870 Auto Attach Configuration:
3871
3872 Auto Attach configuration for a particular interface.
3873
3874 lldp : enable: optional string, either true or false
3875 True to enable LLDP on this Interface. If not specified, LLDP
3876 will be disabled by default.
3877
3878 Flow control Configuration:
3879
3880 Ethernet flow control defined in IEEE 802.1Qbb provides link level flow
3881 control using MAC pause frames. Implemented only for interfaces with
3882 type dpdk.
3883
3884 options : rx-flow-ctrl: optional string, either true or false
3885 Set to true to enable Rx flow control on physical ports. By de‐
3886 fault, Rx flow control is disabled.
3887
3888 options : tx-flow-ctrl: optional string, either true or false
3889 Set to true to enable Tx flow control on physical ports. By de‐
3890 fault, Tx flow control is disabled.
3891
3892 options : flow-ctrl-autoneg: optional string, either true or false
3893 Set to true to enable flow control auto negotiation on physical
3894 ports. By default, auto-neg is disabled.
3895
3896 Link State Change detection mode:
3897
3898 options : dpdk-lsc-interrupt: optional string, either true or false
3899 Set this value to true to configure interrupt mode for Link
3900 State Change (LSC) detection instead of poll mode for the DPDK
3901 interface.
3902
3903 If this value is not set, poll mode is configured.
3904
3905 This parameter has an effect only on netdev dpdk interfaces.
3906
3907 Common Columns:
3908
3909 The overall purpose of these columns is described under Common Columns
3910 at the beginning of this document.
3911
3912 other_config: map of string-string pairs
3913
3914 external_ids: map of string-string pairs
3915
3917 Configuration for a particular OpenFlow table.
3918
3919 Summary:
3920 name optional string
3921 Eviction Policy:
3922 flow_limit optional integer, at least 0
3923 overflow_policy optional string, either evict or refuse
3924 groups set of strings
3925 Classifier Optimization:
3926 prefixes set of up to 3 strings
3927 Common Columns:
3928 external_ids map of string-string pairs
3929
3930 Details:
3931 name: optional string
3932 The table’s name. Set this column to change the name that con‐
3933 trollers will receive when they request table statistics, e.g.
3934 ovs-ofctl dump-tables. The name does not affect switch behavior.
3935
3936 Eviction Policy:
3937
3938 Open vSwitch supports limiting the number of flows that may be in‐
3939 stalled in a flow table, via the flow_limit column. When adding a flow
3940 would exceed this limit, by default Open vSwitch reports an error, but
3941 there are two ways to configure Open vSwitch to instead delete
3942 (``evict’’) a flow to make room for the new one:
3943
3944 • Set the overflow_policy column to evict.
3945
3946 • Send an OpenFlow 1.4+ ``table mod request’’ to enable
3947 eviction for the flow table (e.g. ovs-ofctl -O OpenFlow14
3948 mod-table br0 0 evict to enable eviction on flow table 0
3949 of bridge br0).
3950
3951 When a flow must be evicted due to overflow, the flow to evict is cho‐
3952 sen through an approximation of the following algorithm. This algorithm
3953 is used regardless of how eviction was enabled:
3954
3955 1. Divide the flows in the table into groups based on the val‐
3956 ues of the fields or subfields specified in the groups col‐
3957 umn, so that all of the flows in a given group have the same
3958 values for those fields. If a flow does not specify a given
3959 field, that field’s value is treated as 0. If groups is
3960 empty, then all of the flows in the flow table are treated
3961 as a single group.
3962
3963 2. Consider the flows in the largest group, that is, the group
3964 that contains the greatest number of flows. If two or more
3965 groups all have the same largest number of flows, consider
3966 the flows in all of those groups.
3967
3968 3. If the flows under consideration have different importance
3969 values, eliminate from consideration any flows except those
3970 with the lowest importance. (``Importance,’’ a 16-bit inte‐
3971 ger value attached to each flow, was introduced in OpenFlow
3972 1.4. Flows inserted with older versions of OpenFlow always
3973 have an importance of 0.)
3974
3975 4. Among the flows under consideration, choose the flow that
3976 expires soonest for eviction.
3977
3978 The eviction process only considers flows that have an idle timeout or
3979 a hard timeout. That is, eviction never deletes permanent flows. (Per‐
3980 manent flows do count against flow_limit.)
3981
3982 flow_limit: optional integer, at least 0
3983 If set, limits the number of flows that may be added to the ta‐
3984 ble. Open vSwitch may limit the number of flows in a table for
3985 other reasons, e.g. due to hardware limitations or for resource
3986 availability or performance reasons.
3987
3988 overflow_policy: optional string, either evict or refuse
3989 Controls the switch’s behavior when an OpenFlow flow table modi‐
3990 fication request would add flows in excess of flow_limit. The
3991 supported values are:
3992
3993 refuse Refuse to add the flow or flows. This is also the default
3994 policy when overflow_policy is unset.
3995
3996 evict Delete a flow chosen according to the algorithm described
3997 above.
3998
3999 groups: set of strings
4000 When overflow_policy is evict, this controls how flows are cho‐
4001 sen for eviction when the flow table would otherwise exceed
4002 flow_limit flows. Its value is a set of NXM fields or sub-
4003 fields, each of which takes one of the forms field[] or
4004 field[start..end], e.g. NXM_OF_IN_PORT[]. Please see meta-flow.h
4005 for a complete list of NXM field names.
4006
4007 Open vSwitch ignores any invalid or unknown field specifica‐
4008 tions.
4009
4010 When eviction is not enabled, via overflow_policy or an OpenFlow
4011 1.4+ ``table mod,’’ this column has no effect.
4012
4013 Classifier Optimization:
4014
4015 prefixes: set of up to 3 strings
4016 This string set specifies which fields should be used for ad‐
4017 dress prefix tracking. Prefix tracking allows the classifier to
4018 skip rules with longer than necessary prefixes, resulting in
4019 better wildcarding for datapath flows.
4020
4021 Prefix tracking may be beneficial when a flow table contains
4022 matches on IP address fields with different prefix lengths. For
4023 example, when a flow table contains IP address matches on both
4024 full addresses and proper prefixes, the full address matches
4025 will typically cause the datapath flow to un-wildcard the whole
4026 address field (depending on flow entry priorities). In this case
4027 each packet with a different address gets handed to the
4028 userspace for flow processing and generates its own datapath
4029 flow. With prefix tracking enabled for the address field in
4030 question packets with addresses matching shorter prefixes would
4031 generate datapath flows where the irrelevant address bits are
4032 wildcarded, allowing the same datapath flow to handle all the
4033 packets within the prefix in question. In this case many
4034 userspace upcalls can be avoided and the overall performance can
4035 be better.
4036
4037 This is a performance optimization only, so packets will receive
4038 the same treatment with or without prefix tracking.
4039
4040 The supported fields are: tun_id, tun_src, tun_dst,
4041 tun_ipv6_src, tun_ipv6_dst, nw_src, nw_dst (or aliases ip_src
4042 and ip_dst), ipv6_src, and ipv6_dst. (Using this feature for
4043 tun_id would only make sense if the tunnel IDs have prefix
4044 structure similar to IP addresses.)
4045
4046 By default, the prefixes=ip_dst,ip_src are used on each flow ta‐
4047 ble. This instructs the flow classifier to track the IP destina‐
4048 tion and source addresses used by the rules in this specific
4049 flow table.
4050
4051 The keyword none is recognized as an explicit override of the
4052 default values, causing no prefix fields to be tracked.
4053
4054 To set the prefix fields, the flow table record needs to exist:
4055
4056 ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- --id=@N1 create
4057 Flow_Table name=table0
4058 Creates a flow table record for the OpenFlow table number
4059 0.
4060
4061 ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src
4062 Enables prefix tracking for IP source and destination ad‐
4063 dress fields.
4064
4065 There is a maximum number of fields that can be enabled for any
4066 one flow table. Currently this limit is 3.
4067
4068 Common Columns:
4069
4070 The overall purpose of these columns is described under Common Columns
4071 at the beginning of this document.
4072
4073 external_ids: map of string-string pairs
4074
4076 Quality of Service (QoS) configuration for each Port that references
4077 it.
4078
4079 Summary:
4080 type string
4081 queues map of integer-Queue pairs, key in range
4082 0 to 4,294,967,295
4083 Configuration for linux-htb and linux-hfsc:
4084 other_config : max-rate optional string, containing an integer
4085 Configuration for egress-policer QoS:
4086 other_config : cir optional string, containing an integer
4087 other_config : cbs optional string, containing an integer
4088 other_config : eir optional string, containing an integer
4089 other_config : ebs optional string, containing an integer
4090 Configuration for linux-sfq:
4091 other_config : perturb optional string, containing an integer
4092 other_config : quantum optional string, containing an integer
4093 Configuration for linux-netem:
4094 other_config : latency optional string, containing an integer
4095 other_config : limit optional string, containing an integer
4096 other_config : loss optional string, containing an integer
4097 Common Columns:
4098 other_config map of string-string pairs
4099 external_ids map of string-string pairs
4100
4101 Details:
4102 type: string
4103 The type of QoS to implement. The currently defined types are
4104 listed below:
4105
4106 linux-htb
4107 Linux ``hierarchy token bucket’’ classifier. See tc-
4108 htb(8) (also at http://linux.die.net/man/8/tc-htb) and
4109 the HTB manual (http://luxik.cdi.cz/~devik/qos/htb/man‐
4110 ual/userg.htm) for information on how this classifier
4111 works and how to configure it.
4112
4113 linux-hfsc
4114 Linux "Hierarchical Fair Service Curve" classifier. See
4115 http://linux-ip.net/articles/hfsc.en/ for information on
4116 how this classifier works.
4117
4118 linux-sfq
4119 Linux ``Stochastic Fairness Queueing’’ classifier. See
4120 tc-sfq(8) (also at http://linux.die.net/man/8/tc-sfq) for
4121 information on how this classifier works.
4122
4123 linux-codel
4124 Linux ``Controlled Delay’’ classifier. See tc-codel(8)
4125 (also at
4126 http://man7.org/linux/man-pages/man8/tc-codel.8.html) for
4127 information on how this classifier works.
4128
4129 linux-fq_codel
4130 Linux ``Fair Queuing with Controlled Delay’’ classifier.
4131 See tc-fq_codel(8) (also at
4132 http://man7.org/linux/man-pages/man8/tc-fq_codel.8.html)
4133 for information on how this classifier works.
4134
4135 linux-netem
4136 Linux ``Network Emulator’’ classifier. See tc-netem(8)
4137 (also at
4138 http://man7.org/linux/man-pages/man8/tc-netem.8.html) for
4139 information on how this classifier works.
4140
4141 linux-noop
4142 Linux ``No operation.’’ By default, Open vSwitch manages
4143 quality of service on all of its configured ports. This
4144 can be helpful, but sometimes administrators prefer to
4145 use other software to manage QoS. This type prevents Open
4146 vSwitch from changing the QoS configuration for a port.
4147
4148 egress-policer
4149 A DPDK egress policer algorithm using the DPDK rte_meter
4150 library. The rte_meter library provides an implementation
4151 which allows the metering and policing of traffic. The
4152 implementation in OVS essentially creates a single token
4153 bucket used to police traffic. It should be noted that
4154 when the rte_meter is configured as part of QoS there
4155 will be a performance overhead as the rte_meter itself
4156 will consume CPU cycles in order to police traffic. These
4157 CPU cycles ordinarily are used for packet proccessing. As
4158 such the drop in performance will be noticed in terms of
4159 overall aggregate traffic throughput.
4160
4161 trtcm-policer
4162 A DPDK egress policer algorithm using RFC 4115’s Two-
4163 Rate, Three-Color marker. It’s a two-level hierarchical
4164 policer which first does a color-blind marking of the
4165 traffic at the queue level, followed by a color-aware
4166 marking at the port level. At the end traffic marked as
4167 Green or Yellow is forwarded, Red is dropped. For details
4168 on how traffic is marked, see RFC 4115. If the ``default
4169 queue’’, 0, is not configured it’s automatically created
4170 with the same other_config values as the physical port.
4171
4172 queues: map of integer-Queue pairs, key in range 0 to 4,294,967,295
4173 A map from queue numbers to Queue records. The supported range
4174 of queue numbers depend on type. The queue numbers are the same
4175 as the queue_id used in OpenFlow in struct ofp_action_enqueue
4176 and other structures.
4177
4178 Queue 0 is the ``default queue.’’ It is used by OpenFlow output
4179 actions when no specific queue has been set. When no configura‐
4180 tion for queue 0 is present, it is automatically configured as
4181 if a Queue record with empty dscp and other_config columns had
4182 been specified. (Before version 1.6, Open vSwitch would leave
4183 queue 0 unconfigured in this case. With some queuing disci‐
4184 plines, this dropped all packets destined for the default
4185 queue.)
4186
4187 Configuration for linux-htb and linux-hfsc:
4188
4189 The linux-htb and linux-hfsc classes support the following key-value
4190 pair:
4191
4192 other_config : max-rate: optional string, containing an integer
4193 Maximum rate shared by all queued traffic, in bit/s. Optional.
4194 If not specified, for physical interfaces, the default is the
4195 link rate. For other interfaces or if the link rate cannot be
4196 determined, the default is currently 100 Mbps.
4197
4198 Configuration for egress-policer QoS:
4199
4200 QoS type egress-policer provides egress policing for userspace port
4201 types with DPDK. It has the following key-value pairs defined.
4202
4203 other_config : cir: optional string, containing an integer
4204 The Committed Information Rate (CIR) is measured in bytes of IP
4205 packets per second, i.e. it includes the IP header, but not link
4206 specific (e.g. Ethernet) headers. This represents the bytes per
4207 second rate at which the token bucket will be updated. The cir
4208 value is calculated by (pps x packet data size). For example as‐
4209 suming a user wishes to limit a stream consisting of 64 byte
4210 packets to 1 million packets per second the CIR would be set to
4211 to to 46000000. This value can be broken into ’1,000,000 x 46’.
4212 Where 1,000,000 is the policing rate for the number of packets
4213 per second and 46 represents the size of the packet data for a
4214 64 bytes IP packet without 14 bytes Ethernet and 4 bytes FCS
4215 header.
4216
4217 other_config : cbs: optional string, containing an integer
4218 The Committed Burst Size (CBS) is measured in bytes and repre‐
4219 sents a token bucket. At a minimum this value should be be set
4220 to the expected largest size packet in the traffic stream. In
4221 practice larger values may be used to increase the size of the
4222 token bucket. If a packet can be transmitted then the cbs will
4223 be decremented by the number of bytes/tokens of the packet. If
4224 there are not enough tokens in the cbs bucket the packet will be
4225 dropped.
4226
4227 other_config : eir: optional string, containing an integer
4228 The Excess Information Rate (EIR) is measured in bytes of IP
4229 packets per second, i.e. it includes the IP header, but not link
4230 specific (e.g. Ethernet) headers. This represents the bytes per
4231 second rate at which the token bucket will be updated. The eir
4232 value is calculated by (pps x packet data size). For example as‐
4233 suming a user wishes to limit a stream consisting of 64 byte
4234 packets to 1 million packets per second the EIR would be set to
4235 to to 46000000. This value can be broken into ’1,000,000 x 46’.
4236 Where 1,000,000 is the policing rate for the number of packets
4237 per second and 46 represents the size of the packet data for a
4238 64 bytes IP packet without 14 bytes Ethernet and 4 bytes FCS
4239 header.
4240
4241 other_config : ebs: optional string, containing an integer
4242 The Excess Burst Size (EBS) is measured in bytes and represents
4243 a token bucket. At a minimum this value should be be set to the
4244 expected largest size packet in the traffic stream. In practice
4245 larger values may be used to increase the size of the token
4246 bucket. If a packet can be transmitted then the ebs will be
4247 decremented by the number of bytes/tokens of the packet. If
4248 there are not enough tokens in the cbs bucket the packet might
4249 be dropped.
4250
4251 Configuration for linux-sfq:
4252
4253 The linux-sfq QoS supports the following key-value pairs:
4254
4255 other_config : perturb: optional string, containing an integer
4256 Number of seconds between consecutive perturbations in hashing
4257 algorithm. Different flows can end up in the same hash bucket
4258 causing unfairness. Perturbation’s goal is to remove possible
4259 unfairness. The default and recommended value is 10. Too low a
4260 value is discouraged because each perturbation can cause packet
4261 reordering.
4262
4263 other_config : quantum: optional string, containing an integer
4264 Number of bytes linux-sfq QoS can dequeue in one turn in round-
4265 robin from one flow. The default and recommended value is equal
4266 to interface’s MTU.
4267
4268 Configuration for linux-netem:
4269
4270 The linux-netem QoS supports the following key-value pairs:
4271
4272 other_config : latency: optional string, containing an integer
4273 Adds the chosen delay to the packets outgoing to chosen network
4274 interface. The latency value expressed in us.
4275
4276 other_config : limit: optional string, containing an integer
4277 Maximum number of packets the qdisc may hold queued at a time.
4278 The default value is 1000.
4279
4280 other_config : loss: optional string, containing an integer
4281 Adds an independent loss probability to the packets outgoing
4282 from the chosen network interface.
4283
4284 Common Columns:
4285
4286 The overall purpose of these columns is described under Common Columns
4287 at the beginning of this document.
4288
4289 other_config: map of string-string pairs
4290
4291 external_ids: map of string-string pairs
4292
4294 A configuration for a port output queue, used in configuring Quality of
4295 Service (QoS) features. May be referenced by queues column in QoS ta‐
4296 ble.
4297
4298 Summary:
4299 dscp optional integer, in range 0 to 63
4300 Configuration for linux-htb QoS:
4301 other_config : min-rate optional string, containing an integer,
4302 at least 1
4303 other_config : max-rate optional string, containing an integer,
4304 at least 1
4305 other_config : burst optional string, containing an integer,
4306 at least 1
4307 other_config : priority optional string, containing an integer,
4308 in range 0 to 4,294,967,295
4309 Configuration for linux-hfsc QoS:
4310 other_config : min-rate optional string, containing an integer,
4311 at least 1
4312 other_config : max-rate optional string, containing an integer,
4313 at least 1
4314 Common Columns:
4315 other_config map of string-string pairs
4316 external_ids map of string-string pairs
4317
4318 Details:
4319 dscp: optional integer, in range 0 to 63
4320 If set, Open vSwitch will mark all traffic egressing this Queue
4321 with the given DSCP bits. Traffic egressing the default Queue is
4322 only marked if it was explicitly selected as the Queue at the
4323 time the packet was output. If unset, the DSCP bits of traffic
4324 egressing this Queue will remain unchanged.
4325
4326 Configuration for linux-htb QoS:
4327
4328 QoS type linux-htb may use queue_ids less than 61440. It has the fol‐
4329 lowing key-value pairs defined.
4330
4331 other_config : min-rate: optional string, containing an integer, at
4332 least 1
4333 Minimum guaranteed bandwidth, in bit/s.
4334
4335 other_config : max-rate: optional string, containing an integer, at
4336 least 1
4337 Maximum allowed bandwidth, in bit/s. Optional. If specified, the
4338 queue’s rate will not be allowed to exceed the specified value,
4339 even if excess bandwidth is available. If unspecified, defaults
4340 to no limit.
4341
4342 other_config : burst: optional string, containing an integer, at least
4343 1
4344 Burst size, in bits. This is the maximum amount of ``credits’’
4345 that a queue can accumulate while it is idle. Optional. Details
4346 of the linux-htb implementation require a minimum burst size, so
4347 a too-small burst will be silently ignored.
4348
4349 other_config : priority: optional string, containing an integer, in
4350 range 0 to 4,294,967,295
4351 A queue with a smaller priority will receive all the excess
4352 bandwidth that it can use before a queue with a larger value re‐
4353 ceives any. Specific priority values are unimportant; only rela‐
4354 tive ordering matters. Defaults to 0 if unspecified.
4355
4356 Configuration for linux-hfsc QoS:
4357
4358 QoS type linux-hfsc may use queue_ids less than 61440. It has the fol‐
4359 lowing key-value pairs defined.
4360
4361 other_config : min-rate: optional string, containing an integer, at
4362 least 1
4363 Minimum guaranteed bandwidth, in bit/s.
4364
4365 other_config : max-rate: optional string, containing an integer, at
4366 least 1
4367 Maximum allowed bandwidth, in bit/s. Optional. If specified, the
4368 queue’s rate will not be allowed to exceed the specified value,
4369 even if excess bandwidth is available. If unspecified, defaults
4370 to no limit.
4371
4372 Common Columns:
4373
4374 The overall purpose of these columns is described under Common Columns
4375 at the beginning of this document.
4376
4377 other_config: map of string-string pairs
4378
4379 external_ids: map of string-string pairs
4380
4382 A port mirror within a Bridge.
4383
4384 A port mirror configures a bridge to send selected frames to special
4385 ``mirrored’’ ports, in addition to their normal destinations. Mirroring
4386 traffic may also be referred to as SPAN or RSPAN, depending on how the
4387 mirrored traffic is sent.
4388
4389 When a packet enters an Open vSwitch bridge, it becomes eligible for
4390 mirroring based on its ingress port and VLAN. As the packet travels
4391 through the flow tables, each time it is output to a port, it becomes
4392 eligible for mirroring based on the egress port and VLAN. In Open
4393 vSwitch 2.5 and later, mirroring occurs just after a packet first be‐
4394 comes eligible, using the packet as it exists at that point; in Open
4395 vSwitch 2.4 and earlier, mirroring occurs only after a packet has tra‐
4396 versed all the flow tables, using the original packet as it entered the
4397 bridge. This makes a difference only when the flow table modifies the
4398 packet: in Open vSwitch 2.4, the modifications are never visible to
4399 mirrors, whereas in Open vSwitch 2.5 and later modifications made be‐
4400 fore the first output that makes it eligible for mirroring to a partic‐
4401 ular destination are visible.
4402
4403 A packet that enters an Open vSwitch bridge is mirrored to a particular
4404 destination only once, even if it is eligible for multiple reasons. For
4405 example, a packet would be mirrored to a particular output_port only
4406 once, even if it is selected for mirroring to that port by se‐
4407 lect_dst_port and select_src_port in the same or different Mirror
4408 records.
4409
4410 Summary:
4411 name string
4412 Selecting Packets for Mirroring:
4413 select_all boolean
4414 select_dst_port set of weak reference to Ports
4415 select_src_port set of weak reference to Ports
4416 select_vlan set of up to 4,096 integers, in range 0
4417 to 4,095
4418 Mirroring Destination Configuration:
4419 output_port optional weak reference to Port
4420 output_vlan optional integer, in range 1 to 4,095
4421 snaplen optional integer, in range 14 to 65,535
4422 Statistics: Mirror counters:
4423 statistics : tx_packets optional integer
4424 statistics : tx_bytes optional integer
4425 Common Columns:
4426 external_ids map of string-string pairs
4427
4428 Details:
4429 name: string
4430 Arbitrary identifier for the Mirror.
4431
4432 Selecting Packets for Mirroring:
4433
4434 To be selected for mirroring, a given packet must enter or leave the
4435 bridge through a selected port and it must also be in one of the se‐
4436 lected VLANs.
4437
4438 select_all: boolean
4439 If true, every packet arriving or departing on any port is se‐
4440 lected for mirroring.
4441
4442 select_dst_port: set of weak reference to Ports
4443 Ports on which departing packets are selected for mirroring.
4444
4445 select_src_port: set of weak reference to Ports
4446 Ports on which arriving packets are selected for mirroring.
4447
4448 select_vlan: set of up to 4,096 integers, in range 0 to 4,095
4449 VLANs on which packets are selected for mirroring. An empty set
4450 selects packets on all VLANs.
4451
4452 Mirroring Destination Configuration:
4453
4454 These columns are mutually exclusive. Exactly one of them must be
4455 nonempty.
4456
4457 output_port: optional weak reference to Port
4458 Output port for selected packets, if nonempty.
4459
4460 Specifying a port for mirror output reserves that port exclu‐
4461 sively for mirroring. No frames other than those selected for
4462 mirroring via this column will be forwarded to the port, and any
4463 frames received on the port will be discarded.
4464
4465 The output port may be any kind of port supported by Open
4466 vSwitch. It may be, for example, a physical port (sometimes
4467 called SPAN) or a GRE tunnel.
4468
4469 output_vlan: optional integer, in range 1 to 4,095
4470 Output VLAN for selected packets, if nonempty.
4471
4472 The frames will be sent out all ports that trunk output_vlan, as
4473 well as any ports with implicit VLAN output_vlan. When a mir‐
4474 rored frame is sent out a trunk port, the frame’s VLAN tag will
4475 be set to output_vlan, replacing any existing tag; when it is
4476 sent out an implicit VLAN port, the frame will not be tagged.
4477 This type of mirroring is sometimes called RSPAN.
4478
4479 See the documentation for other_config:forward-bpdu in the In‐
4480 terface table for a list of destination MAC addresses which will
4481 not be mirrored to a VLAN to avoid confusing switches that in‐
4482 terpret the protocols that they represent.
4483
4484 Please note: Mirroring to a VLAN can disrupt a network that con‐
4485 tains unmanaged switches. Consider an unmanaged physical switch
4486 with two ports: port 1, connected to an end host, and port 2,
4487 connected to an Open vSwitch configured to mirror received pack‐
4488 ets into VLAN 123 on port 2. Suppose that the end host sends a
4489 packet on port 1 that the physical switch forwards to port 2.
4490 The Open vSwitch forwards this packet to its destination and
4491 then reflects it back on port 2 in VLAN 123. This reflected
4492 packet causes the unmanaged physical switch to replace the MAC
4493 learning table entry, which correctly pointed to port 1, with
4494 one that incorrectly points to port 2. Afterward, the physical
4495 switch will direct packets destined for the end host to the Open
4496 vSwitch on port 2, instead of to the end host on port 1, dis‐
4497 rupting connectivity. If mirroring to a VLAN is desired in this
4498 scenario, then the physical switch must be replaced by one that
4499 learns Ethernet addresses on a per-VLAN basis. In addition,
4500 learning should be disabled on the VLAN containing mirrored
4501 traffic. If this is not done then intermediate switches will
4502 learn the MAC address of each end host from the mirrored traf‐
4503 fic. If packets being sent to that end host are also mirrored,
4504 then they will be dropped since the switch will attempt to send
4505 them out the input port. Disabling learning for the VLAN will
4506 cause the switch to correctly send the packet out all ports con‐
4507 figured for that VLAN. If Open vSwitch is being used as an in‐
4508 termediate switch, learning can be disabled by adding the mir‐
4509 rored VLAN to flood_vlans in the appropriate Bridge table or ta‐
4510 bles.
4511
4512 Mirroring to a GRE tunnel has fewer caveats than mirroring to a
4513 VLAN and should generally be preferred.
4514
4515 snaplen: optional integer, in range 14 to 65,535
4516 Maximum per-packet number of bytes to mirror.
4517
4518 A mirrored packet with size larger than snaplen will be trun‐
4519 cated in datapath to snaplen bytes before sending to the mirror
4520 output port. If omitted, packets are not truncated.
4521
4522 Statistics: Mirror counters:
4523
4524 Key-value pairs that report mirror statistics. The update period is
4525 controlled by other_config:stats-update-interval in the Open_vSwitch
4526 table.
4527
4528 statistics : tx_packets: optional integer
4529 Number of packets transmitted through this mirror.
4530
4531 statistics : tx_bytes: optional integer
4532 Number of bytes transmitted through this mirror.
4533
4534 Common Columns:
4535
4536 The overall purpose of these columns is described under Common Columns
4537 at the beginning of this document.
4538
4539 external_ids: map of string-string pairs
4540
4542 An OpenFlow controller.
4543
4544 Summary:
4545 Core Features:
4546 type optional string, either primary or ser‐
4547 vice
4548 target string
4549 connection_mode optional string, either in-band or
4550 out-of-band
4551 Controller Failure Detection and Handling:
4552 max_backoff optional integer, at least 1,000
4553 inactivity_probe optional integer
4554 Asynchronous Messages:
4555 enable_async_messages optional boolean
4556 Controller Rate Limiting:
4557 controller_queue_size optional integer, in range 1 to 512
4558 controller_rate_limit optional integer, at least 100
4559 controller_burst_limit optional integer, at least 25
4560 Controller Rate Limiting Statistics:
4561 status : packet-in-TYPE-bypassed
4562 optional string, containing an integer,
4563 at least 0
4564 status : packet-in-TYPE-queued
4565 optional string, containing an integer,
4566 at least 0
4567 status : packet-in-TYPE-dropped
4568 optional string, containing an integer,
4569 at least 0
4570 status : packet-in-TYPE-backlog
4571 optional string, containing an integer,
4572 at least 0
4573 Additional In-Band Configuration:
4574 local_ip optional string
4575 local_netmask optional string
4576 local_gateway optional string
4577 Controller Status:
4578 is_connected boolean
4579 role optional string, one of master, other, or
4580 slave
4581 status : last_error optional string
4582 status : state optional string, one of ACTIVE, BACKOFF,
4583 CONNECTING, IDLE, or VOID
4584 status : sec_since_connect optional string, containing an integer,
4585 at least 0
4586 status : sec_since_disconnect
4587 optional string, containing an integer,
4588 at least 1
4589 Connection Parameters:
4590 other_config : dscp optional string, containing an integer
4591 Common Columns:
4592 external_ids map of string-string pairs
4593 other_config map of string-string pairs
4594
4595 Details:
4596 Core Features:
4597
4598 type: optional string, either primary or service
4599 Open vSwitch supports two kinds of OpenFlow controllers. A
4600 bridge may have any number of each kind:
4601
4602 Primary controllers
4603 This is the kind of controller envisioned by the OpenFlow
4604 specifications. Usually, a primary controller implements
4605 a network policy by taking charge of the switch’s flow
4606 table.
4607
4608 The fail_mode column in the Bridge table applies to pri‐
4609 mary controllers.
4610
4611 When multiple primary controllers are configured, Open
4612 vSwitch connects to all of them simultaneously. OpenFlow
4613 provides few facilities to allow multiple controllers to
4614 coordinate in interacting with a single switch, so more
4615 than one primary controller should be specified only if
4616 the controllers are themselves designed to coordinate
4617 with each other.
4618
4619 Service controllers
4620 These kinds of OpenFlow controller connections are in‐
4621 tended for occasional support and maintenance use, e.g.
4622 with ovs-ofctl. Usually a service controller connects
4623 only briefly to inspect or modify some of a switch’s
4624 state.
4625
4626 The fail_mode column in the Bridge table does not apply
4627 to service controllers.
4628
4629 By default, Open vSwitch treats controllers with active connec‐
4630 tion methods as primary controllers and those with passive con‐
4631 nection methods as service controllers. Set this column to the
4632 desired type to override this default.
4633
4634 target: string
4635 Connection method for controller.
4636
4637 The following active connection methods are currently supported:
4638
4639 ssl:host[:port]
4640 The specified SSL port on the host at the given host,
4641 which can either be a DNS name (if built with unbound li‐
4642 brary) or an IP address. The ssl column in the
4643 Open_vSwitch table must point to a valid SSL configura‐
4644 tion when this form is used.
4645
4646 If port is not specified, it defaults to 6653.
4647
4648 SSL support is an optional feature that is not always
4649 built as part of Open vSwitch.
4650
4651 tcp:host[:port]
4652 The specified TCP port on the host at the given host,
4653 which can either be a DNS name (if built with unbound li‐
4654 brary) or an IP address (IPv4 or IPv6). If host is an
4655 IPv6 address, wrap it in square brackets, e.g.
4656 tcp:[::1]:6653.
4657
4658 If port is not specified, it defaults to 6653.
4659
4660 The following passive connection methods are currently sup‐
4661 ported:
4662
4663 pssl:[port][:host]
4664 Listens for SSL connections on the specified TCP port. If
4665 host, which can either be a DNS name (if built with un‐
4666 bound library) or an IP address, is specified, then con‐
4667 nections are restricted to the resolved or specified lo‐
4668 cal IP address (either IPv4 or IPv6). If host is an IPv6
4669 address, wrap it in square brackets, e.g.
4670 pssl:6653:[::1].
4671
4672 If port is not specified, it defaults to 6653. If host is
4673 not specified then it listens only on IPv4 (but not IPv6)
4674 addresses. The ssl column in the Open_vSwitch table must
4675 point to a valid SSL configuration when this form is
4676 used.
4677
4678 If port is not specified, it currently to 6653.
4679
4680 SSL support is an optional feature that is not always
4681 built as part of Open vSwitch.
4682
4683 ptcp:[port][:host]
4684 Listens for connections on the specified TCP port. If
4685 host, which can either be a DNS name (if built with un‐
4686 bound library) or an IP address, is specified, then con‐
4687 nections are restricted to the resolved or specified lo‐
4688 cal IP address (either IPv4 or IPv6). If host is an IPv6
4689 address, wrap it in square brackets, e.g.
4690 ptcp:6653:[::1]. If host is not specified then it listens
4691 only on IPv4 addresses.
4692
4693 If port is not specified, it defaults to 6653.
4694
4695 When multiple controllers are configured for a single bridge,
4696 the target values must be unique. Duplicate target values yield
4697 unspecified results.
4698
4699 connection_mode: optional string, either in-band or out-of-band
4700 If it is specified, this setting must be one of the following
4701 strings that describes how Open vSwitch contacts this OpenFlow
4702 controller over the network:
4703
4704 in-band
4705 In this mode, this controller’s OpenFlow traffic travels
4706 over the bridge associated with the controller. With this
4707 setting, Open vSwitch allows traffic to and from the con‐
4708 troller regardless of the contents of the OpenFlow flow
4709 table. (Otherwise, Open vSwitch would never be able to
4710 connect to the controller, because it did not have a flow
4711 to enable it.) This is the most common connection mode
4712 because it is not necessary to maintain two independent
4713 networks.
4714
4715 out-of-band
4716 In this mode, OpenFlow traffic uses a control network
4717 separate from the bridge associated with this controller,
4718 that is, the bridge does not use any of its own network
4719 devices to communicate with the controller. The control
4720 network must be configured separately, before or after
4721 ovs-vswitchd is started.
4722
4723 If not specified, the default is implementation-specific.
4724
4725 Controller Failure Detection and Handling:
4726
4727 max_backoff: optional integer, at least 1,000
4728 Maximum number of milliseconds to wait between connection at‐
4729 tempts. Default is implementation-specific.
4730
4731 inactivity_probe: optional integer
4732 Maximum number of milliseconds of idle time on connection to
4733 controller before sending an inactivity probe message. If Open
4734 vSwitch does not communicate with the controller for the speci‐
4735 fied number of seconds, it will send a probe. If a response is
4736 not received for the same additional amount of time, Open
4737 vSwitch assumes the connection has been broken and attempts to
4738 reconnect. Default is implementation-specific. A value of 0 dis‐
4739 ables inactivity probes.
4740
4741 Asynchronous Messages:
4742
4743 OpenFlow switches send certain messages to controllers spontanenously,
4744 that is, not in response to any request from the controller. These mes‐
4745 sages are called ``asynchronous messages.’’ These columns allow asyn‐
4746 chronous messages to be limited or disabled to ensure the best use of
4747 network resources.
4748
4749 enable_async_messages: optional boolean
4750 The OpenFlow protocol enables asynchronous messages at time of
4751 connection establishment, which means that a controller can re‐
4752 ceive asynchronous messages, potentially many of them, even if
4753 it turns them off immediately after connecting. Set this column
4754 to false to change Open vSwitch behavior to disable, by default,
4755 all asynchronous messages. The controller can use the
4756 NXT_SET_ASYNC_CONFIG Nicira extension to OpenFlow to turn on any
4757 messages that it does want to receive, if any.
4758
4759 Controller Rate Limiting:
4760
4761 A switch can forward packets to a controller over the OpenFlow proto‐
4762 col. Forwarding packets this way at too high a rate can overwhelm a
4763 controller, frustrate use of the OpenFlow connection for other pur‐
4764 poses, increase the latency of flow setup, and use an unreasonable
4765 amount of bandwidth. Therefore, Open vSwitch supports limiting the rate
4766 of packet forwarding to a controller.
4767
4768 There are two main reasons in OpenFlow for a packet to be sent to a
4769 controller: either the packet ``misses’’ in the flow table, that is,
4770 there is no matching flow, or a flow table action says to send the
4771 packet to the controller. Open vSwitch limits the rate of each kind of
4772 packet separately at the configured rate. Therefore, the actual rate
4773 that packets are sent to the controller can be up to twice the config‐
4774 ured rate, when packets are sent for both reasons.
4775
4776 This feature is specific to forwarding packets over an OpenFlow connec‐
4777 tion. It is not general-purpose QoS. See the QoS table for quality of
4778 service configuration, and ingress_policing_rate in the Interface table
4779 for ingress policing configuration.
4780
4781 controller_queue_size: optional integer, in range 1 to 512
4782 This sets the maximum size of the queue of packets that need to
4783 be sent to this OpenFlow controller. The value must be less than
4784 512. If not specified the queue size is limited to the value set
4785 for the management controller in other_config:controller-queue-
4786 size if present or 100 packets by default. Note: increasing the
4787 queue size might have a negative impact on latency.
4788
4789 controller_rate_limit: optional integer, at least 100
4790 The maximum rate at which the switch will forward packets to the
4791 OpenFlow controller, in packets per second. If no value is spec‐
4792 ified, rate limiting is disabled.
4793
4794 controller_burst_limit: optional integer, at least 25
4795 When a high rate triggers rate-limiting, Open vSwitch queues
4796 packets to the controller for each port and transmits them to
4797 the controller at the configured rate. This value limits the
4798 number of queued packets. Ports on a bridge share the packet
4799 queue fairly.
4800
4801 This value has no effect unless controller_rate_limit is config‐
4802 ured. The current default when this value is not specified is
4803 one-quarter of controller_rate_limit, meaning that queuing can
4804 delay forwarding a packet to the controller by up to 250 ms.
4805
4806 Controller Rate Limiting Statistics:
4807
4808 These values report the effects of rate limiting. Their values are rel‐
4809 ative to establishment of the most recent OpenFlow connection, or since
4810 rate limiting was enabled, whichever happened more recently. Each con‐
4811 sists of two values, one with TYPE replaced by miss for rate limiting
4812 flow table misses, and the other with TYPE replaced by action for rate
4813 limiting packets sent by OpenFlow actions.
4814
4815 These statistics are reported only when controller rate limiting is en‐
4816 abled.
4817
4818 status : packet-in-TYPE-bypassed: optional string, containing an inte‐
4819 ger, at least 0
4820 Number of packets sent directly to the controller, without queu‐
4821 ing, because the rate did not exceed the configured maximum.
4822
4823 status : packet-in-TYPE-queued: optional string, containing an integer,
4824 at least 0
4825 Number of packets added to the queue to send later.
4826
4827 status : packet-in-TYPE-dropped: optional string, containing an inte‐
4828 ger, at least 0
4829 Number of packets added to the queue that were later dropped due
4830 to overflow. This value is less than or equal to status:packet-
4831 in-TYPE-queued.
4832
4833 status : packet-in-TYPE-backlog: optional string, containing an inte‐
4834 ger, at least 0
4835 Number of packets currently queued. The other statistics in‐
4836 crease monotonically, but this one fluctuates between 0 and the
4837 controller_burst_limit as conditions change.
4838
4839 Additional In-Band Configuration:
4840
4841 These values are considered only in in-band control mode (see connec‐
4842 tion_mode).
4843
4844 When multiple controllers are configured on a single bridge, there
4845 should be only one set of unique values in these columns. If different
4846 values are set for these columns in different controllers, the effect
4847 is unspecified.
4848
4849 local_ip: optional string
4850 The IP address to configure on the local port, e.g.
4851 192.168.0.123. If this value is unset, then local_netmask and
4852 local_gateway are ignored.
4853
4854 local_netmask: optional string
4855 The IP netmask to configure on the local port, e.g.
4856 255.255.255.0. If local_ip is set but this value is unset, then
4857 the default is chosen based on whether the IP address is class
4858 A, B, or C.
4859
4860 local_gateway: optional string
4861 The IP address of the gateway to configure on the local port, as
4862 a string, e.g. 192.168.0.1. Leave this column unset if this net‐
4863 work has no gateway.
4864
4865 Controller Status:
4866
4867 is_connected: boolean
4868 true if currently connected to this controller, false otherwise.
4869
4870 role: optional string, one of master, other, or slave
4871 The level of authority this controller has on the associated
4872 bridge. Possible values are:
4873
4874 other Allows the controller access to all OpenFlow features.
4875
4876 master Equivalent to other, except that there may be at most one
4877 such controller at a time. If a given controller promotes
4878 itself to this role, ovs-vswitchd demotes any existing
4879 controller with the role to slave.
4880
4881 slave Allows the controller read-only access to OpenFlow fea‐
4882 tures. Attempts to modify the flow table will be rejected
4883 with an error. Such controllers do not receive
4884 OFPT_PACKET_IN or OFPT_FLOW_REMOVED messages, but they do
4885 receive OFPT_PORT_STATUS messages.
4886
4887 status : last_error: optional string
4888 A human-readable description of the last error on the connection
4889 to the controller; i.e. strerror(errno). This key will exist
4890 only if an error has occurred.
4891
4892 status : state: optional string, one of ACTIVE, BACKOFF, CONNECTING,
4893 IDLE, or VOID
4894 The state of the connection to the controller:
4895
4896 VOID Connection is disabled.
4897
4898 BACKOFF
4899 Attempting to reconnect at an increasing period.
4900
4901 CONNECTING
4902 Attempting to connect.
4903
4904 ACTIVE Connected, remote host responsive.
4905
4906 IDLE Connection is idle. Waiting for response to keep-alive.
4907
4908 These values may change in the future. They are provided only
4909 for human consumption.
4910
4911 status : sec_since_connect: optional string, containing an integer, at
4912 least 0
4913 The amount of time since this controller last successfully con‐
4914 nected to the switch (in seconds). Value is empty if controller
4915 has never successfully connected.
4916
4917 status : sec_since_disconnect: optional string, containing an integer,
4918 at least 1
4919 The amount of time since this controller last disconnected from
4920 the switch (in seconds). Value is empty if controller has never
4921 disconnected.
4922
4923 Connection Parameters:
4924
4925 Additional configuration for a connection between the controller and
4926 the Open vSwitch.
4927
4928 other_config : dscp: optional string, containing an integer
4929 The Differentiated Service Code Point (DSCP) is specified using
4930 6 bits in the Type of Service (TOS) field in the IP header. DSCP
4931 provides a mechanism to classify the network traffic and provide
4932 Quality of Service (QoS) on IP networks. The DSCP value speci‐
4933 fied here is used when establishing the connection between the
4934 controller and the Open vSwitch. If no value is specified, a de‐
4935 fault value of 48 is chosen. Valid DSCP values must be in the
4936 range 0 to 63.
4937
4938 Common Columns:
4939
4940 The overall purpose of these columns is described under Common Columns
4941 at the beginning of this document.
4942
4943 external_ids: map of string-string pairs
4944
4945 other_config: map of string-string pairs
4946
4948 Configuration for a database connection to an Open vSwitch database
4949 (OVSDB) client.
4950
4951 This table primarily configures the Open vSwitch database
4952 (ovsdb-server), not the Open vSwitch switch (ovs-vswitchd). The switch
4953 does read the table to determine what connections should be treated as
4954 in-band.
4955
4956 The Open vSwitch database server can initiate and maintain active con‐
4957 nections to remote clients. It can also listen for database connec‐
4958 tions.
4959
4960 Summary:
4961 Core Features:
4962 target string (must be unique within table)
4963 connection_mode optional string, either in-band or
4964 out-of-band
4965 Client Failure Detection and Handling:
4966 max_backoff optional integer, at least 1,000
4967 inactivity_probe optional integer
4968 Status:
4969 is_connected boolean
4970 status : last_error optional string
4971 status : state optional string, one of ACTIVE, BACKOFF,
4972 CONNECTING, IDLE, or VOID
4973 status : sec_since_connect optional string, containing an integer,
4974 at least 0
4975 status : sec_since_disconnect
4976 optional string, containing an integer,
4977 at least 0
4978 status : locks_held optional string
4979 status : locks_waiting optional string
4980 status : locks_lost optional string
4981 status : n_connections optional string, containing an integer,
4982 at least 2
4983 status : bound_port optional string, containing an integer
4984 Connection Parameters:
4985 other_config : dscp optional string, containing an integer
4986 Common Columns:
4987 external_ids map of string-string pairs
4988 other_config map of string-string pairs
4989
4990 Details:
4991 Core Features:
4992
4993 target: string (must be unique within table)
4994 Connection method for managers.
4995
4996 The following connection methods are currently supported:
4997
4998 ssl:host[:port]
4999 The specified SSL port on the host at the given host,
5000 which can either be a DNS name (if built with unbound li‐
5001 brary) or an IP address. The ssl column in the
5002 Open_vSwitch table must point to a valid SSL configura‐
5003 tion when this form is used.
5004
5005 If port is not specified, it defaults to 6640.
5006
5007 SSL support is an optional feature that is not always
5008 built as part of Open vSwitch.
5009
5010 tcp:host[:port]
5011 The specified TCP port on the host at the given host,
5012 which can either be a DNS name (if built with unbound li‐
5013 brary) or an IP address (IPv4 or IPv6). If host is an
5014 IPv6 address, wrap it in square brackets, e.g.
5015 tcp:[::1]:6640.
5016
5017 If port is not specified, it defaults to 6640.
5018
5019 pssl:[port][:host]
5020 Listens for SSL connections on the specified TCP port.
5021 Specify 0 for port to have the kernel automatically
5022 choose an available port. If host, which can either be a
5023 DNS name (if built with unbound library) or an IP ad‐
5024 dress, is specified, then connections are restricted to
5025 the resolved or specified local IP address (either IPv4
5026 or IPv6 address). If host is an IPv6 address, wrap in
5027 square brackets, e.g. pssl:6640:[::1]. If host is not
5028 specified then it listens only on IPv4 (but not IPv6) ad‐
5029 dresses. The ssl column in the Open_vSwitch table must
5030 point to a valid SSL configuration when this form is
5031 used.
5032
5033 If port is not specified, it defaults to 6640.
5034
5035 SSL support is an optional feature that is not always
5036 built as part of Open vSwitch.
5037
5038 ptcp:[port][:host]
5039 Listens for connections on the specified TCP port. Spec‐
5040 ify 0 for port to have the kernel automatically choose an
5041 available port. If host, which can either be a DNS name
5042 (if built with unbound library) or an IP address, is
5043 specified, then connections are restricted to the re‐
5044 solved or specified local IP address (either IPv4 or IPv6
5045 address). If host is an IPv6 address, wrap it in square
5046 brackets, e.g. ptcp:6640:[::1]. If host is not specified
5047 then it listens only on IPv4 addresses.
5048
5049 If port is not specified, it defaults to 6640.
5050
5051 When multiple managers are configured, the target values must be
5052 unique. Duplicate target values yield unspecified results.
5053
5054 connection_mode: optional string, either in-band or out-of-band
5055 If it is specified, this setting must be one of the following
5056 strings that describes how Open vSwitch contacts this OVSDB
5057 client over the network:
5058
5059 in-band
5060 In this mode, this connection’s traffic travels over a
5061 bridge managed by Open vSwitch. With this setting, Open
5062 vSwitch allows traffic to and from the client regardless
5063 of the contents of the OpenFlow flow table. (Otherwise,
5064 Open vSwitch would never be able to connect to the
5065 client, because it did not have a flow to enable it.)
5066 This is the most common connection mode because it is not
5067 necessary to maintain two independent networks.
5068
5069 out-of-band
5070 In this mode, the client’s traffic uses a control network
5071 separate from that managed by Open vSwitch, that is, Open
5072 vSwitch does not use any of its own network devices to
5073 communicate with the client. The control network must be
5074 configured separately, before or after ovs-vswitchd is
5075 started.
5076
5077 If not specified, the default is implementation-specific.
5078
5079 Client Failure Detection and Handling:
5080
5081 max_backoff: optional integer, at least 1,000
5082 Maximum number of milliseconds to wait between connection at‐
5083 tempts. Default is implementation-specific.
5084
5085 inactivity_probe: optional integer
5086 Maximum number of milliseconds of idle time on connection to the
5087 client before sending an inactivity probe message. If Open
5088 vSwitch does not communicate with the client for the specified
5089 number of seconds, it will send a probe. If a response is not
5090 received for the same additional amount of time, Open vSwitch
5091 assumes the connection has been broken and attempts to recon‐
5092 nect. Default is implementation-specific. A value of 0 disables
5093 inactivity probes.
5094
5095 Status:
5096
5097 Key-value pair of is_connected is always updated. Other key-value pairs
5098 in the status columns may be updated depends on the target type.
5099
5100 When target specifies a connection method that listens for inbound con‐
5101 nections (e.g. ptcp: or punix:), both n_connections and is_connected
5102 may also be updated while the remaining key-value pairs are omitted.
5103
5104 On the other hand, when target specifies an outbound connection, all
5105 key-value pairs may be updated, except the above-mentioned two key-
5106 value pairs associated with inbound connection targets. They are omit‐
5107 ted.
5108
5109 is_connected: boolean
5110 true if currently connected to this manager, false otherwise.
5111
5112 status : last_error: optional string
5113 A human-readable description of the last error on the connection
5114 to the manager; i.e. strerror(errno). This key will exist only
5115 if an error has occurred.
5116
5117 status : state: optional string, one of ACTIVE, BACKOFF, CONNECTING,
5118 IDLE, or VOID
5119 The state of the connection to the manager:
5120
5121 VOID Connection is disabled.
5122
5123 BACKOFF
5124 Attempting to reconnect at an increasing period.
5125
5126 CONNECTING
5127 Attempting to connect.
5128
5129 ACTIVE Connected, remote host responsive.
5130
5131 IDLE Connection is idle. Waiting for response to keep-alive.
5132
5133 These values may change in the future. They are provided only
5134 for human consumption.
5135
5136 status : sec_since_connect: optional string, containing an integer, at
5137 least 0
5138 The amount of time since this manager last successfully con‐
5139 nected to the database (in seconds). Value is empty if manager
5140 has never successfully connected.
5141
5142 status : sec_since_disconnect: optional string, containing an integer,
5143 at least 0
5144 The amount of time since this manager last disconnected from the
5145 database (in seconds). Value is empty if manager has never dis‐
5146 connected.
5147
5148 status : locks_held: optional string
5149 Space-separated list of the names of OVSDB locks that the con‐
5150 nection holds. Omitted if the connection does not hold any
5151 locks.
5152
5153 status : locks_waiting: optional string
5154 Space-separated list of the names of OVSDB locks that the con‐
5155 nection is currently waiting to acquire. Omitted if the connec‐
5156 tion is not waiting for any locks.
5157
5158 status : locks_lost: optional string
5159 Space-separated list of the names of OVSDB locks that the con‐
5160 nection has had stolen by another OVSDB client. Omitted if no
5161 locks have been stolen from this connection.
5162
5163 status : n_connections: optional string, containing an integer, at
5164 least 2
5165 When target specifies a connection method that listens for in‐
5166 bound connections (e.g. ptcp: or pssl:) and more than one con‐
5167 nection is actually active, the value is the number of active
5168 connections. Otherwise, this key-value pair is omitted.
5169
5170 status : bound_port: optional string, containing an integer
5171 When target is ptcp: or pssl:, this is the TCP port on which the
5172 OVSDB server is listening. (This is particularly useful when
5173 target specifies a port of 0, allowing the kernel to choose any
5174 available port.)
5175
5176 Connection Parameters:
5177
5178 Additional configuration for a connection between the manager and the
5179 Open vSwitch Database.
5180
5181 other_config : dscp: optional string, containing an integer
5182 The Differentiated Service Code Point (DSCP) is specified using
5183 6 bits in the Type of Service (TOS) field in the IP header. DSCP
5184 provides a mechanism to classify the network traffic and provide
5185 Quality of Service (QoS) on IP networks. The DSCP value speci‐
5186 fied here is used when establishing the connection between the
5187 manager and the Open vSwitch. If no value is specified, a de‐
5188 fault value of 48 is chosen. Valid DSCP values must be in the
5189 range 0 to 63.
5190
5191 Common Columns:
5192
5193 The overall purpose of these columns is described under Common Columns
5194 at the beginning of this document.
5195
5196 external_ids: map of string-string pairs
5197
5198 other_config: map of string-string pairs
5199
5201 A NetFlow target. NetFlow is a protocol that exports a number of de‐
5202 tails about terminating IP flows, such as the principals involved and
5203 duration.
5204
5205 Summary:
5206 targets set of 1 or more strings
5207 engine_id optional integer, in range 0 to 255
5208 engine_type optional integer, in range 0 to 255
5209 active_timeout integer, at least -1
5210 add_id_to_interface boolean
5211 Common Columns:
5212 external_ids map of string-string pairs
5213
5214 Details:
5215 targets: set of 1 or more strings
5216 NetFlow targets in the form ip:port. The ip must be specified
5217 numerically, not as a DNS name.
5218
5219 engine_id: optional integer, in range 0 to 255
5220 Engine ID to use in NetFlow messages. Defaults to datapath index
5221 if not specified.
5222
5223 engine_type: optional integer, in range 0 to 255
5224 Engine type to use in NetFlow messages. Defaults to datapath in‐
5225 dex if not specified.
5226
5227 active_timeout: integer, at least -1
5228 The interval at which NetFlow records are sent for flows that
5229 are still active, in seconds. A value of 0 requests the default
5230 timeout (currently 600 seconds); a value of -1 disables active
5231 timeouts.
5232
5233 The NetFlow passive timeout, for flows that become inactive, is
5234 not configurable. It will vary depending on the Open vSwitch
5235 version, the forms and contents of the OpenFlow flow tables, CPU
5236 and memory usage, and network activity. A typical passive time‐
5237 out is about a second.
5238
5239 add_id_to_interface: boolean
5240 If this column’s value is false, the ingress and egress inter‐
5241 face fields of NetFlow flow records are derived from OpenFlow
5242 port numbers. When it is true, the 7 most significant bits of
5243 these fields will be replaced by the least significant 7 bits of
5244 the engine id. This is useful because many NetFlow collectors do
5245 not expect multiple switches to be sending messages from the
5246 same host, so they do not store the engine information which
5247 could be used to disambiguate the traffic.
5248
5249 When this option is enabled, a maximum of 508 ports are sup‐
5250 ported.
5251
5252 Common Columns:
5253
5254 The overall purpose of these columns is described under Common Columns
5255 at the beginning of this document.
5256
5257 external_ids: map of string-string pairs
5258
5260 Configuration for a datapath within Open_vSwitch.
5261
5262 A datapath is responsible for providing the packet handling in Open
5263 vSwitch. There are two primary datapath implementations used by Open
5264 vSwitch: kernel and userspace. Kernel datapath implementations are
5265 available for Linux and Hyper-V, and selected as system in the data‐
5266 path_type column of the Bridge table. The userspace datapath is used by
5267 DPDK and AF-XDP, and is selected as netdev in the datapath_type column
5268 of the Bridge table.
5269
5270 A datapath of a particular type is shared by all the bridges that use
5271 that datapath. Thus, configurations applied to this table affect all
5272 bridges that use this datapath.
5273
5274 Summary:
5275 datapath_version string
5276 ct_zones map of integer-CT_Zone pairs, key in
5277 range 0 to 65,535
5278 Capabilities:
5279 capabilities : max_vlan_headers
5280 optional string, containing an integer,
5281 at least 0
5282 capabilities : recirc optional string, either true or false
5283 capabilities : lb_output_action
5284 optional string, either true or false
5285 Connection-Tracking Capabilities:
5286 capabilities : ct_state optional string, either true or false
5287 capabilities : ct_state_nat
5288 optional string, either true or false
5289 capabilities : ct_zone optional string, either true or false
5290 capabilities : ct_mark optional string, either true or false
5291 capabilities : ct_label optional string, either true or false
5292 capabilities : ct_orig_tuple
5293 optional string, either true or false
5294 capabilities : ct_orig_tuple6
5295 optional string, either true or false
5296 capabilities : masked_set_action
5297 optional string, either true or false
5298 capabilities : tnl_push_pop
5299 optional string, either true or false
5300 capabilities : ufid optional string, either true or false
5301 capabilities : trunc optional string, either true or false
5302 capabilities : nd_ext optional string, either true or false
5303 Clone Actions:
5304 capabilities : clone optional string, either true or false
5305 capabilities : sample_nesting
5306 optional string, containing an integer,
5307 at least 0
5308 capabilities : ct_eventmask
5309 optional string, either true or false
5310 capabilities : ct_clear optional string, either true or false
5311 capabilities : max_hash_alg
5312 optional string, containing an integer,
5313 at least 0
5314 capabilities : check_pkt_len
5315 optional string, either true or false
5316 capabilities : ct_timeout optional string, either true or false
5317 capabilities : explicit_drop_action
5318 optional string, either true or false
5319 capabilities : ct_zero_snat
5320 optional string, either true or false
5321 Common Columns:
5322 external_ids map of string-string pairs
5323
5324 Details:
5325 datapath_version: string
5326 Reports the version number of the Open vSwitch datapath in use.
5327 This allows management software to detect and report discrepan‐
5328 cies between Open vSwitch userspace and datapath versions. (The
5329 ovs_version column in the Open_vSwitch reports the Open vSwitch
5330 userspace version.) The version reported depends on the datapath
5331 in use:
5332
5333 • When the kernel module included in the Open vSwitch
5334 source tree is used, this column reports the Open vSwitch
5335 version from which the module was taken.
5336
5337 • When the kernel module that is part of the upstream Linux
5338 kernel is used, this column reports <unknown>.
5339
5340 • When the datapath is built into the ovs-vswitchd binary,
5341 this column reports <built-in>. A built-in datapath is by
5342 definition the same version as the rest of the Open
5343 vSwitch userspace.
5344
5345 • Other datapaths (such as the Hyper-V kernel datapath)
5346 currently report <unknown>.
5347
5348 A version discrepancy between ovs-vswitchd and the datapath in
5349 use is not normally cause for alarm. The Open vSwitch kernel
5350 datapaths for Linux and Hyper-V, in particular, are designed for
5351 maximum inter-version compatibility: any userspace version works
5352 with with any kernel version. Some reasons do exist to insist on
5353 particular user/kernel pairings. First, newer kernel versions
5354 add new features, that can only be used by new-enough userspace,
5355 e.g. VXLAN tunneling requires certain minimal userspace and ker‐
5356 nel versions. Second, as an extension to the first reason, some
5357 newer kernel versions add new features for enhancing performance
5358 that only new-enough userspace versions can take advantage of.
5359
5360 ct_zones: map of integer-CT_Zone pairs, key in range 0 to 65,535
5361 Configuration for connection tracking zones. Each pair maps from
5362 a zone id to a configuration for that zone. Zone 0 applies to
5363 the default zone (ie, the one used if a zone is not specified in
5364 connection tracking-related OpenFlow matches and actions).
5365
5366 Capabilities:
5367
5368 The capabilities column reports a datapath’s features. For the netdev
5369 datapath, the capabilities are fixed for a given version of Open
5370 vSwitch because this datapath is built into the ovs-vswitchd binary.
5371 The Linux kernel and Windows and other datapaths, which are external to
5372 OVS userspace, can vary in version and capabilities independently from
5373 ovs-vswitchd.
5374
5375 Some of these features indicate whether higher-level Open vSwitch fea‐
5376 tures are available. For example, OpenFlow features for connection-
5377 tracking are available only when capabilities:ct_state is true. A con‐
5378 troller that wishes to determine whether a feature is supported could,
5379 therefore, consult the relevant capabilities in this table. However, as
5380 a general rule, it is better for a controller to try to use the higher-
5381 level feature and use the result as an indication of support, since the
5382 low-level capabilities are more likely to shift over time than the
5383 high-level features that rely on them.
5384
5385 capabilities : max_vlan_headers: optional string, containing an inte‐
5386 ger, at least 0
5387 Number of 802.1q VLAN headers supported by the datapath, as
5388 probed by the ovs-vswitchd slow path. If the datapath supports
5389 more VLAN headers than the slow path, this reports the slow
5390 path’s limit. The value of other-config:vlan-limit in the
5391 Open_vSwitch table does not influence the number reported here.
5392
5393 capabilities : recirc: optional string, either true or false
5394 If this is true, then the datapath supports recirculation,
5395 specifically OVS_KEY_ATTR_RECIRC_ID. Recirculation enables
5396 higher performance for MPLS and active-active load balancing
5397 bonding modes.
5398
5399 capabilities : lb_output_action: optional string, either true or false
5400 If this is true, then the datapath supports optimized balance-
5401 tcp bond mode. This capability replaces existing hash and recirc
5402 actions with new action lb_output and avoids recirculation of
5403 packet in datapath. It is supported only for balance-tcp bond
5404 mode in netdev datapath. The new action gives higer performance
5405 by using bond buckets instead of post recirculation flows for
5406 selection of slave port from bond. By default this new action is
5407 disabled, however it can be enabled by setting other-config:lb-
5408 output-action in Port table.
5409
5410 Connection-Tracking Capabilities:
5411
5412 These capabilities are granular because Open vSwitch and its datapaths
5413 added support for connection tracking over several releases, with fea‐
5414 tures added individually over that time.
5415
5416 capabilities : ct_state: optional string, either true or false
5417 If true, datapath supports OVS_KEY_ATTR_CT_STATE, which indi‐
5418 cates support for the bits in the OpenFlow ct_state field (see
5419 ovs-fields(7)) other than snat and dnat, which have a separate
5420 capability.
5421
5422 If this is false, the datapath does not support connection-
5423 tracking at all and the remaining connection-tracking capabili‐
5424 ties should all be false. In this case, Open vSwitch will reject
5425 flows that match on the ct_state field or use the ct action.
5426
5427 capabilities : ct_state_nat: optional string, either true or false
5428 If true, it means that the datapath supports the snat and dnat
5429 flags in the OpenFlow ct_state field. The ct_state capability
5430 must be true for this to make sense.
5431
5432 If false, Open vSwitch will reject flows that match on the snat
5433 or dnat bits in ct_state or use nat in the ct action.
5434
5435 capabilities : ct_zone: optional string, either true or false
5436 If true, datapath supports OVS_KEY_ATTR_CT_ZONE. If false, Open
5437 vSwitch rejects flows that match on the ct_zone field or that
5438 specify a nonzero zone or a zone field on the ct action.
5439
5440 capabilities : ct_mark: optional string, either true or false
5441 If true, datapath supports OVS_KEY_ATTR_CT_MARK. If false, Open
5442 vSwitch rejects flows that match on the ct_mark field or that
5443 set ct_mark in the ct action.
5444
5445 capabilities : ct_label: optional string, either true or false
5446 If true, datapath supports OVS_KEY_ATTR_CT_LABEL. If false, Open
5447 vSwitch rejects flows that match on the ct_label field or that
5448 set ct_label in the ct action.
5449
5450 capabilities : ct_orig_tuple: optional string, either true or false
5451 If true, the datapath supports matching the 5-tuple from the
5452 connection’s original direction for IPv4 traffic. If false, Open
5453 vSwitch rejects flows that match on ct_nw_src or ct_nw_dst, that
5454 use the ct feature of the resubmit action, or the force keyword
5455 in the ct action. (The latter isn’t tied to connection tracking
5456 support of original tuples in any technical way. They are con‐
5457 flated because all current datapaths implemented the two fea‐
5458 tures at the same time.)
5459
5460 If this and capabilities:ct_orig_tuple6 are both false, Open
5461 vSwitch rejects flows that match on ct_nw_proto, ct_tp_src, or
5462 ct_tp_dst.
5463
5464 capabilities : ct_orig_tuple6: optional string, either true or false
5465 If true, the datapath supports matching the 5-tuple from the
5466 connection’s original direction for IPv6 traffic. If false, Open
5467 vSwitch rejects flows that match on ct_ipv6_src or ct_ipv6_dst.
5468
5469 capabilities : masked_set_action: optional string, either true or false
5470 True if the datapath supports masked data in OVS_ACTION_ATTR_SET
5471 actions. Masked data can improve performance by allowing
5472 megaflows to match on fewer fields.
5473
5474 capabilities : tnl_push_pop: optional string, either true or false
5475 True if the datapath supports tnl_push and pop actions. This is
5476 a prerequisite for a datapath to support native tunneling.
5477
5478 capabilities : ufid: optional string, either true or false
5479 True if the datapath supports OVS_FLOW_ATTR_UFID. UFID support
5480 improves revalidation performance by transferring less data be‐
5481 tween the slow path and the datapath.
5482
5483 capabilities : trunc: optional string, either true or false
5484 True if the datapath supports OVS_ACTION_ATTR_TRUNC action. If
5485 false, the output action with packet truncation requires every
5486 packet to be sent to the Open vSwitch slow path, which is likely
5487 to make it too slow for mirroring traffic in bulk.
5488
5489 capabilities : nd_ext: optional string, either true or false
5490 True if the datapath supports OVS_KEY_ATTR_ND_EXTENSIONS to
5491 match on ICMPv6 "ND reserved" and "ND option type" header
5492 fields. If false, the datapath reports error if the feature is
5493 used.
5494
5495 Clone Actions:
5496
5497 When Open vSwitch translates actions from OpenFlow into the datapath
5498 representation, some of the datapath actions may modify the packet or
5499 have other side effects that later datapath actions can’t undo. The
5500 OpenFlow ct, meter, output with truncation, encap, decap, and
5501 dec_nsh_ttl actions fall into this category. Often, this is not a prob‐
5502 lem because nothing later on needs the original packet.
5503
5504 Such actions can, however, occur in circumstances where the translation
5505 does require the original packet. For example, an OpenFlow output ac‐
5506 tion might direct a packet to a patch port, which might in turn lead to
5507 a ct action that NATs the packet (which cannot be undone), and then af‐
5508 terward when control flow pops back across the patch port some other
5509 action might need to act on the original packet.
5510
5511 Open vSwitch has two different ways to implement this ``save and re‐
5512 store’’ via datapath actions. These capabilities indicate which one
5513 Open vSwitch will choose. When neither is available, Open vSwitch sim‐
5514 ply fails in situations that require this feature.
5515
5516 capabilities : clone: optional string, either true or false
5517 True if the datapath supports OVS_ACTION_ATTR_CLONE action. This
5518 is the preferred option for saving and restoring packets, since
5519 it is intended for the purpose, but old datapaths do not support
5520 it. Open vSwitch will use it whenever it is available.
5521
5522 (The OpenFlow clone action does not always yield a OVS_AC‐
5523 TION_ATTR_CLONE action. It only does so when the datapath sup‐
5524 ports it and the clone brackets actions that otherwise cannot be
5525 undone.)
5526
5527 capabilities : sample_nesting: optional string, containing an integer,
5528 at least 0
5529 Maximum level of nesting allowed by OVS_ACTION_ATTR_SAMPLE ac‐
5530 tion. Open vSwitch misuses this action for saving and restoring
5531 packets when the datapath supports more than 3 levels of nesting
5532 and OVS_ACTION_ATTR_CLONE is not available.
5533
5534 capabilities : ct_eventmask: optional string, either true or false
5535 True if the datapath’s OVS_ACTION_ATTR_CT action implements the
5536 OVS_CT_ATTR_EVENTMASK attribute. When this is true, Open vSwitch
5537 uses the event mask feature to limit the kinds of events re‐
5538 ported to conntrack update listeners. When Open vSwitch doesn’t
5539 limit the event mask, listeners receive reports of numerous usu‐
5540 ally unimportant events, such as TCP state machine changes,
5541 which can waste CPU time.
5542
5543 capabilities : ct_clear: optional string, either true or false
5544 True if the datapath supports OVS_ACTION_ATTR_CT_CLEAR action.
5545 If false, the OpenFlow ct_clear action has no effect on the
5546 datapath.
5547
5548 capabilities : max_hash_alg: optional string, containing an integer, at
5549 least 0
5550 Highest supported dp_hash algorithm. This allows Open vSwitch to
5551 avoid requesting a packet hash that the datapath does not sup‐
5552 port.
5553
5554 capabilities : check_pkt_len: optional string, either true or false
5555 True if the datapath supports OVS_ACTION_ATTR_CHECK_PKT_LEN. If
5556 false, Open vSwitch implements the check_pkt_larger action by
5557 sending every packet through the Open vSwitch slow path, which
5558 is likely to make it too slow for handling traffic in bulk.
5559
5560 capabilities : ct_timeout: optional string, either true or false
5561 True if the datapath supports OVS_CT_ATTR_TIMEOUT in the OVS_AC‐
5562 TION_ATTR_CT action. If false, Open vswitch cannot implement
5563 timeout policies based on connection tracking zones, as config‐
5564 ured through the CT_Timeout_Policy table.
5565
5566 capabilities : explicit_drop_action: optional string, either true or
5567 false
5568 True if the datapath supports OVS_ACTION_ATTR_DROP. If false,
5569 explicit drop action will not be sent to the datapath.
5570
5571 capabilities : ct_zero_snat: optional string, either true or false
5572 True if the datapath supports all-zero SNAT. This is a special
5573 case if the src IP address is configured as all 0’s, i.e.,
5574 nat(src=0.0.0.0). In this case, when a source port collision is
5575 detected during the commit, the source port will be translated
5576 to an ephemeral port. If there is no collision, no SNAT is per‐
5577 formed.
5578
5579 Common Columns:
5580
5581 The overall purpose of these columns is described under Common Columns
5582 at the beginning of this document.
5583
5584 external_ids: map of string-string pairs
5585
5587 Connection tracking zone configuration
5588
5589 Summary:
5590 timeout_policy optional CT_Timeout_Policy
5591 Common Columns:
5592 external_ids map of string-string pairs
5593
5594 Details:
5595 timeout_policy: optional CT_Timeout_Policy
5596 Connection tracking timeout policy for this zone. If a timeout
5597 policy is not specified, it defaults to the timeout policy in
5598 the system.
5599
5600 Common Columns:
5601
5602 The overall purpose of these columns is described under Common Columns
5603 at the beginning of this document.
5604
5605 external_ids: map of string-string pairs
5606
5608 Connection tracking timeout policy configuration
5609
5610 Summary:
5611 Timeouts:
5612 timeouts map of string-integer pairs, key one of
5613 icmp_first, icmp_reply, tcp_close,
5614 tcp_close_wait, tcp_established,
5615 tcp_fin_wait, tcp_last_ack, tcp_retrans‐
5616 mit, tcp_syn_recv, tcp_syn_sent2,
5617 tcp_syn_sent, tcp_time_wait, tcp_unack,
5618 udp_first, udp_multiple, or udp_single,
5619 value in range 0 to 4,294,967,295
5620 TCP Timeouts:
5621 timeouts : tcp_syn_sent optional integer, in range 0 to
5622 4,294,967,295
5623 timeouts : tcp_syn_recv optional integer, in range 0 to
5624 4,294,967,295
5625 timeouts : tcp_established
5626 optional integer, in range 0 to
5627 4,294,967,295
5628 timeouts : tcp_fin_wait optional integer, in range 0 to
5629 4,294,967,295
5630 timeouts : tcp_close_wait
5631 optional integer, in range 0 to
5632 4,294,967,295
5633 timeouts : tcp_last_ack optional integer, in range 0 to
5634 4,294,967,295
5635 timeouts : tcp_time_wait optional integer, in range 0 to
5636 4,294,967,295
5637 timeouts : tcp_close optional integer, in range 0 to
5638 4,294,967,295
5639 timeouts : tcp_syn_sent2 optional integer, in range 0 to
5640 4,294,967,295
5641 timeouts : tcp_retransmit
5642 optional integer, in range 0 to
5643 4,294,967,295
5644 timeouts : tcp_unack optional integer, in range 0 to
5645 4,294,967,295
5646 UDP Timeouts:
5647 timeouts : udp_first optional integer, in range 0 to
5648 4,294,967,295
5649 timeouts : udp_single optional integer, in range 0 to
5650 4,294,967,295
5651 timeouts : udp_multiple optional integer, in range 0 to
5652 4,294,967,295
5653 ICMP Timeouts:
5654 timeouts : icmp_first optional integer, in range 0 to
5655 4,294,967,295
5656 timeouts : icmp_reply optional integer, in range 0 to
5657 4,294,967,295
5658 Common Columns:
5659 external_ids map of string-string pairs
5660
5661 Details:
5662 Timeouts:
5663
5664 timeouts: map of string-integer pairs, key one of icmp_first, icmp_re‐
5665 ply, tcp_close, tcp_close_wait, tcp_established, tcp_fin_wait,
5666 tcp_last_ack, tcp_retransmit, tcp_syn_recv, tcp_syn_sent2,
5667 tcp_syn_sent, tcp_time_wait, tcp_unack, udp_first, udp_multiple, or
5668 udp_single, value in range 0 to 4,294,967,295
5669 The timeouts column contains key-value pairs used to configure
5670 connection tracking timeouts in a datapath. Key-value pairs that
5671 are not supported by a datapath are ignored. The timeout value
5672 is in seconds.
5673
5674 TCP Timeouts:
5675
5676 timeouts : tcp_syn_sent: optional integer, in range 0 to 4,294,967,295
5677 The timeout for the connection after the first TCP SYN packet
5678 has been seen by conntrack.
5679
5680 timeouts : tcp_syn_recv: optional integer, in range 0 to 4,294,967,295
5681 The timeout of the connection after the first TCP SYN-ACK packet
5682 has been seen by conntrack.
5683
5684 timeouts : tcp_established: optional integer, in range 0 to
5685 4,294,967,295
5686 The timeout of the connection after the connection has been
5687 fully established.
5688
5689 timeouts : tcp_fin_wait: optional integer, in range 0 to 4,294,967,295
5690 The timeout of the connection after the first TCP FIN packet has
5691 been seen by conntrack.
5692
5693 timeouts : tcp_close_wait: optional integer, in range 0 to
5694 4,294,967,295
5695 The timeout of the connection after the first TCP ACK packet has
5696 been seen after it receives TCP FIN packet. This timeout is only
5697 supported by the Linux kernel datapath.
5698
5699 timeouts : tcp_last_ack: optional integer, in range 0 to 4,294,967,295
5700 The timeout of the connection after TCP FIN packets have been
5701 seen by conntrack from both directions. This timeout is only
5702 supported by the Linux kernel datapath.
5703
5704 timeouts : tcp_time_wait: optional integer, in range 0 to 4,294,967,295
5705 The timeout of the connection after conntrack has seen the TCP
5706 ACK packet for the second TCP FIN packet.
5707
5708 timeouts : tcp_close: optional integer, in range 0 to 4,294,967,295
5709 The timeout of the connection after the first TCP RST packet has
5710 been seen by conntrack.
5711
5712 timeouts : tcp_syn_sent2: optional integer, in range 0 to 4,294,967,295
5713 The timeout of the connection when only a TCP SYN packet has
5714 been seen by conntrack from both directions (simultaneous open).
5715 This timeout is only supported by the Linux kernel datapath.
5716
5717 timeouts : tcp_retransmit: optional integer, in range 0 to
5718 4,294,967,295
5719 The timeout of the connection when it exceeds the maximum number
5720 of retransmissions. This timeout is only supported by the Linux
5721 kernel datapath.
5722
5723 timeouts : tcp_unack: optional integer, in range 0 to 4,294,967,295
5724 The timeout of the connection when non-SYN packets create an es‐
5725 tablished connection in TCP loose tracking mode. This timeout is
5726 only supported by the Linux kernel datapath.
5727
5728 UDP Timeouts:
5729
5730 timeouts : udp_first: optional integer, in range 0 to 4,294,967,295
5731 The timeout of the connection after the first UDP packet has
5732 been seen by conntrack. This timeout is only supported by the
5733 userspace datapath.
5734
5735 timeouts : udp_single: optional integer, in range 0 to 4,294,967,295
5736 The timeout of the connection when conntrack only seen UDP
5737 packet from the source host, but the destination host has never
5738 sent one back.
5739
5740 timeouts : udp_multiple: optional integer, in range 0 to 4,294,967,295
5741 The timeout of the connection when UDP packets have been seen in
5742 both directions.
5743
5744 ICMP Timeouts:
5745
5746 timeouts : icmp_first: optional integer, in range 0 to 4,294,967,295
5747 The timeout of the connection after the first ICMP packet has
5748 been seen by conntrack.
5749
5750 timeouts : icmp_reply: optional integer, in range 0 to 4,294,967,295
5751 The timeout of the connection when ICMP packets have been seen
5752 in both direction. This timeout is only supported by the
5753 userspace datapath.
5754
5755 Common Columns:
5756
5757 The overall purpose of these columns is described under Common Columns
5758 at the beginning of this document.
5759
5760 external_ids: map of string-string pairs
5761
5763 SSL configuration for an Open_vSwitch.
5764
5765 Summary:
5766 private_key string
5767 certificate string
5768 ca_cert string
5769 bootstrap_ca_cert boolean
5770 Common Columns:
5771 external_ids map of string-string pairs
5772
5773 Details:
5774 private_key: string
5775 Name of a PEM file containing the private key used as the
5776 switch’s identity for SSL connections to the controller.
5777
5778 certificate: string
5779 Name of a PEM file containing a certificate, signed by the cer‐
5780 tificate authority (CA) used by the controller and manager, that
5781 certifies the switch’s private key, identifying a trustworthy
5782 switch.
5783
5784 ca_cert: string
5785 Name of a PEM file containing the CA certificate used to verify
5786 that the switch is connected to a trustworthy controller.
5787
5788 bootstrap_ca_cert: boolean
5789 If set to true, then Open vSwitch will attempt to obtain the CA
5790 certificate from the controller on its first SSL connection and
5791 save it to the named PEM file. If it is successful, it will im‐
5792 mediately drop the connection and reconnect, and from then on
5793 all SSL connections must be authenticated by a certificate
5794 signed by the CA certificate thus obtained. This option exposes
5795 the SSL connection to a man-in-the-middle attack obtaining the
5796 initial CA certificate. It may still be useful for bootstrap‐
5797 ping.
5798
5799 Common Columns:
5800
5801 The overall purpose of these columns is described under Common Columns
5802 at the beginning of this document.
5803
5804 external_ids: map of string-string pairs
5805
5807 A set of sFlow(R) targets. sFlow is a protocol for remote monitoring of
5808 switches.
5809
5810 Summary:
5811 agent optional string
5812 header optional integer
5813 polling optional integer
5814 sampling optional integer
5815 targets set of 1 or more strings
5816 Common Columns:
5817 external_ids map of string-string pairs
5818
5819 Details:
5820 agent: optional string
5821 Determines the agent address, that is, the IP address reported
5822 to collectors as the source of the sFlow data. It may be an IP
5823 address or the name of a network device. In the latter case, the
5824 network device’s IP address is used,
5825
5826 If not specified, the agent device is figured from the first
5827 target address and the routing table. If the routing table does
5828 not contain a route to the target, the IP address defaults to
5829 the local_ip in the collector’s Controller.
5830
5831 If an agent IP address cannot be determined, sFlow is disabled.
5832
5833 header: optional integer
5834 Number of bytes of a sampled packet to send to the collector. If
5835 not specified, the default is 128 bytes.
5836
5837 polling: optional integer
5838 Polling rate in seconds to send port statistics to the collec‐
5839 tor. If not specified, defaults to 30 seconds.
5840
5841 sampling: optional integer
5842 Rate at which packets should be sampled and sent to the collec‐
5843 tor. If not specified, defaults to 400, which means one out of
5844 400 packets, on average, will be sent to the collector.
5845
5846 targets: set of 1 or more strings
5847 sFlow targets in the form ip:port.
5848
5849 Common Columns:
5850
5851 The overall purpose of these columns is described under Common Columns
5852 at the beginning of this document.
5853
5854 external_ids: map of string-string pairs
5855
5857 Configuration for sending packets to IPFIX collectors.
5858
5859 IPFIX is a protocol that exports a number of details about flows. The
5860 IPFIX implementation in Open vSwitch samples packets at a configurable
5861 rate, extracts flow information from those packets, optionally caches
5862 and aggregates the flow information, and sends the result to one or
5863 more collectors.
5864
5865 IPFIX in Open vSwitch can be configured two different ways:
5866
5867 • With per-bridge sampling, Open vSwitch performs IPFIX
5868 sampling automatically on all packets that pass through a
5869 bridge. To configure per-bridge sampling, create an IPFIX
5870 record and point a Bridge table’s ipfix column to it. The
5871 Flow_Sample_Collector_Set table is not used for per-
5872 bridge sampling.
5873
5874 • With flow-based sampling, sample actions in the OpenFlow
5875 flow table drive IPFIX sampling. See ovs-actions(7) for a
5876 description of the sample action.
5877
5878 Flow-based sampling also requires database configuration:
5879 create a IPFIX record that describes the IPFIX configura‐
5880 tion and a Flow_Sample_Collector_Set record that points
5881 to the Bridge whose flow table holds the sample actions
5882 and to IPFIX record. The ipfix in the Bridge table is not
5883 used for flow-based sampling.
5884
5885 Summary:
5886 targets set of strings
5887 cache_active_timeout optional integer, in range 0 to 4,200
5888 cache_max_flows optional integer, in range 0 to
5889 4,294,967,295
5890 other_config : enable-tunnel-sampling
5891 optional string, either true or false
5892 other_config : virtual_obs_id optional string
5893 Per-Bridge Sampling:
5894 sampling optional integer, in range 1 to
5895 4,294,967,295
5896 obs_domain_id optional integer, in range 0 to
5897 4,294,967,295
5898 obs_point_id optional integer, in range 0 to
5899 4,294,967,295
5900 other_config : enable-input-sampling
5901 optional string, either true or false
5902 other_config : enable-output-sampling
5903 optional string, either true or false
5904 Common Columns:
5905 external_ids map of string-string pairs
5906
5907 Details:
5908 targets: set of strings
5909 IPFIX target collectors in the form ip:port.
5910
5911 cache_active_timeout: optional integer, in range 0 to 4,200
5912 The maximum period in seconds for which an IPFIX flow record is
5913 cached and aggregated before being sent. If not specified, de‐
5914 faults to 0. If 0, caching is disabled.
5915
5916 cache_max_flows: optional integer, in range 0 to 4,294,967,295
5917 The maximum number of IPFIX flow records that can be cached at a
5918 time. If not specified, defaults to 0. If 0, caching is dis‐
5919 abled.
5920
5921 other_config : enable-tunnel-sampling: optional string, either true or
5922 false
5923 Set to true to enable sampling and reporting tunnel header 7-tu‐
5924 ples in IPFIX flow records. Tunnel sampling is enabled by de‐
5925 fault.
5926
5927 The following enterprise entities report the sampled tunnel
5928 info:
5929
5930 tunnelType:
5931 ID: 891, and enterprise ID 6876 (VMware).
5932
5933 type: unsigned 8-bit integer.
5934
5935 data type semantics: identifier.
5936
5937 description: Identifier of the layer 2 network overlay
5938 network encapsulation type: 0x01 VxLAN, 0x02 GRE, 0x03
5939 LISP, 0x07 GENEVE.
5940
5941 tunnelKey:
5942 ID: 892, and enterprise ID 6876 (VMware).
5943
5944 type: variable-length octetarray.
5945
5946 data type semantics: identifier.
5947
5948 description: Key which is used for identifying an indi‐
5949 vidual traffic flow within a VxLAN (24-bit VNI), GENEVE
5950 (24-bit VNI), GRE (32-bit key), or LISP (24-bit instance
5951 ID) tunnel. The key is encoded in this octetarray as a
5952 3-, 4-, or 8-byte integer ID in network byte order.
5953
5954 tunnelSourceIPv4Address:
5955 ID: 893, and enterprise ID 6876 (VMware).
5956
5957 type: unsigned 32-bit integer.
5958
5959 data type semantics: identifier.
5960
5961 description: The IPv4 source address in the tunnel IP
5962 packet header.
5963
5964 tunnelDestinationIPv4Address:
5965 ID: 894, and enterprise ID 6876 (VMware).
5966
5967 type: unsigned 32-bit integer.
5968
5969 data type semantics: identifier.
5970
5971 description: The IPv4 destination address in the tunnel
5972 IP packet header.
5973
5974 tunnelProtocolIdentifier:
5975 ID: 895, and enterprise ID 6876 (VMware).
5976
5977 type: unsigned 8-bit integer.
5978
5979 data type semantics: identifier.
5980
5981 description: The value of the protocol number in the tun‐
5982 nel IP packet header. The protocol number identifies the
5983 tunnel IP packet payload type.
5984
5985 tunnelSourceTransportPort:
5986 ID: 896, and enterprise ID 6876 (VMware).
5987
5988 type: unsigned 16-bit integer.
5989
5990 data type semantics: identifier.
5991
5992 description: The source port identifier in the tunnel
5993 transport header. For the transport protocols UDP, TCP,
5994 and SCTP, this is the source port number given in the re‐
5995 spective header.
5996
5997 tunnelDestinationTransportPort:
5998 ID: 897, and enterprise ID 6876 (VMware).
5999
6000 type: unsigned 16-bit integer.
6001
6002 data type semantics: identifier.
6003
6004 description: The destination port identifier in the tun‐
6005 nel transport header. For the transport protocols UDP,
6006 TCP, and SCTP, this is the destination port number given
6007 in the respective header.
6008
6009 Before Open vSwitch 2.5.90, other_config:enable-tunnel-sampling
6010 was only supported with per-bridge sampling, and ignored other‐
6011 wise. Open vSwitch 2.5.90 and later support other_config:enable-
6012 tunnel-sampling for per-bridge and per-flow sampling.
6013
6014 other_config : virtual_obs_id: optional string
6015 A string that accompanies each IPFIX flow record. Its intended
6016 use is for the ``virtual observation ID,’’ an identifier of a
6017 virtual observation point that is locally unique in a virtual
6018 network. It describes a location in the virtual network where IP
6019 packets can be observed. The maximum length is 254 bytes. If not
6020 specified, the field is omitted from the IPFIX flow record.
6021
6022 The following enterprise entity reports the specified virtual
6023 observation ID:
6024
6025 virtualObsID:
6026 ID: 898, and enterprise ID 6876 (VMware).
6027
6028 type: variable-length string.
6029
6030 data type semantics: identifier.
6031
6032 description: A virtual observation domain ID that is lo‐
6033 cally unique in a virtual network.
6034
6035 This feature was introduced in Open vSwitch 2.5.90.
6036
6037 Per-Bridge Sampling:
6038
6039 These values affect only per-bridge sampling. See above for a descrip‐
6040 tion of the differences between per-bridge and flow-based sampling.
6041
6042 sampling: optional integer, in range 1 to 4,294,967,295
6043 The rate at which packets should be sampled and sent to each
6044 target collector. If not specified, defaults to 400, which means
6045 one out of 400 packets, on average, will be sent to each target
6046 collector.
6047
6048 obs_domain_id: optional integer, in range 0 to 4,294,967,295
6049 The IPFIX Observation Domain ID sent in each IPFIX packet. If
6050 not specified, defaults to 0.
6051
6052 obs_point_id: optional integer, in range 0 to 4,294,967,295
6053 The IPFIX Observation Point ID sent in each IPFIX flow record.
6054 If not specified, defaults to 0.
6055
6056 other_config : enable-input-sampling: optional string, either true or
6057 false
6058 By default, Open vSwitch samples and reports flows at bridge
6059 port input in IPFIX flow records. Set this column to false to
6060 disable input sampling.
6061
6062 other_config : enable-output-sampling: optional string, either true or
6063 false
6064 By default, Open vSwitch samples and reports flows at bridge
6065 port output in IPFIX flow records. Set this column to false to
6066 disable output sampling.
6067
6068 Common Columns:
6069
6070 The overall purpose of these columns is described under Common Columns
6071 at the beginning of this document.
6072
6073 external_ids: map of string-string pairs
6074
6076 A set of IPFIX collectors of packet samples generated by OpenFlow sam‐
6077 ple actions. This table is used only for IPFIX flow-based sampling, not
6078 for per-bridge sampling (see the IPFIX table for a description of the
6079 two forms).
6080
6081 Summary:
6082 id integer, in range 0 to 4,294,967,295
6083 bridge Bridge
6084 ipfix optional IPFIX
6085 Common Columns:
6086 external_ids map of string-string pairs
6087
6088 Details:
6089 id: integer, in range 0 to 4,294,967,295
6090 The ID of this collector set, unique among the bridge’s collec‐
6091 tor sets, to be used as the collector_set_id in OpenFlow sample
6092 actions.
6093
6094 bridge: Bridge
6095 The bridge into which OpenFlow sample actions can be added to
6096 send packet samples to this set of IPFIX collectors.
6097
6098 ipfix: optional IPFIX
6099 Configuration of the set of IPFIX collectors to send one flow
6100 record per sampled packet to.
6101
6102 Common Columns:
6103
6104 The overall purpose of these columns is described under Common Columns
6105 at the beginning of this document.
6106
6107 external_ids: map of string-string pairs
6108
6110 Auto Attach configuration within a bridge. The IETF Auto-Attach SPBM
6111 draft standard describes a compact method of using IEEE 802.1AB Link
6112 Layer Discovery Protocol (LLDP) together with a IEEE 802.1aq Shortest
6113 Path Bridging (SPB) network to automatically attach network devices to
6114 individual services in a SPB network. The intent here is to allow net‐
6115 work applications and devices using OVS to be able to easily take ad‐
6116 vantage of features offered by industry standard SPB networks.
6117
6118 Auto Attach (AA) uses LLDP to communicate between a directly connected
6119 Auto Attach Client (AAC) and Auto Attach Server (AAS). The LLDP proto‐
6120 col is extended to add two new Type-Length-Value tuples (TLVs). The
6121 first new TLV supports the ongoing discovery of directly connected AA
6122 correspondents. Auto Attach operates by regularly transmitting AA dis‐
6123 covery TLVs between the AA client and AA server. By exchanging these
6124 discovery messages, both the AAC and AAS learn the system name and sys‐
6125 tem description of their peer. In the OVS context, OVS operates as the
6126 AA client and the AA server resides on a switch at the edge of the SPB
6127 network.
6128
6129 Once AA discovery has been completed the AAC then uses the second new
6130 TLV to deliver identifier mappings from the AAC to the AAS. A primary
6131 feature of Auto Attach is to facilitate the mapping of VLANs defined
6132 outside the SPB network onto service ids (ISIDs) defined within the SPM
6133 network. By doing so individual external VLANs can be mapped onto spe‐
6134 cific SPB network services. These VLAN id to ISID mappings can be con‐
6135 figured and managed locally using new options added to the ovs-vsctl
6136 command.
6137
6138 The Auto Attach OVS feature does not provide a full implementation of
6139 the LLDP protocol. Support for the mandatory TLVs as defined by the
6140 LLDP standard and support for the AA TLV extensions is provided. LLDP
6141 protocol support in OVS can be enabled or disabled on a port by port
6142 basis. LLDP support is disabled by default.
6143
6144 Summary:
6145 system_name string
6146 system_description string
6147 mappings map of integer-integer pairs, key in
6148 range 0 to 16,777,215, value in range 0
6149 to 4,095
6150
6151 Details:
6152 system_name: string
6153 The system_name string is exported in LLDP messages. It should
6154 uniquely identify the bridge in the network.
6155
6156 system_description: string
6157 The system_description string is exported in LLDP messages. It
6158 should describe the type of software and hardware.
6159
6160 mappings: map of integer-integer pairs, key in range 0 to 16,777,215,
6161 value in range 0 to 4,095
6162 A mapping from SPB network Individual Service Identifier (ISID)
6163 to VLAN id.
6164
6165
6166
6167Open vSwitch 2.17.0 DB Schema 8.3.0 ovs-vswitchd.conf.db(5)