1ovs-vswitchd.conf.db(5)       Open vSwitch Manual      ovs-vswitchd.conf.db(5)
2
3
4

NAME

6       ovs-vswitchd.conf.db - Open_vSwitch database schema
7
8       A  database  with  this  schema  holds  the  configuration for one Open
9       vSwitch daemon. The top-level  configuration  for  the  daemon  is  the
10       Open_vSwitch  table,  which  must  have  exactly one record. Records in
11       other tables are significant only when they can be reached directly  or
12       indirectly  from the Open_vSwitch table. Records that are not reachable
13       from the Open_vSwitch table are automatically deleted  from  the  data‐
14       base, except for records in a few distinguished ``root set’’ tables.
15
16   Common Columns
17       Most  tables contain two special columns, named other_config and exter‐
18       nal_ids. These columns have the same form and purpose each  place  that
19       they appear, so we describe them here to save space later.
20
21              other_config: map of string-string pairs
22                     Key-value  pairs  for  configuring  rarely used features.
23                     Supported keys, along with the forms taken by their  val‐
24                     ues, are documented individually for each table.
25
26                     A  few tables do not have other_config columns because no
27                     key-value pairs have yet been defined for them.
28
29              external_ids: map of string-string pairs
30                     Key-value pairs for use by external frameworks that inte‐
31                     grate  with Open vSwitch, rather than by Open vSwitch it‐
32                     self. System  integrators  should  either  use  the  Open
33                     vSwitch  development mailing list to coordinate on common
34                     key-value definitions,  or  choose  key  names  that  are
35                     likely to be unique. In some cases, where key-value pairs
36                     have been defined that are likely to  be  widely  useful,
37                     they are documented individually for each table.
38

TABLE SUMMARY

40       The  following list summarizes the purpose of each of the tables in the
41       Open_vSwitch database.  Each table is described in  more  detail  on  a
42       later page.
43
44       Table     Purpose
45       Open_vSwitch
46                 Open vSwitch configuration.
47       Bridge    Bridge configuration.
48       Port      Port configuration.
49       Interface One physical network device in a Port.
50       Flow_Table
51                 OpenFlow table configuration
52       QoS       Quality of Service configuration
53       Queue     QoS output queue.
54       Mirror    Port mirroring.
55       Controller
56                 OpenFlow controller configuration.
57       Manager   OVSDB management connection.
58       NetFlow   NetFlow configuration.
59       Datapath  Datapath configuration.
60       CT_Zone   CT_Zone configuration.
61       CT_Timeout_Policy
62                 CT_Timeout_Policy configuration.
63       SSL       SSL configuration.
64       sFlow     sFlow configuration.
65       IPFIX     IPFIX configuration.
66       Flow_Sample_Collector_Set
67                 Flow_Sample_Collector_Set configuration.
68       AutoAttach
69                 AutoAttach configuration.
70

Open_vSwitch TABLE

72       Configuration  for  an  Open  vSwitch daemon. There must be exactly one
73       record in the Open_vSwitch table.
74
75   Summary:
76       Configuration:
77         datapaths                   map of string-Datapath pairs
78         bridges                     set of Bridges
79         ssl                         optional SSL
80         external_ids : system-id    optional string
81         external_ids : xs-system-uuid
82                                     optional string
83         external_ids : hostname     optional string
84         external_ids : rundir       optional string
85         other_config : stats-update-interval
86                                     optional string, containing  an  integer,
87                                     at least 5,000
88         other_config : flow-restore-wait
89                                     optional string, either true or false
90         other_config : flow-limit   optional  string,  containing an integer,
91                                     at least 0
92         other_config : max-idle     optional string, containing  an  integer,
93                                     at least 500
94         other_config : max-revalidator
95                                     optional  string,  containing an integer,
96                                     at least 100
97         other_config : min-revalidate-pps
98                                     optional string, containing  an  integer,
99                                     at least 1
100         other_config : hw-offload   optional string, either true or false
101         other_config : n-offload-threads
102                                     optional  string,  containing an integer,
103                                     in range 1 to 10
104         other_config : tc-policy    optional string, one of none, skip_hw, or
105                                     skip_sw
106         other_config : dpdk-init    optional  string,  one of false, true, or
107                                     try
108         other_config : dpdk-lcore-mask
109                                     optional string, containing  an  integer,
110                                     at least 1
111         other_config : pmd-cpu-mask
112                                     optional string
113         other_config : dpdk-alloc-mem
114                                     optional  string,  containing an integer,
115                                     at least 0
116         other_config : dpdk-socket-mem
117                                     optional string
118         other_config : dpdk-socket-limit
119                                     optional string
120         other_config : dpdk-hugepage-dir
121                                     optional string
122         other_config : dpdk-extra   optional string
123         other_config : vhost-sock-dir
124                                     optional string
125         other_config : vhost-iommu-support
126                                     optional string, either true or false
127         other_config : vhost-postcopy-support
128                                     optional string, either true or false
129         other_config : per-port-memory
130                                     optional string, either true or false
131         other_config : tx-flush-interval
132                                     optional string, containing  an  integer,
133                                     in range 0 to 1,000,000
134         other_config : pmd-perf-metrics
135                                     optional string, either true or false
136         other_config : smc-enable   optional string, either true or false
137         other_config : pmd-rxq-assign
138                                     optional string, one of cycles, group, or
139                                     roundrobin
140         other_config : pmd-rxq-isolate
141                                     optional string, either true or false
142         other_config : n-handler-threads
143                                     optional string, containing  an  integer,
144                                     at least 1
145         other_config : n-revalidator-threads
146                                     optional  string,  containing an integer,
147                                     at least 1
148         other_config : emc-insert-inv-prob
149                                     optional string, containing  an  integer,
150                                     in range 0 to 4,294,967,295
151         other_config : vlan-limit   optional  string,  containing an integer,
152                                     at least 0
153         other_config : bundle-idle-timeout
154                                     optional string, containing  an  integer,
155                                     at least 1
156         other_config : offload-rebalance
157                                     optional string, either true or false
158         other_config : pmd-auto-lb  optional string, either true or false
159         other_config : pmd-auto-lb-rebal-interval
160                                     optional  string,  containing an integer,
161                                     in range 0 to 20,000
162         other_config : pmd-auto-lb-load-threshold
163                                     optional string, containing  an  integer,
164                                     in range 0 to 100
165         other_config : pmd-auto-lb-improvement-threshold
166                                     optional  string,  containing an integer,
167                                     in range 0 to 100
168         other_config : userspace-tso-enable
169                                     optional string, either true or false
170       Status:
171         next_cfg                    integer
172         cur_cfg                     integer
173         dpdk_initialized            boolean
174         Statistics:
175            other_config : enable-statistics
176                                     optional string, either true or false
177            statistics : cpu         optional string, containing  an  integer,
178                                     at least 1
179            statistics : load_average
180                                     optional string
181            statistics : memory      optional string
182            statistics : process_NAME
183                                     optional string
184            statistics : file_systems
185                                     optional string
186       Version Reporting:
187         ovs_version                 optional string
188         db_version                  optional string
189         system_type                 optional string
190         system_version              optional string
191         dpdk_version                optional string
192       Capabilities:
193         datapath_types              set of strings
194         iface_types                 set of strings
195       Database Configuration:
196         manager_options             set of Managers
197       IPsec:
198         other_config : private_key  optional string
199         other_config : certificate  optional string
200         other_config : ca_cert      optional string
201         Plaintext Tunnel Policy:
202            other_config : ipsec_skb_mark
203                                     optional string
204       Common Columns:
205         other_config                map of string-string pairs
206         external_ids                map of string-string pairs
207
208   Details:
209     Configuration:
210
211       datapaths: map of string-Datapath pairs
212              Map  of datapath types to datapaths. The datapath_type column of
213              the Bridge table is used as a key for this map. The value points
214              to a row in the Datapath table.
215
216       bridges: set of Bridges
217              Set of bridges managed by the daemon.
218
219       ssl: optional SSL
220              SSL used globally by the daemon.
221
222       external_ids : system-id: optional string
223              A  unique  identifier  for the Open vSwitch’s physical host. The
224              form of the identifier depends on the type of  the  host.  On  a
225              Citrix  XenServer,  this  will  likely  be  the  same  as exter‐
226              nal_ids:xs-system-uuid.
227
228       external_ids : xs-system-uuid: optional string
229              The Citrix XenServer universally unique identifier for the phys‐
230              ical host as displayed by xe host-list.
231
232       external_ids : hostname: optional string
233              The  hostname for the host running Open vSwitch. This is a fully
234              qualified domain name since version 2.6.2.
235
236       external_ids : rundir: optional string
237              In Open vSwitch 2.8 and later, the run directory of the  running
238              Open  vSwitch  daemon.  This directory is used for runtime state
239              such as control and management sockets. The value of  other_con‐
240              fig:vhost-sock-dir is relative to this directory.
241
242       other_config  :  stats-update-interval:  optional string, containing an
243       integer, at least 5,000
244              Interval for updating statistics to the database,  in  millisec‐
245              onds.  This option will affect the update of the statistics col‐
246              umn in the following tables: Port, Interface , Mirror.
247
248              Default value is 5000 ms.
249
250              Getting statistics more frequently can be achieved via OpenFlow.
251
252       other_config : flow-restore-wait: optional string, either true or false
253              When ovs-vswitchd starts up, it has  an  empty  flow  table  and
254              therefore it handles all arriving packets in its default fashion
255              according to its configuration, by dropping them or sending them
256              to  an  OpenFlow  controller  or  switching them as a standalone
257              switch. This  behavior  is  ordinarily  desirable.  However,  if
258              ovs-vswitchd  is  restarting  as part of a ``hot-upgrade,’’ then
259              this leads to a relatively long period during which packets  are
260              mishandled.
261
262              This  option  allows  for  improvement. When ovs-vswitchd starts
263              with this value set as true, it will  neither  flush  or  expire
264              previously  set  datapath flows nor will it send and receive any
265              packets to or from the datapath. When this value is later set to
266              false,  ovs-vswitchd will start receiving packets from the data‐
267              path and re-setup the flows.
268
269              Additionally, ovs-vswitchd is prevented from connecting to  con‐
270              trollers  when  this  value  is  set to true. This prevents con‐
271              trollers from making changes to the flow table in the middle  of
272              flow restoration, which could result in undesirable intermediate
273              states. Once this value has been set to false  and  the  desired
274              flow  state  has been restored, ovs-vswitchd will be able to re‐
275              connect to controllers and process any new flow table  modifica‐
276              tions.
277
278              Thus,  with  this  option,  the  procedure  for a hot-upgrade of
279              ovs-vswitchd becomes roughly the following:
280
281              1.  Stop ovs-vswitchd.
282
283              2.  Set other_config:flow-restore-wait to true.
284
285              3.  Start ovs-vswitchd.
286
287              4.  Use ovs-ofctl (or some other program, such  as  an  OpenFlow
288                  controller)  to  restore  the OpenFlow flow table to the de‐
289                  sired state.
290
291              5.  Set other_config:flow-restore-wait to false  (or  remove  it
292                  entirely from the database).
293
294              The  ovs-ctl’s  ``restart’’  and ``force-reload-kmod’’ functions
295              use the above config option during hot upgrades.
296
297       other_config : flow-limit: optional string, containing an  integer,  at
298       least 0
299              The  maximum number of flows allowed in the datapath flow table.
300              Internally OVS will choose a flow limit  which  will  likely  be
301              lower  than  this number, based on real time network conditions.
302              Tweaking this value is discouraged unless you know exactly  what
303              you’re doing.
304
305              The default is 200000.
306
307       other_config  :  max-idle:  optional  string, containing an integer, at
308       least 500
309              The maximum time (in ms) that idle flows will remain  cached  in
310              the  datapath. Internally OVS will check the validity and activ‐
311              ity for datapath flows regularly and may  expire  flows  quicker
312              than  this number, based on real time network conditions. Tweak‐
313              ing this value is  discouraged  unless  you  know  exactly  what
314              you’re doing.
315
316              The default is 10000.
317
318       other_config : max-revalidator: optional string, containing an integer,
319       at least 100
320              The maximum time (in ms) that revalidator threads will wait  be‐
321              fore  executing flow revalidation. Note that this is maximum al‐
322              lowed value. Actual timeout used by OVS is minimum  of  max-idle
323              and  max-revalidator  values. Tweaking this value is discouraged
324              unless you know exactly what you’re doing.
325
326              The default is 500.
327
328       other_config : min-revalidate-pps: optional string, containing an inte‐
329       ger, at least 1
330              Set  minimum  pps that flow must have in order to be revalidated
331              when revalidation duration exceeds half of max-revalidator  con‐
332              fig variable.
333
334              The default is 5.
335
336       other_config : hw-offload: optional string, either true or false
337              Set this value to true to enable netdev flow offload.
338
339              The  default  value  is  false.  Changing  this  value  requires
340              restarting the daemon
341
342              Currently Open vSwitch supports  hardware  offloading  on  Linux
343              systems. On other systems, this value is ignored. This function‐
344              ality is considered ’experimental’. Depending on which  OpenFlow
345              matches  and  actions  are  configured,  which kernel version is
346              used, and what hardware is available, Open vSwitch  may  not  be
347              able to offload functionality to hardware.
348
349              In   order   to   dump   HW   offloaded   flows  use  ovs-appctl
350              dpctl/dump-flows, ovs-dpctl doesn’t support this  functionality.
351              See ovs-vswitchd(8) for details.
352
353       other_config  : n-offload-threads: optional string, containing an inte‐
354       ger, in range 1 to 10
355              Set this value to the number of threads created to manage  hard‐
356              ware offloads.
357
358              The  default value is 1. Changing this value requires restarting
359              the daemon.
360
361              This is  only  relevant  for  userspace  datapath  and  only  if
362              other_config:hw-offload is enabled.
363
364       other_config  :  tc-policy:  optional  string, one of none, skip_hw, or
365       skip_sw
366              Specified the policy used with HW offloading. Options:
367
368              none   Add software rule and offload rule to HW.
369
370              skip_sw
371                     Offload rule to HW only.
372
373              skip_hw
374                     Add software rule without offloading rule to HW.
375
376              This is only relevant if other_config:hw-offload is enabled.
377
378              The default value is none.
379
380       other_config : dpdk-init: optional string, one of false, true, or try
381              Set this value to true or try to enable runtime support for DPDK
382              ports.  The  vswitch  must have compile-time support for DPDK as
383              well.
384
385              A value of true will cause the ovs-vswitchd process to abort  if
386              DPDK  cannot  be initialized. A value of try will allow the ovs-
387              vswitchd process to continue running even if DPDK cannot be ini‐
388              tialized.
389
390              The  default  value  is  false.  Changing  this  value  requires
391              restarting the daemon
392
393              If this value is false at startup, any dpdk ports which are con‐
394              figured in the bridge will fail due to memory errors.
395
396       other_config : dpdk-lcore-mask: optional string, containing an integer,
397       at least 1
398              Specifies the CPU cores  where  dpdk  lcore  threads  should  be
399              spawned. The DPDK lcore threads are used for DPDK library tasks,
400              such as library internal message processing, logging, etc. Value
401              should  be  in  the form of a hex string (so ’0x123’) similar to
402              the ’taskset’ mask input.
403
404              The lowest order bit corresponds to the first CPU  core.  A  set
405              bit  means  the  corresponding  core  is  available and an lcore
406              thread will be created and pinned to it. If the input  does  not
407              cover all cores, those uncovered cores are considered not set.
408
409              For performance reasons, it is best to set this to a single core
410              on the system, rather than allow lcore threads to float.
411
412              If not specified, the value will be determined by  choosing  the
413              lowest  CPU  core from initial cpu affinity list. Otherwise, the
414              value will be passed directly to the DPDK library.
415
416       other_config : pmd-cpu-mask: optional string
417              Specifies CPU mask for setting the cpu  affinity  of  PMD  (Poll
418              Mode Driver) threads. Value should be in the form of hex string,
419              similar to the dpdk  EAL  ’-c  COREMASK’  option  input  or  the
420              ’taskset’ mask input.
421
422              The  lowest  order  bit corresponds to the first CPU core. A set
423              bit means the corresponding core is available and a  pmd  thread
424              will  be  created  and pinned to it. If the input does not cover
425              all cores, those uncovered cores are considered not set.
426
427              If not specified, one pmd thread will be created for  each  numa
428              node  and  pinned  to any available core on the numa node by de‐
429              fault.
430
431       other_config : dpdk-alloc-mem: optional string, containing an  integer,
432       at least 0
433              Specifies  the amount of memory to preallocate from the hugepage
434              pool, regardless of socket. It is recommended that  dpdk-socket-
435              mem is used instead.
436
437       other_config : dpdk-socket-mem: optional string
438              Specifies  the amount of memory to preallocate from the hugepage
439              pool, on a per-socket basis.
440
441              The specifier is a comma-separated string, in ascending order of
442              CPU  socket.  E.g. On a four socket system 1024,0,2048 would set
443              socket 0 to preallocate 1024MB, socket  1  to  preallocate  0MB,
444              socket  2 to preallocate 2048MB and socket 3 (no value given) to
445              preallocate 0MB.
446
447              If other_config:dpdk-socket-mem and  other_config:dpdk-alloc-mem
448              are not specified, neither will be used and there will be no de‐
449              fault value for each numa node. DPDK defaults will be  used  in‐
450              stead. If other_config:dpdk-socket-mem and other_config:dpdk-al‐
451              loc-mem are  specified  at  the  same  time,  other_config:dpdk-
452              socket-mem will be used as default. Changing this value requires
453              restarting the daemon.
454
455       other_config : dpdk-socket-limit: optional string
456              Limits the maximum amount of memory that can be  used  from  the
457              hugepage pool, on a per-socket basis.
458
459              The  specifier  is  a  comma-separated list of memory limits per
460              socket. 0 will disable the limit for a particular socket.
461
462              If not specified, OVS will  not  configure  limits  by  default.
463              Changing this value requires restarting the daemon.
464
465       other_config : dpdk-hugepage-dir: optional string
466              Specifies the path to the hugetlbfs mount point.
467
468              If  not specified, this will be guessed by the DPDK library (de‐
469              fault is /dev/hugepages). Changing this value requires  restart‐
470              ing the daemon.
471
472       other_config : dpdk-extra: optional string
473              Specifies additional eal command line arguments for DPDK.
474
475              The  default  is  empty. Changing this value requires restarting
476              the daemon
477
478       other_config : vhost-sock-dir: optional string
479              Specifies a relative path from external_ids:rundir to the vhost-
480              user unix domain socket files. If this value is unset, the sock‐
481              ets are put directly in external_ids:rundir.
482
483              Changing this value requires restarting the daemon.
484
485       other_config : vhost-iommu-support: optional  string,  either  true  or
486       false
487              vHost  IOMMU  is  a  security feature, which restricts the vhost
488              memory that a virtio device may access. vHost IOMMU  support  is
489              disabled by default, due to a bug in QEMU implementations of the
490              vhost REPLY_ACK protocol, (on which vHost IOMMU relies) prior to
491              v2.9.1.  Setting  this value to true enables vHost IOMMU support
492              for vHost User Client ports  in  OvS-DPDK,  starting  from  DPDK
493              v17.11.
494
495              Changing this value requires restarting the daemon.
496
497       other_config  : vhost-postcopy-support: optional string, either true or
498       false
499              vHost post-copy is a feature which allows switching live  migra‐
500              tion  of  VM  attached  to dpdkvhostuserclient port to post-copy
501              mode if default pre-copy migration can not be converged or takes
502              too  long  to converge. Setting this value to true enables vHost
503              post-copy support for all dpdkvhostuserclient  ports.  Available
504              starting from DPDK v18.11 and QEMU 2.12.
505
506              Changing this value requires restarting the daemon.
507
508       other_config : per-port-memory: optional string, either true or false
509              By  default  OVS DPDK uses a shared memory model wherein devices
510              that have the same MTU and socket values can share the same mem‐
511              pool.  Setting  this  value  to true changes this behaviour. Per
512              port memory allow DPDK devices to use private memory per device.
513              This  can  provide  greater transparency as regards memory usage
514              but potentially at the cost of greater memory requirements.
515
516              Changing this value requires restarting the daemon if  dpdk-init
517              has already been set to true.
518
519       other_config  : tx-flush-interval: optional string, containing an inte‐
520       ger, in range 0 to 1,000,000
521              Specifies the time in microseconds that a  packet  can  wait  in
522              output  batch  for  sending  i.e. amount of time that packet can
523              spend in an intermediate output queue before sending to  netdev.
524              This  option can be used to configure balance between throughput
525              and latency. Lower values decreases latency while higher  values
526              may be useful to achieve higher performance.
527
528              Defaults to 0 i.e. instant packet sending (latency optimized).
529
530       other_config : pmd-perf-metrics: optional string, either true or false
531              Enables recording of detailed PMD performance metrics for analy‐
532              sis and trouble-shooting. This can have a performance impact  in
533              the order of 1%.
534
535              Defaults to false but can be changed at any time.
536
537       other_config : smc-enable: optional string, either true or false
538              Signature match cache or SMC is a cache between EMC and megaflow
539              cache. It does not store the full key of the flow, so it is more
540              memory  efficient comparing to EMC cache. SMC is especially use‐
541              ful when flow count is larger than EMC capacity.
542
543              Defaults to false but can be changed at any time.
544
545       other_config : pmd-rxq-assign: optional string, one of  cycles,  group,
546       or roundrobin
547              Specifies  how  RX  queues will be automatically assigned to CPU
548              cores. Options:
549
550              cycles Rxqs will be sorted by order of measured  processing  cy‐
551                     cles before being assigned to CPU cores.
552
553              roundrobin
554                     Rxqs will be round-robined across CPU cores.
555
556              group  Rxqs  will  be sorted by order of measured processing cy‐
557                     cles before being assigned to CPU cores with lowest esti‐
558                     mated load.
559
560              The default value is cycles.
561
562              Changing  this  value  will affect an automatic re-assignment of
563              Rxqs to CPUs. Note: Rxqs mapped to CPU cores with pmd-rxq-affin‐
564              ity are unaffected.
565
566       other_config : pmd-rxq-isolate: optional string, either true or false
567              Specifies if a CPU core will be isolated after being pinned with
568              an Rx queue.
569
570              Set this value to false to non-isolate a CPU core  after  it  is
571              pinned  with  an Rxq using pmd-rxq-affinity. This will allow OVS
572              to assign other Rxqs to that CPU core.
573
574              The default value is true.
575
576              This can only be false when pmd-rxq-assign is set to group.
577
578       other_config : n-handler-threads: optional string, containing an  inte‐
579       ger, at least 1
580              Attempts to specify the number of threads for software datapaths
581              to use for handling new flows. Some datapaths may choose to  ig‐
582              nore  this and it will be set to a sensible option for the data‐
583              path type.
584
585              This configuration is per datapath. If you have  more  than  one
586              software  datapath  (e.g.  some  system  bridges and some netdev
587              bridges), then the total number of threads is  n-handler-threads
588              times the number of software datapaths.
589
590       other_config  :  n-revalidator-threads:  optional string, containing an
591       integer, at least 1
592              Attempts to specify the number of threads for software datapaths
593              to  use  for  revalidating flows in the datapath. Some datapaths
594              may choose to ignore this and will set to a sensible option  for
595              the datapath type.
596
597              Typically,  there  is a direct correlation between the number of
598              revalidator threads, and the number  of  flows  allowed  in  the
599              datapath. The default is the number of cpu cores divided by four
600              plus one. If n-handler-threads is set, the  default  changes  to
601              the number of cpu cores minus the number of handler threads.
602
603              This  configuration  is  per datapath. If you have more than one
604              software datapath (e.g. some  system  bridges  and  some  netdev
605              bridges),  then the total number of threads is n-handler-threads
606              times the number of software datapaths.
607
608       other_config : emc-insert-inv-prob: optional string, containing an  in‐
609       teger, in range 0 to 4,294,967,295
610              Specifies  the  inverse probability (1/emc-insert-inv-prob) of a
611              flow being inserted into the Exact Match Cache (EMC). On average
612              one  in every emc-insert-inv-prob packets that generate a unique
613              flow will cause an insertion into the EMC. A value of 1 will re‐
614              sult in an insertion for every flow (1/1 = 100%) whereas a value
615              of zero will result in no insertions and essentially disable the
616              EMC.
617
618              Defaults  to  100 ie. there is (1/100 =) 1% chance of EMC inser‐
619              tion.
620
621       other_config : vlan-limit: optional string, containing an  integer,  at
622       least 0
623              Limits  the  number  of  VLAN headers that can be matched to the
624              specified number. Further VLAN headers will be treated  as  pay‐
625              load, e.g. a packet with more 802.1q headers will match Ethernet
626              type 0x8100.
627
628              Open vSwitch userspace currently supports at most 2  VLANs,  and
629              each  datapath  has  its own limit. If vlan-limit is nonzero, it
630              acts as a further limit.
631
632              If this value is absent, the default is currently 1. This  main‐
633              tains backward compatibility with controllers that were designed
634              for use with Open vSwitch versions earlier than 2.8, which  only
635              supported one VLAN.
636
637       other_config  : bundle-idle-timeout: optional string, containing an in‐
638       teger, at least 1
639              The maximum time (in seconds) that idle bundles will wait to  be
640              expired since it was either opened, modified or closed.
641
642              OpenFlow  specification  mandates the timeout to be at least one
643              second. The default is 10 seconds.
644
645       other_config : offload-rebalance: optional string, either true or false
646              Configures HW offload rebalancing, that  allows  to  dynamically
647              offload  and  un-offload flows while an offload-device is out of
648              resources (OOR). This policy allows flows to be selected for of‐
649              floading based on the packets-per-second (pps) rate of flows.
650
651              Set this value to true to enable this option.
652
653              The  default  value  is  false.  Changing  this  value  requires
654              restarting the daemon.
655
656              This is only relevant if HW offloading is enabled  (hw-offload).
657              When  this policy is enabled, it also requires ’tc-policy’ to be
658              set to ’skip_sw’.
659
660       other_config : pmd-auto-lb: optional string, either true or false
661              Configures PMD Auto Load Balancing that allows automatic assign‐
662              ment  of  RX queues to PMDs if any of PMDs is overloaded (i.e. a
663              processing cycles > other_config:pmd-auto-lb-load-threshold).
664
665              It uses current scheme of cycle based assignment  of  RX  queues
666              that are not statically pinned to PMDs.
667
668              The default value is false.
669
670              Set  this  value  to true to enable this option. It is currently
671              disabled by default and an experimental feature.
672
673              This only comes in effect if cycle based assignment  is  enabled
674              and  there  are  more  than one non-isolated PMDs present and at
675              least one of it polls more than one queue.
676
677       other_config : pmd-auto-lb-rebal-interval: optional string,  containing
678       an integer, in range 0 to 20,000
679              The  minimum  time (in minutes) 2 consecutive PMD Auto Load Bal‐
680              ancing iterations.
681
682              The defaul value is 1 min. If configured to 0 then it  would  be
683              converted to default value i.e. 1 min
684
685              This  option can be configured to avoid frequent trigger of auto
686              load balancing of PMDs. For e.g. set the  value  (in  min)  such
687              that it occurs once in few hours or a day or a week.
688
689       other_config  : pmd-auto-lb-load-threshold: optional string, containing
690       an integer, in range 0 to 100
691              Specifies the minimum PMD thread load threshold (% of  used  cy‐
692              cles)  of any non-isolated PMD threads when a PMD Auto Load Bal‐
693              ance may be triggered.
694
695              The default value is 95%.
696
697       other_config : pmd-auto-lb-improvement-threshold: optional string, con‐
698       taining an integer, in range 0 to 100
699              Specifies  the minimum evaluated % improvement in load distribu‐
700              tion across the non-isolated PMD threads that will allow  a  PMD
701              Auto Load Balance to occur.
702
703              Note, setting this parameter to 0 will always allow an auto load
704              balance to occur regardless of estimated improvement or not.
705
706              The default value is 25%.
707
708       other_config : userspace-tso-enable: optional string,  either  true  or
709       false
710              Set  this value to true to enable userspace support for TCP Seg‐
711              mentation Offloading (TSO). When it is enabled,  the  interfaces
712              can  provide  an  oversized  TCP segment to the datapath and the
713              datapath will offload the TCP segmentation and checksum calcula‐
714              tion to the interfaces when necessary.
715
716              The  default  value  is  false.  Changing  this  value  requires
717              restarting the daemon.
718
719              The feature only works if Open vSwitch is built with  DPDK  sup‐
720              port.
721
722              The feature is considered experimental.
723
724     Status:
725
726       next_cfg: integer
727              Sequence  number for client to increment. When a client modifies
728              any part of the database configuration and wishes  to  wait  for
729              Open  vSwitch  to  finish applying the changes, it may increment
730              this sequence number.
731
732       cur_cfg: integer
733              Sequence number that Open vSwitch sets to the current  value  of
734              next_cfg  after  it  finishes  applying  a  set of configuration
735              changes.
736
737       dpdk_initialized: boolean
738              True if other_config:dpdk-init is set to true and the  DPDK  li‐
739              brary is successfully initialized.
740
741     Statistics:
742
743       The  statistics  column contains key-value pairs that report statistics
744       about a system running an Open vSwitch. These are updated  periodically
745       (currently, every 5 seconds). Key-value pairs that cannot be determined
746       or that do not apply to a platform are omitted.
747
748       other_config : enable-statistics: optional string, either true or false
749              Statistics are disabled by default to avoid overhead in the com‐
750              mon case when statistics gathering is not useful. Set this value
751              to true to enable populating the statistics column or  to  false
752              to explicitly disable it.
753
754       statistics : cpu: optional string, containing an integer, at least 1
755              Number of CPU processors, threads, or cores currently online and
756              available to the operating system on which Open vSwitch is  run‐
757              ning, as an integer. This may be less than the number installed,
758              if some are not online or if they are not available to the oper‐
759              ating system.
760
761              Open  vSwitch userspace processes are not multithreaded, but the
762              Linux kernel-based datapath is.
763
764       statistics : load_average: optional string
765              A comma-separated list of three floating-point  numbers,  repre‐
766              senting  the system load average over the last 1, 5, and 15 min‐
767              utes, respectively.
768
769       statistics : memory: optional string
770              A comma-separated list of integers, each of which  represents  a
771              quantity  of  memory  in  kilobytes that describes the operating
772              system on which Open vSwitch is running.  In  respective  order,
773              these values are:
774
775              1.  Total amount of RAM allocated to the OS.
776
777              2.  RAM allocated to the OS that is in use.
778
779              3.  RAM  that  can be flushed out to disk or otherwise discarded
780                  if that space is needed for another purpose. This number  is
781                  necessarily less than or equal to the previous value.
782
783              4.  Total disk space allocated for swap.
784
785              5.  Swap space currently in use.
786
787              On Linux, all five values can be determined and are included. On
788              other operating systems, only the first two values can be deter‐
789              mined, so the list will only have two values.
790
791       statistics : process_NAME: optional string
792              One  such  key-value pair, with NAME replaced by a process name,
793              will exist for each running Open vSwitch  daemon  process,  with
794              name  replaced by the daemon’s name (e.g. process_ovs-vswitchd).
795              The value is a comma-separated list of  integers.  The  integers
796              represent  the  following, with memory measured in kilobytes and
797              durations in milliseconds:
798
799              1.  The process’s virtual memory size.
800
801              2.  The process’s resident set size.
802
803              3.  The amount of user and  system  CPU  time  consumed  by  the
804                  process.
805
806              4.  The  number  of  times that the process has crashed and been
807                  automatically restarted by the monitor.
808
809              5.  The duration since the process was started.
810
811              6.  The duration for which the process has been running.
812
813              The interpretation of some of these values  depends  on  whether
814              the  process was started with the --monitor. If it was not, then
815              the crash count will always be 0 and the two durations will  al‐
816              ways  be  the same. If --monitor was given, then the crash count
817              may be positive; if it is, the latter duration is the amount  of
818              time since the most recent crash and restart.
819
820              There will be one key-value pair for each file in Open vSwitch’s
821              ``run directory’’ (usually /var/run/openvswitch) whose name ends
822              in .pid, whose contents are a process ID, and which is locked by
823              a running process. The name is taken from the pidfile’s name.
824
825              Currently Open vSwitch is only able to obtain all of  the  above
826              detail  on  Linux  systems. On other systems, the same key-value
827              pairs will be present but the values will always  be  the  empty
828              string.
829
830       statistics : file_systems: optional string
831              A  space-separated  list  of information on local, writable file
832              systems. Each item in the list describes  one  file  system  and
833              consists in turn of a comma-separated list of the following:
834
835              1.  Mount point, e.g. / or /var/log. Any spaces or commas in the
836                  mount point are replaced by underscores.
837
838              2.  Total size, in kilobytes, as an integer.
839
840              3.  Amount of storage in use, in kilobytes, as an integer.
841
842              This key-value pair is omitted if there are no  local,  writable
843              file  systems or if Open vSwitch cannot obtain the needed infor‐
844              mation.
845
846     Version Reporting:
847
848       These columns report the types and versions of the hardware  and  soft‐
849       ware running Open vSwitch. We recommend in general that software should
850       test whether specific features are supported instead of relying on ver‐
851       sion  number  checks. These values are primarily intended for reporting
852       to human administrators.
853
854       ovs_version: optional string
855              The Open vSwitch version number, e.g. 1.1.0.
856
857       db_version: optional string
858              The database schema  version  number,  e.g.  1.2.3.  See  ovsdb-
859              tool(1) for an explanation of the numbering scheme.
860
861              The  schema  version  is  part of the database schema, so it can
862              also be retrieved by fetching the schema using the Open  vSwitch
863              database protocol.
864
865       system_type: optional string
866              An  identifier  for  the  type  of  system  on top of which Open
867              vSwitch runs, e.g. XenServer or KVM.
868
869              System integrators are responsible for choosing and  setting  an
870              appropriate value for this column.
871
872       system_version: optional string
873              The  version  of  the  system  identified  by  system_type, e.g.
874              5.6.100-39265p on XenServer 5.6.100 build 39265.
875
876              System integrators are responsible for choosing and  setting  an
877              appropriate value for this column.
878
879       dpdk_version: optional string
880              The version of the linked DPDK library.
881
882     Capabilities:
883
884       These columns report capabilities of the Open vSwitch instance.
885
886       datapath_types: set of strings
887              This column reports the different dpifs registered with the sys‐
888              tem. These are the values that this  instance  supports  in  the
889              datapath_type column of the Bridge table.
890
891       iface_types: set of strings
892              This  column  reports  the different netdevs registered with the
893              system. These are the values that this instance supports in  the
894              type column of the Interface table.
895
896     Database Configuration:
897
898       These   columns   primarily   configure   the   Open  vSwitch  database
899       (ovsdb-server), not the Open vSwitch switch (ovs-vswitchd).  The  OVSDB
900       database also uses the ssl settings.
901
902       The  Open vSwitch switch does read the database configuration to deter‐
903       mine remote IP addresses to which in-band control should apply.
904
905       manager_options: set of Managers
906              Database clients to  which  the  Open  vSwitch  database  server
907              should  connect or to which it should listen, along with options
908              for how these connections should be configured. See the  Manager
909              table for more information.
910
911              For  this column to serve its purpose, ovsdb-server must be con‐
912              figured to honor it. The easiest way to do  this  is  to  invoke
913              ovsdb-server         with         the        option        --re‐
914              mote=db:Open_vSwitch,Open_vSwitch,manager_options  The   startup
915              scripts that accompany Open vSwitch do this by default.
916
917     IPsec:
918
919       These  settings  control the global configuration of IPsec tunnels. The
920       options column of the Interface table configures IPsec  for  individual
921       tunnels.
922
923       OVS  IPsec  supports  the following three forms of authentication. Cur‐
924       rently, all IPsec tunnels must use the same form:
925
926              1.  Pre-shared keys: Omit the global settings. On  each  tunnel,
927                  set options:psk.
928
929              2.  Self-signed  certificates:  Set the private_key and certifi‐
930                  cate  global  settings.  On  each  tunnel,  set  options:re‐
931                  mote_cert. The remote certificate can be self-signed.
932
933              3.  CA-signed  certificates:  Set all of the global settings. On
934                  each tunnel, set options:remote_name to the common name (CN)
935                  of  the  remote  certificate. The remote certificate must be
936                  signed by the CA.
937
938       other_config : private_key: optional string
939              Name of a PEM file  containing  the  private  key  used  as  the
940              switch’s identity for IPsec tunnels.
941
942       other_config : certificate: optional string
943              Name  of  a PEM file containing a certificate that certifies the
944              switch’s private key, and identifies a  trustworthy  switch  for
945              IPsec  tunnels. The certificate must be x.509 version 3 and with
946              the string in common name (CN) also set in the subject  alterna‐
947              tive name (SAN).
948
949       other_config : ca_cert: optional string
950              Name  of a PEM file containing the CA certificate used to verify
951              that a remote switch of the IPsec tunnel is trustworthy.
952
953     Plaintext Tunnel Policy:
954
955       When an IPsec tunnel is configured in this database, multiple  indepen‐
956       dent  components  take responsibility for implementing it. ovs-vswitchd
957       and its datapath handle packet forwarding to the tunnel and a  separate
958       daemon  pushes the tunnel’s IPsec policy configuration to the kernel or
959       other entity that implements it. There is a race: if the former config‐
960       uration  completes  before  the  latter, then packets sent by the local
961       host over the tunnel can be transmitted in plaintext. Using  this  set‐
962       ting, OVS users can avoid this undesirable situation.
963
964       other_config : ipsec_skb_mark: optional string
965              This setting takes the form value/mask. If it is specified, then
966              the skb_mark field in every outgoing  tunneled  packet  sent  in
967              plaintext  is compared against it and, if it matches, the packet
968              is dropped. This is a global setting that is  applied  to  every
969              tunneled  packet,  regardless of whether IPsec encryption is en‐
970              abled for the tunnel, the type of tunnel, or whether OVS is  in‐
971              volved.
972
973              Example policies:
974
975              1/1    Drop all unencrypted tunneled packets in which the least-
976                     significant bit of skb_mark is 1. This would be a  useful
977                     policy given an OpenFlow flow table that sets skb_mark to
978                     1 for traffic  that  should  be  encrypted.  The  default
979                     skb_mark is 0, so this would not affect other traffic.
980
981              0/1    Drop all unencrypted tunneled packets in which the least-
982                     significant bit of skb_mark is 0. This would be a  useful
983                     policy if no unencrypted tunneled traffic should exit the
984                     system  without  being  specially  permitted  by  setting
985                     skb_mark to 1.
986
987              (empty)
988                     If  this  setting is empty or unset, then all unencrypted
989                     tunneled packets are transmitted in the usual way.
990
991     Common Columns:
992
993       The overall purpose of these columns is described under Common  Columns
994       at the beginning of this document.
995
996       other_config: map of string-string pairs
997
998       external_ids: map of string-string pairs
999

Bridge TABLE

1001       Configuration for a bridge within an Open_vSwitch.
1002
1003       A  Bridge  record  represents  an  Ethernet  switch  with  one  or more
1004       ``ports,’’ which are the Port records pointed to by the Bridge’s  ports
1005       column.
1006
1007   Summary:
1008       Core Features:
1009         name                        immutable  string  (must be unique within
1010                                     table)
1011         ports                       set of Ports
1012         mirrors                     set of Mirrors
1013         netflow                     optional NetFlow
1014         sflow                       optional sFlow
1015         ipfix                       optional IPFIX
1016         flood_vlans                 set of up to 4,096 integers, in  range  0
1017                                     to 4,095
1018         auto_attach                 optional AutoAttach
1019       OpenFlow Configuration:
1020         controller                  set of Controllers
1021         flow_tables                 map  of  integer-Flow_Table pairs, key in
1022                                     range 0 to 254
1023         fail_mode                   optional string, either secure or  stand‐
1024                                     alone
1025         datapath_id                 optional string
1026         datapath_version            string
1027         other_config : datapath-id  optional string
1028         other_config : dp-desc      optional string
1029         other_config : dp-sn        optional string
1030         other_config : disable-in-band
1031                                     optional string, either true or false
1032         other_config : in-band-queue
1033                                     optional  string,  containing an integer,
1034                                     in range 0 to 4,294,967,295
1035         other_config : controller-queue-size
1036                                     optional string, containing  an  integer,
1037                                     in range 1 to 512
1038         protocols                   set  of strings, one of OpenFlow10, Open‐
1039                                     Flow11,  OpenFlow12,  OpenFlow13,   Open‐
1040                                     Flow14, or OpenFlow15
1041       Spanning Tree Configuration:
1042         STP Configuration:
1043            stp_enable               boolean
1044            other_config : stp-system-id
1045                                     optional string
1046            other_config : stp-priority
1047                                     optional  string,  containing an integer,
1048                                     in range 0 to 65,535
1049            other_config : stp-hello-time
1050                                     optional string, containing  an  integer,
1051                                     in range 1 to 10
1052            other_config : stp-max-age
1053                                     optional  string,  containing an integer,
1054                                     in range 6 to 40
1055            other_config : stp-forward-delay
1056                                     optional string, containing  an  integer,
1057                                     in range 4 to 30
1058            other_config : mcast-snooping-aging-time
1059                                     optional  string,  containing an integer,
1060                                     at least 1
1061            other_config : mcast-snooping-table-size
1062                                     optional string, containing  an  integer,
1063                                     at least 1
1064            other_config : mcast-snooping-disable-flood-unregistered
1065                                     optional string, either true or false
1066         STP Status:
1067            status : stp_bridge_id   optional string
1068            status : stp_designated_root
1069                                     optional string
1070            status : stp_root_path_cost
1071                                     optional string
1072       Rapid Spanning Tree:
1073         RSTP Configuration:
1074            rstp_enable              boolean
1075            other_config : rstp-address
1076                                     optional string
1077            other_config : rstp-priority
1078                                     optional  string,  containing an integer,
1079                                     in range 0 to 61,440
1080            other_config : rstp-ageing-time
1081                                     optional string, containing  an  integer,
1082                                     in range 10 to 1,000,000
1083            other_config : rstp-force-protocol-version
1084                                     optional string, containing an integer
1085            other_config : rstp-max-age
1086                                     optional  string,  containing an integer,
1087                                     in range 6 to 40
1088            other_config : rstp-forward-delay
1089                                     optional string, containing  an  integer,
1090                                     in range 4 to 30
1091            other_config : rstp-transmit-hold-count
1092                                     optional  string,  containing an integer,
1093                                     in range 1 to 10
1094         RSTP Status:
1095            rstp_status : rstp_bridge_id
1096                                     optional string
1097            rstp_status : rstp_root_id
1098                                     optional string
1099            rstp_status : rstp_root_path_cost
1100                                     optional string, containing  an  integer,
1101                                     at least 0
1102            rstp_status : rstp_designated_id
1103                                     optional string
1104            rstp_status : rstp_designated_port_id
1105                                     optional string
1106            rstp_status : rstp_bridge_port_id
1107                                     optional string
1108       Multicast Snooping Configuration:
1109         mcast_snooping_enable       boolean
1110       Other Features:
1111         datapath_type               string
1112         external_ids : bridge-id    optional string
1113         external_ids : xs-network-uuids
1114                                     optional string
1115         other_config : hwaddr       optional string
1116         other_config : forward-bpdu
1117                                     optional string, either true or false
1118         other_config : mac-aging-time
1119                                     optional  string,  containing an integer,
1120                                     at least 1
1121         other_config : mac-table-size
1122                                     optional string, containing  an  integer,
1123                                     at least 1
1124       Common Columns:
1125         other_config                map of string-string pairs
1126         external_ids                map of string-string pairs
1127
1128   Details:
1129     Core Features:
1130
1131       name: immutable string (must be unique within table)
1132              Bridge  identifier. Must be unique among the names of ports, in‐
1133              terfaces, and bridges on a host.
1134
1135              The name must be alphanumeric and must not  contain  forward  or
1136              backward  slashes.  The  name of a bridge is also the name of an
1137              Interface (and a Port) within the bridge, so the restrictions on
1138              the  name column in the Interface table, particularly on length,
1139              also apply to bridge names. Refer to the documentation  for  In‐
1140              terface names for details.
1141
1142       ports: set of Ports
1143              Ports included in the bridge.
1144
1145       mirrors: set of Mirrors
1146              Port mirroring configuration.
1147
1148       netflow: optional NetFlow
1149              NetFlow configuration.
1150
1151       sflow: optional sFlow
1152              sFlow(R) configuration.
1153
1154       ipfix: optional IPFIX
1155              IPFIX configuration.
1156
1157       flood_vlans: set of up to 4,096 integers, in range 0 to 4,095
1158              VLAN  IDs  of VLANs on which MAC address learning should be dis‐
1159              abled, so that packets are flooded instead of being sent to spe‐
1160              cific  ports  that  are believed to contain packets’ destination
1161              MACs. This should ordinarily be used to disable MAC learning  on
1162              VLANs  used  for  mirroring (RSPAN VLANs). It may also be useful
1163              for debugging.
1164
1165              SLB bonding (see the bond_mode column in the Port table) is  in‐
1166              compatible with flood_vlans. Consider using another bonding mode
1167              or a different type of mirror instead.
1168
1169       auto_attach: optional AutoAttach
1170              Auto Attach configuration.
1171
1172     OpenFlow Configuration:
1173
1174       controller: set of Controllers
1175              OpenFlow controller set. If unset, then no OpenFlow  controllers
1176              will be used.
1177
1178              If  there  are  primary controllers, removing all of them clears
1179              the OpenFlow flow tables, group table, and meter table. If there
1180              are no primary controllers, adding one also clears these tables.
1181              Other changes to the set of controllers, such as adding  or  re‐
1182              moving  a  service controller, adding another primary controller
1183              to supplement an existing primary controller, or  removing  only
1184              one of two primary controllers, have no effect on these tables.
1185
1186       flow_tables: map of integer-Flow_Table pairs, key in range 0 to 254
1187              Configuration  for OpenFlow tables. Each pair maps from an Open‐
1188              Flow table ID to configuration for that table.
1189
1190       fail_mode: optional string, either secure or standalone
1191              When a controller is configured, it is, ordinarily,  responsible
1192              for  setting up all flows on the switch. Thus, if the connection
1193              to the controller fails, no new network connections can  be  set
1194              up.  If the connection to the controller stays down long enough,
1195              no packets can pass through the switch at all. This setting  de‐
1196              termines  the  switch’s  response to such a situation. It may be
1197              set to one of the following:
1198
1199              standalone
1200                     If no message is received from the controller  for  three
1201                     times   the   inactivity  probe  interval  (see  inactiv‐
1202                     ity_probe), then Open vSwitch will take over responsibil‐
1203                     ity  for  setting  up  flows.  In this mode, Open vSwitch
1204                     causes the bridge to act like  an  ordinary  MAC-learning
1205                     switch. Open vSwitch will continue to retry connecting to
1206                     the controller in the background and, when the connection
1207                     succeeds, it will discontinue its standalone behavior.
1208
1209              secure Open  vSwitch  will  not set up flows on its own when the
1210                     controller connection fails or when  no  controllers  are
1211                     defined.  The bridge will continue to retry connecting to
1212                     any defined controllers forever.
1213
1214              The default is standalone if the value is unset, but future ver‐
1215              sions of Open vSwitch may change the default.
1216
1217              The standalone mode can create forwarding loops on a bridge that
1218              has more than one uplink port unless STP is  enabled.  To  avoid
1219              loops on such a bridge, configure secure mode or enable STP (see
1220              stp_enable).
1221
1222              The fail_mode setting applies only to primary controllers.  When
1223              more  than  one  primary  controller is configured, fail_mode is
1224              considered only when none of the configured controllers  can  be
1225              contacted.
1226
1227              Changing  fail_mode  when  no primary controllers are configured
1228              clears the OpenFlow flow tables, group table, and meter table.
1229
1230       datapath_id: optional string
1231              Reports the OpenFlow datapath ID in use. Exactly 16 hex  digits.
1232              (Setting  this  column  has  no  useful  effect.  Set other-con‐
1233              fig:datapath-id instead.)
1234
1235       datapath_version: string
1236              Reports the datapath version.  This  column  is  maintained  for
1237              backwards  compatibility.  The preferred locatation is the data‐
1238              path_id column of the Datapath table. The full documentation for
1239              this column is there.
1240
1241       other_config : datapath-id: optional string
1242              Overrides  the  default  OpenFlow datapath ID, setting it to the
1243              specified value specified in hex. The value must either  have  a
1244              0x prefix or be exactly 16 hex digits long. May not be all-zero.
1245
1246       other_config : dp-desc: optional string
1247              Human  readable  description  of  datapath.  It is a maximum 256
1248              byte-long free-form string to describe the datapath  for  debug‐
1249              ging  purposes, e.g. switch3 in room 3120. The value is returned
1250              by  the  switch  as  a  part  of  reply  to  OFPMP_DESC  request
1251              (ofp_desc).  The  OpenFlow  specification (e.g. 1.3.5) describes
1252              the  ofp_desc  structure  to  contaion  "NULL  terminated  ASCII
1253              strings".  For  the compatibility reasons no more than 255 ASCII
1254              characters should be used.
1255
1256       other_config : dp-sn: optional string
1257              Serial number. It is a maximum 32 byte-long free-form string  to
1258              provide  an  additional  switch identification. The value is re‐
1259              turned by the switch as a part of reply  to  OFPMP_DESC  request
1260              (ofp_desc).  Same  as mentioned in the description of other-con‐
1261              fig:dp-desc, the string should be no more than 31 ASCII  charac‐
1262              ters for the compatibility.
1263
1264       other_config : disable-in-band: optional string, either true or false
1265              If set to true, disable in-band control on the bridge regardless
1266              of controller and manager settings.
1267
1268       other_config : in-band-queue: optional string, containing  an  integer,
1269       in range 0 to 4,294,967,295
1270              A  queue  ID  as  a  nonnegative integer. This sets the OpenFlow
1271              queue ID that will be used by flows set up by in-band control on
1272              this bridge. If unset, or if the port used by an in-band control
1273              flow does not have QoS configured, or if the port does not  have
1274              a  queue  with  the  specified ID, the default queue is used in‐
1275              stead.
1276
1277       other_config : controller-queue-size: optional  string,  containing  an
1278       integer, in range 1 to 512
1279              This  sets the maximum size of the queue of packets that need to
1280              be sent to the OpenFlow management controller. The value must be
1281              less than 512. If not specified the queue size is limited to 100
1282              packets by default. Note: increasing the queue size might have a
1283              negative impact on latency.
1284
1285       protocols:  set  of strings, one of OpenFlow10, OpenFlow11, OpenFlow12,
1286       OpenFlow13, OpenFlow14, or OpenFlow15
1287              List of OpenFlow protocols that may be used when  negotiating  a
1288              connection  with a controller. OpenFlow 1.0, 1.1, 1.2, 1.3, 1.4,
1289              and 1.5 are enabled by default if this column is empty.
1290
1291     Spanning Tree Configuration:
1292
1293       The IEEE 802.1D Spanning Tree Protocol (STP) is a network protocol that
1294       ensures  loop-free topologies. It allows redundant links to be included
1295       in the network to provide automatic backup paths if  the  active  links
1296       fails.
1297
1298       These  settings  configure the slower-to-converge but still widely sup‐
1299       ported  version  of  Spanning  Tree  Protocol,   sometimes   known   as
1300       802.1D-1998.  Open  vSwitch also supports the newer Rapid Spanning Tree
1301       Protocol (RSTP), documented later in the section titled Rapid  Spanning
1302       Tree Configuration.
1303
1304     STP Configuration:
1305
1306       stp_enable: boolean
1307              Enable  spanning tree on the bridge. By default, STP is disabled
1308              on bridges. Bond, internal, and mirror ports are  not  supported
1309              and will not participate in the spanning tree.
1310
1311              STP  and  RSTP are mutually exclusive. If both are enabled, RSTP
1312              will be used.
1313
1314       other_config : stp-system-id: optional string
1315              The bridge’s STP identifier (the lower 48 bits of the bridge-id)
1316              in the form xx:xx:xx:xx:xx:xx. By default, the identifier is the
1317              MAC address of the bridge.
1318
1319       other_config : stp-priority: optional string, containing an integer, in
1320       range 0 to 65,535
1321              The  bridge’s  relative  priority value for determining the root
1322              bridge (the upper 16 bits of the bridge-id). A bridge  with  the
1323              lowest  bridge-id  is elected the root. By default, the priority
1324              is 0x8000.
1325
1326       other_config : stp-hello-time: optional string, containing an  integer,
1327       in range 1 to 10
1328              The  interval  between transmissions of hello messages by desig‐
1329              nated ports, in seconds. By default the hello interval is 2 sec‐
1330              onds.
1331
1332       other_config  : stp-max-age: optional string, containing an integer, in
1333       range 6 to 40
1334              The maximum age of the information  transmitted  by  the  bridge
1335              when  it is the root bridge, in seconds. By default, the maximum
1336              age is 20 seconds.
1337
1338       other_config : stp-forward-delay: optional string, containing an  inte‐
1339       ger, in range 4 to 30
1340              The  delay  to  wait  between  transitioning root and designated
1341              ports to forwarding, in seconds. By default, the forwarding  de‐
1342              lay is 15 seconds.
1343
1344       other_config  :  mcast-snooping-aging-time: optional string, containing
1345       an integer, at least 1
1346              The maximum number of seconds to retain a multicast snooping en‐
1347              try  for  which  no  packets have been seen. The default is cur‐
1348              rently 300 seconds (5 minutes).  The  value,  if  specified,  is
1349              forced into a reasonable range, currently 15 to 3600 seconds.
1350
1351       other_config  :  mcast-snooping-table-size: optional string, containing
1352       an integer, at least 1
1353              The maximum number of multicast snooping addresses to learn. The
1354              default  is  currently  2048. The value, if specified, is forced
1355              into a reasonable range, currently 10 to 1,000,000.
1356
1357       other_config  :   mcast-snooping-disable-flood-unregistered:   optional
1358       string, either true or false
1359              If set to false, unregistered multicast packets are forwarded to
1360              all ports. If set to true, unregistered  multicast  packets  are
1361              forwarded to ports connected to multicast routers.
1362
1363     STP Status:
1364
1365       These  key-value  pairs  report  the  status  of  802.1D-1998. They are
1366       present only if STP is enabled (via the stp_enable column).
1367
1368       status : stp_bridge_id: optional string
1369              The bridge ID used in spanning tree advertisements, in the  form
1370              xxxx.yyyyyyyyyyyy  where the xs are the STP priority, the ys are
1371              the STP system ID, and each x and y is a hex digit.
1372
1373       status : stp_designated_root: optional string
1374              The designated root for this spanning tree, in the same form  as
1375              status:stp_bridge_id. If this bridge is the root, this will have
1376              the same value as status:stp_bridge_id, otherwise it  will  dif‐
1377              fer.
1378
1379       status : stp_root_path_cost: optional string
1380              The  path cost of reaching the designated bridge. A lower number
1381              is better. The value is 0 if this bridge is the root,  otherwise
1382              it is higher.
1383
1384     Rapid Spanning Tree:
1385
1386       Rapid  Spanning  Tree  Protocol (RSTP), like STP, is a network protocol
1387       that ensures loop-free topologies. RSTP superseded STP with the  publi‐
1388       cation of 802.1D-2004. Compared to STP, RSTP converges more quickly and
1389       recovers more quickly from failures.
1390
1391     RSTP Configuration:
1392
1393       rstp_enable: boolean
1394              Enable Rapid Spanning Tree on the bridge. By  default,  RSTP  is
1395              disabled  on  bridges.  Bond, internal, and mirror ports are not
1396              supported and will not participate in the spanning tree.
1397
1398              STP and RSTP are mutually exclusive. If both are  enabled,  RSTP
1399              will be used.
1400
1401       other_config : rstp-address: optional string
1402              The  bridge’s  RSTP address (the lower 48 bits of the bridge-id)
1403              in the form xx:xx:xx:xx:xx:xx. By default, the  address  is  the
1404              MAC address of the bridge.
1405
1406       other_config  :  rstp-priority: optional string, containing an integer,
1407       in range 0 to 61,440
1408              The bridge’s relative priority value for  determining  the  root
1409              bridge  (the  upper 16 bits of the bridge-id). A bridge with the
1410              lowest bridge-id is elected the root. By default,  the  priority
1411              is  0x8000  (32768).  This value needs to be a multiple of 4096,
1412              otherwise it’s rounded to the nearest inferior one.
1413
1414       other_config : rstp-ageing-time: optional string, containing  an  inte‐
1415       ger, in range 10 to 1,000,000
1416              The  Ageing  Time parameter for the Bridge. The default value is
1417              300 seconds.
1418
1419       other_config : rstp-force-protocol-version: optional string, containing
1420       an integer
1421              The  Force  Protocol  Version parameter for the Bridge. This can
1422              take the value 0 (STP Compatibility mode)  or  2  (the  default,
1423              normal operation).
1424
1425       other_config : rstp-max-age: optional string, containing an integer, in
1426       range 6 to 40
1427              The maximum age of the information  transmitted  by  the  Bridge
1428              when it is the Root Bridge. The default value is 20.
1429
1430       other_config : rstp-forward-delay: optional string, containing an inte‐
1431       ger, in range 4 to 30
1432              The delay used by STP Bridges to transition Root and  Designated
1433              Ports to Forwarding. The default value is 15.
1434
1435       other_config : rstp-transmit-hold-count: optional string, containing an
1436       integer, in range 1 to 10
1437              The Transmit Hold Count used by the Port Transmit state  machine
1438              to limit transmission rate. The default value is 6.
1439
1440     RSTP Status:
1441
1442       These  key-value  pairs  report  the  status  of  802.1D-2004. They are
1443       present only if RSTP is enabled (via the rstp_enable column).
1444
1445       rstp_status : rstp_bridge_id: optional string
1446              The bridge ID used in rapid spanning tree advertisements, in the
1447              form x.yyy.zzzzzzzzzzzz where x is the RSTP priority, the ys are
1448              a locally assigned system ID extension, the zs are the STP  sys‐
1449              tem ID, and each x, y, or z is a hex digit.
1450
1451       rstp_status : rstp_root_id: optional string
1452              The  root  of  this spanning tree, in the same form as rstp_sta‐
1453              tus:rstp_bridge_id. If this bridge is the root, this  will  have
1454              the  same value as rstp_status:rstp_bridge_id, otherwise it will
1455              differ.
1456
1457       rstp_status : rstp_root_path_cost: optional string, containing an inte‐
1458       ger, at least 0
1459              The  path  cost  of reaching the root. A lower number is better.
1460              The value is 0 if this bridge  is  the  root,  otherwise  it  is
1461              higher.
1462
1463       rstp_status : rstp_designated_id: optional string
1464              The   RSTP   designated  ID,  in  the  same  form  as  rstp_sta‐
1465              tus:rstp_bridge_id.
1466
1467       rstp_status : rstp_designated_port_id: optional string
1468              The RSTP designated port ID, as a 4-digit hex number.
1469
1470       rstp_status : rstp_bridge_port_id: optional string
1471              The RSTP bridge port ID, as a 4-digit hex number.
1472
1473     Multicast Snooping Configuration:
1474
1475       Multicast snooping (RFC 4541) monitors the  Internet  Group  Management
1476       Protocol  (IGMP) and Multicast Listener Discovery traffic between hosts
1477       and multicast routers. The switch  uses  what  IGMP  and  MLD  snooping
1478       learns  to  forward  multicast traffic only to interfaces that are con‐
1479       nected to interested receivers. Currently it supports  IGMPv1,  IGMPv2,
1480       IGMPv3, MLDv1 and MLDv2 protocols.
1481
1482       mcast_snooping_enable: boolean
1483              Enable multicast snooping on the bridge. For now, the default is
1484              disabled.
1485
1486     Other Features:
1487
1488       datapath_type: string
1489              Name of datapath provider. The kernel datapath has type  system.
1490              The  userspace  datapath has type netdev. A manager may refer to
1491              the datapath_types column of the Open_vSwitch table for  a  list
1492              of the types accepted by this Open vSwitch instance.
1493
1494       external_ids : bridge-id: optional string
1495              A unique identifier of the bridge. On Citrix XenServer this will
1496              commonly be the same as external_ids:xs-network-uuids.
1497
1498       external_ids : xs-network-uuids: optional string
1499              Semicolon-delimited set of universally unique identifier(s)  for
1500              the  network  with  which  this bridge is associated on a Citrix
1501              XenServer host. The network identifiers are RFC  4122  UUIDs  as
1502              displayed by, e.g., xe network-list.
1503
1504       other_config : hwaddr: optional string
1505              An  Ethernet  address  in  the form xx:xx:xx:xx:xx:xx to set the
1506              hardware address of the local port and  influence  the  datapath
1507              ID.
1508
1509       other_config : forward-bpdu: optional string, either true or false
1510              Controls  forwarding  of  BPDUs and other network control frames
1511              when NORMAL action is invoked. When this option is false or  un‐
1512              set,  frames  with reserved Ethernet addresses (see table below)
1513              will not be forwarded. When this option  is  true,  such  frames
1514              will not be treated specially.
1515
1516              The above general rule has the following exceptions:
1517
1518              •      If  STP is enabled on the bridge (see the stp_enable col‐
1519                     umn in the Bridge table), the bridge  processes  all  re‐
1520                     ceived  STP  packets and never passes them to OpenFlow or
1521                     forwards them. This is true even if STP is disabled on an
1522                     individual port.
1523
1524              •      If  LLDP  is enabled on an interface (see the lldp column
1525                     in the Interface table), the interface processes received
1526                     LLDP  packets  and  never passes them to OpenFlow or for‐
1527                     wards them.
1528
1529              Set this option to true if the Open vSwitch bridge connects dif‐
1530              ferent Ethernet networks and is not configured to participate in
1531              STP.
1532
1533              This option affects packets with the following  destination  MAC
1534              addresses:
1535
1536              01:80:c2:00:00:00
1537                     IEEE 802.1D Spanning Tree Protocol (STP).
1538
1539              01:80:c2:00:00:01
1540                     IEEE Pause frame.
1541
1542              01:80:c2:00:00:0x
1543                     Other reserved protocols.
1544
1545              00:e0:2b:00:00:00
1546                     Extreme Discovery Protocol (EDP).
1547
1548              00:e0:2b:00:00:04 and 00:e0:2b:00:00:06
1549                     Ethernet Automatic Protection Switching (EAPS).
1550
1551              01:00:0c:cc:cc:cc
1552                     Cisco  Discovery  Protocol  (CDP), VLAN Trunking Protocol
1553                     (VTP), Dynamic Trunking Protocol (DTP), Port  Aggregation
1554                     Protocol (PAgP), and others.
1555
1556              01:00:0c:cc:cc:cd
1557                     Cisco Shared Spanning Tree Protocol PVSTP+.
1558
1559              01:00:0c:cd:cd:cd
1560                     Cisco STP Uplink Fast.
1561
1562              01:00:0c:00:00:00
1563                     Cisco Inter Switch Link.
1564
1565              01:00:0c:cc:cc:cx
1566                     Cisco CFM.
1567
1568       other_config  : mac-aging-time: optional string, containing an integer,
1569       at least 1
1570              The maximum number of seconds to retain a MAC learning entry for
1571              which  no  packets  have been seen. The default is currently 300
1572              seconds (5 minutes). The value, if specified, is forced  into  a
1573              reasonable range, currently 15 to 3600 seconds.
1574
1575              A  short  MAC aging time allows a network to more quickly detect
1576              that a host is no longer connected to a switch port. However, it
1577              also  makes it more likely that packets will be flooded unneces‐
1578              sarily, when they are addressed to a connected host that  rarely
1579              transmits packets. To reduce the incidence of unnecessary flood‐
1580              ing, use a MAC aging time longer than the  maximum  interval  at
1581              which a host will ordinarily transmit packets.
1582
1583       other_config  : mac-table-size: optional string, containing an integer,
1584       at least 1
1585              The maximum number of MAC addresses to  learn.  The  default  is
1586              currently  8192.  The value, if specified, is forced into a rea‐
1587              sonable range, currently 10 to 1,000,000.
1588
1589     Common Columns:
1590
1591       The overall purpose of these columns is described under Common  Columns
1592       at the beginning of this document.
1593
1594       other_config: map of string-string pairs
1595
1596       external_ids: map of string-string pairs
1597

Port TABLE

1599       A port within a Bridge.
1600
1601       Most  commonly, a port has exactly one ``interface,’’ pointed to by its
1602       interfaces column. Such a port logically corresponds to  a  port  on  a
1603       physical  Ethernet  switch.  A  port  with more than one interface is a
1604       ``bonded port’’ (see Bonding Configuration).
1605
1606       Some properties that one might think as belonging to a port  are  actu‐
1607       ally part of the port’s Interface members.
1608
1609   Summary:
1610       name                          immutable  string  (must be unique within
1611                                     table)
1612       interfaces                    set of 1 or more Interfaces
1613       VLAN Configuration:
1614         vlan_mode                   optional   string,   one    of    access,
1615                                     dot1q-tunnel,  native-tagged,  native-un‐
1616                                     tagged, or trunk
1617         tag                         optional integer, in range 0 to 4,095
1618         trunks                      set of up to 4,096 integers, in  range  0
1619                                     to 4,095
1620         cvlans                      set  of  up to 4,096 integers, in range 0
1621                                     to 4,095
1622         other_config : qinq-ethtype
1623                                     optional string, either 802.1ad or 802.1q
1624         other_config : priority-tags
1625                                     optional string, one of  always,  if-non‐
1626                                     zero, or never
1627       Bonding Configuration:
1628         bond_mode                   optional  string,  one  of active-backup,
1629                                     balance-slb, or balance-tcp
1630         other_config : bond-hash-basis
1631                                     optional string, containing an integer
1632         other_config : lb-output-action
1633                                     optional string, either true or false
1634         other_config : bond-primary
1635                                     optional string
1636         Link Failure Detection:
1637            other_config : bond-detect-mode
1638                                     optional string, either carrier or miimon
1639            other_config : bond-miimon-interval
1640                                     optional string, containing an integer
1641            bond_updelay             integer
1642            bond_downdelay           integer
1643         LACP Configuration:
1644            lacp                     optional string, one of active,  off,  or
1645                                     passive
1646            other_config : lacp-system-id
1647                                     optional string
1648            other_config : lacp-system-priority
1649                                     optional  string,  containing an integer,
1650                                     in range 1 to 65,535
1651            other_config : lacp-time optional string, either fast or slow
1652            other_config : lacp-fallback-ab
1653                                     optional string, either true or false
1654         Rebalancing Configuration:
1655            other_config : bond-rebalance-interval
1656                                     optional string, containing  an  integer,
1657                                     in range 0 to 2,147,483,647
1658         bond_fake_iface             boolean
1659       Spanning Tree Protocol:
1660         STP Configuration:
1661            other_config : stp-enable
1662                                     optional string, either true or false
1663            other_config : stp-port-num
1664                                     optional  string,  containing an integer,
1665                                     in range 1 to 255
1666            other_config : stp-port-priority
1667                                     optional string, containing  an  integer,
1668                                     in range 0 to 255
1669            other_config : stp-path-cost
1670                                     optional  string,  containing an integer,
1671                                     in range 0 to 65,535
1672         STP Status:
1673            status : stp_port_id     optional string
1674            status : stp_state       optional string, one  of  blocking,  dis‐
1675                                     abled, forwarding, learning, or listening
1676            status : stp_sec_in_state
1677                                     optional  string,  containing an integer,
1678                                     at least 0
1679            status : stp_role        optional string, one of alternate, desig‐
1680                                     nated, or root
1681       Rapid Spanning Tree Protocol:
1682         RSTP Configuration:
1683            other_config : rstp-enable
1684                                     optional string, either true or false
1685            other_config : rstp-port-priority
1686                                     optional  string,  containing an integer,
1687                                     in range 0 to 240
1688            other_config : rstp-port-num
1689                                     optional string, containing  an  integer,
1690                                     in range 1 to 4,095
1691            other_config : rstp-port-path-cost
1692                                     optional string, containing an integer
1693            other_config : rstp-port-admin-edge
1694                                     optional string, either true or false
1695            other_config : rstp-port-auto-edge
1696                                     optional string, either true or false
1697            other_config : rstp-port-mcheck
1698                                     optional string, either true or false
1699         RSTP Status:
1700            rstp_status : rstp_port_id
1701                                     optional string
1702            rstp_status : rstp_port_role
1703                                     optional   string,   one   of  Alternate,
1704                                     Backup, Designated, Disabled, or Root
1705            rstp_status : rstp_port_state
1706                                     optional string, one  of  Disabled,  Dis‐
1707                                     carding, Forwarding, or Learning
1708            rstp_status : rstp_designated_bridge_id
1709                                     optional string
1710            rstp_status : rstp_designated_port_id
1711                                     optional string
1712            rstp_status : rstp_designated_path_cost
1713                                     optional string, containing an integer
1714         RSTP Statistics:
1715            rstp_statistics : rstp_tx_count
1716                                     optional integer
1717            rstp_statistics : rstp_rx_count
1718                                     optional integer
1719            rstp_statistics : rstp_error_count
1720                                     optional integer
1721            rstp_statistics : rstp_uptime
1722                                     optional integer
1723       Multicast Snooping:
1724         other_config : mcast-snooping-flood
1725                                     optional string, either true or false
1726         other_config : mcast-snooping-flood-reports
1727                                     optional string, either true or false
1728       Other Features:
1729         qos                         optional QoS
1730         mac                         optional string
1731         fake_bridge                 boolean
1732         protected                   boolean
1733         external_ids : fake-bridge-id-*
1734                                     optional string
1735         other_config : transient    optional string, either true or false
1736       bond_active_slave             optional string
1737       Port Statistics:
1738         Statistics: STP transmit and receive counters:
1739            statistics : stp_tx_count
1740                                     optional integer
1741            statistics : stp_rx_count
1742                                     optional integer
1743            statistics : stp_error_count
1744                                     optional integer
1745       Common Columns:
1746         other_config                map of string-string pairs
1747         external_ids                map of string-string pairs
1748
1749   Details:
1750       name: immutable string (must be unique within table)
1751              Port name. For a non-bonded port, this should be the same as its
1752              interface’s name. Port names must otherwise be unique among  the
1753              names  of ports, interfaces, and bridges on a host. Because port
1754              and interfaces names are usually the same, the  restrictions  on
1755              the  name column in the Interface table, particularly on length,
1756              also apply to port names. Refer to the documentation for  Inter‐
1757              face names for details.
1758
1759       interfaces: set of 1 or more Interfaces
1760              The  port’s  interfaces.  If  there  is more than one, this is a
1761              bonded Port.
1762
1763     VLAN Configuration:
1764
1765       In short, a VLAN (short for ``virtual LAN’’) is a way  to  partition  a
1766       single switch into multiple switches. VLANs can be confusing, so for an
1767       introduction, please refer to the question ``What’s a  VLAN?’’  in  the
1768       Open vSwitch FAQ.
1769
1770       A  VLAN  is  sometimes  encoded into a packet using a 802.1Q or 802.1ad
1771       VLAN header, but every packet is part of some VLAN whether or not it is
1772       encoded  in  the packet. (A packet that appears to have no VLAN is part
1773       of VLAN 0, by default.) As a result, it’s useful to think of a VLAN  as
1774       a metadata property of a packet, separate from how the VLAN is encoded.
1775       For a given port, this column determines how the encoding of  a  packet
1776       that  ingresses  or egresses the port maps to the packet’s VLAN. When a
1777       packet enters the switch, its VLAN is determined based on  its  setting
1778       in  this  column  and its VLAN headers, if any, and then, conceptually,
1779       the VLAN headers are then stripped off. Conversely, when a packet exits
1780       the  switch,  its  VLAN  and the settings in this column determine what
1781       VLAN headers, if any, are pushed onto the packet before it egresses the
1782       port.
1783
1784       The VLAN configuration in this column affects Open vSwitch only when it
1785       is doing ``normal switching.’’ It does not affect flows set  up  by  an
1786       OpenFlow controller, outside of the OpenFlow ``normal action.’’
1787
1788       Bridge ports support the following types of VLAN configuration:
1789
1790              trunk  A  trunk  port  carries  packets on one or more specified
1791                     VLANs specified in the trunks  column  (often,  on  every
1792                     VLAN).  A packet that ingresses on a trunk port is in the
1793                     VLAN specified in its 802.1Q header, or  VLAN  0  if  the
1794                     packet  has  no  802.1Q  header.  A  packet that egresses
1795                     through a trunk port will have an 802.1Q header if it has
1796                     a nonzero VLAN ID.
1797
1798                     Any  packet  that ingresses on a trunk port tagged with a
1799                     VLAN that the port does not trunk is dropped.
1800
1801              access An access port carries packets on exactly one VLAN speci‐
1802                     fied  in  the  tag column. Packets egressing on an access
1803                     port have no 802.1Q header.
1804
1805                     Any packet with an 802.1Q header with a nonzero  VLAN  ID
1806                     that  ingresses  on an access port is dropped, regardless
1807                     of whether the VLAN ID in the header is the access port’s
1808                     VLAN ID.
1809
1810              native-tagged
1811                     A native-tagged port resembles a trunk port, with the ex‐
1812                     ception that a packet without an 802.1Q header  that  in‐
1813                     gresses on a native-tagged port is in the ``native VLAN’’
1814                     (specified in the tag column).
1815
1816              native-untagged
1817                     A native-untagged port resembles  a  native-tagged  port,
1818                     with  the  exception that a packet that egresses on a na‐
1819                     tive-untagged port in the native VLAN will  not  have  an
1820                     802.1Q header.
1821
1822              dot1q-tunnel
1823                     A dot1q-tunnel port is somewhat like an access port. Like
1824                     an access port, it carries packets  on  the  single  VLAN
1825                     specified  in  the  tag  column and this VLAN, called the
1826                     service VLAN, does not appear in  an  802.1Q  header  for
1827                     packets that ingress or egress on the port. The main dif‐
1828                     ference lies in the behavior when packets that include  a
1829                     802.1Q header ingress on the port. Whereas an access port
1830                     drops such packets, a dot1q-tunnel port treats  these  as
1831                     double-tagged with the outer service VLAN tag and the in‐
1832                     ner customer VLAN taken from the  802.1Q  header.  Corre‐
1833                     spondingly,  to  egress  on the port, a packet outer VLAN
1834                     (or only VLAN) must  be  tag,  which  is  removed  before
1835                     egress, which exposes the inner (customer) VLAN if one is
1836                     present.
1837
1838                     If cvlans is set, only allows packets  in  the  specified
1839                     customer VLANs.
1840
1841       A  packet  will only egress through bridge ports that carry the VLAN of
1842       the packet, as described by the rules above.
1843
1844       vlan_mode: optional string, one of access, dot1q-tunnel, native-tagged,
1845       native-untagged, or trunk
1846              The  VLAN mode of the port, as described above. When this column
1847              is empty, a default mode is selected as follows:
1848
1849              •      If tag contains a value, the port is an access port.  The
1850                     trunks column should be empty.
1851
1852              •      Otherwise,  the  port  is a trunk port. The trunks column
1853                     value is honored if it is present.
1854
1855       tag: optional integer, in range 0 to 4,095
1856              For an access port, the port’s implicitly tagged VLAN. For a na‐
1857              tive-tagged  or  native-untagged  port,  the port’s native VLAN.
1858              Must be empty if this is a trunk port.
1859
1860       trunks: set of up to 4,096 integers, in range 0 to 4,095
1861              For a trunk, native-tagged, or native-untagged port, the  802.1Q
1862              VLAN  or  VLANs  that this port trunks; if it is empty, then the
1863              port trunks all VLANs. Must be empty if this is an access port.
1864
1865              A native-tagged or native-untagged port always trunks its native
1866              VLAN, regardless of whether trunks includes that VLAN.
1867
1868       cvlans: set of up to 4,096 integers, in range 0 to 4,095
1869              For  a  dot1q-tunnel port, the customer VLANs that this port in‐
1870              cludes. If this is empty, the port includes all customer VLANs.
1871
1872              For other kinds of ports, this setting is ignored.
1873
1874       other_config : qinq-ethtype: optional string, either 802.1ad or 802.1q
1875              For a dot1q-tunnel port, this is the TPID for the  service  tag,
1876              that  is,  for  the 802.1Q header that contains the service VLAN
1877              ID. Because packets that actually ingress and  egress  a  dot1q-
1878              tunnel  port  do  not  include  an 802.1Q header for the service
1879              VLAN, this does not affect packets on the dot1q-tunnel port  it‐
1880              self.  Rather,  it determines the service VLAN for a packet that
1881              ingresses on a dot1q-tunnel port and egresses on a trunk port.
1882
1883              The value 802.1ad specifies TPID 0x88a8, which is also  the  de‐
1884              fault if the setting is omitted. The value 802.1q specifies TPID
1885              0x8100.
1886
1887              For other kinds of ports, this setting is ignored.
1888
1889       other_config : priority-tags: optional string, one of  always,  if-non‐
1890       zero, or never
1891              An 802.1Q header contains two important pieces of information: a
1892              VLAN ID and a priority. A frame with a zero VLAN  ID,  called  a
1893              ``priority-tagged’’  frame,  is  supposed to be treated the same
1894              way as a frame without an 802.1Q header at all (except  for  the
1895              priority).
1896
1897              However,  some network elements ignore any frame that has 802.1Q
1898              header at all, even when the VLAN ID is zero. Therefore, by  de‐
1899              fault  Open  vSwitch does not output priority-tagged frames, in‐
1900              stead omitting the 802.1Q header entirely  if  the  VLAN  ID  is
1901              zero.  Set  this  key  to  if-nonzero  to enable priority-tagged
1902              frames on a port.
1903
1904              For if-nonzero Open vSwitch omits the 802.1Q header on output if
1905              both  the  VLAN  ID and priority would be zero. Set to always to
1906              retain the 802.1Q header in such frames as well.
1907
1908              All frames output to native-tagged ports have a nonzero VLAN ID,
1909              so this setting is not meaningful on native-tagged ports.
1910
1911     Bonding Configuration:
1912
1913       A  port  that has more than one interface is a ``bonded port.’’ Bonding
1914       allows for load balancing and fail-over.
1915
1916       The following types of bonding will work  with  any  kind  of  upstream
1917       switch.  On  the  upstream switch, do not configure the interfaces as a
1918       bond:
1919
1920              balance-slb
1921                     Balances flows among members based on source MAC  address
1922                     and  output  VLAN,  with  periodic rebalancing as traffic
1923                     patterns change.
1924
1925              active-backup
1926                     Assigns all flows to one member, failing over to a backup
1927                     member  when  the  active member is disabled. This is the
1928                     only bonding mode in which interfaces may be plugged into
1929                     different upstream switches.
1930
1931       The following modes require the upstream switch to support 802.3ad with
1932       successful LACP negotiation. If LACP negotiation fails  and  other-con‐
1933       fig:lacp-fallback-ab is true, then active-backup mode is used:
1934
1935              balance-tcp
1936                     Balances  flows among members based on L3 and L4 protocol
1937                     information such as IP addresses and TCP/UDP ports.
1938
1939       These columns apply only to bonded ports. Their  values  are  otherwise
1940       ignored.
1941
1942       bond_mode:  optional string, one of active-backup, balance-slb, or bal‐
1943       ance-tcp
1944              The type of bonding used for a  bonded  port.  Defaults  to  ac‐
1945              tive-backup if unset.
1946
1947       other_config : bond-hash-basis: optional string, containing an integer
1948              An  integer hashed along with flows when choosing output members
1949              in load balanced bonds. When changed, all flows will be assigned
1950              different  hash  values  possibly causing member selection deci‐
1951              sions to change. Does not affect bonding modes which do not  em‐
1952              ploy load balancing such as active-backup.
1953
1954       other_config : lb-output-action: optional string, either true or false
1955              Enable/disable usage of optimized lb_output action for balancing
1956              flows among output  members  in  load  balanced  bonds  in  bal‐
1957              ance-tcp.  When  enabled, it uses optimized path for balance-tcp
1958              mode by using rss hash and avoids recirculation. This knob  does
1959              not affect other balancing modes.
1960
1961       other_config : bond-primary: optional string
1962              If  a  slave  interface with this name exists in the bond and is
1963              up, it will  be  made  active.  Relevant  only  when  other_con‐
1964              fig:bond_mode  is  active-backup or if balance-tcp falls back to
1965              active-backup  (e.g.,  LACP  negotiation  fails  and  other_con‐
1966              fig:lacp-fallback-ab is true).
1967
1968     Link Failure Detection:
1969
1970       An  important  part of link bonding is detecting that links are down so
1971       that they may be disabled. These settings determine  how  Open  vSwitch
1972       detects link failure.
1973
1974       other_config : bond-detect-mode: optional string, either carrier or mi‐
1975       imon
1976              The means used to detect  link  failures.  Defaults  to  carrier
1977              which uses each interface’s carrier to detect failures. When set
1978              to miimon, will check for failures by polling  each  interface’s
1979              MII.
1980
1981       other_config : bond-miimon-interval: optional string, containing an in‐
1982       teger
1983              The interval, in milliseconds, between  successive  attempts  to
1984              poll each interface’s MII. Relevant only when other_config:bond-
1985              detect-mode is miimon.
1986
1987       bond_updelay: integer
1988              The number of milliseconds for which the link must stay up on an
1989              interface before the interface is considered to be up. Specify 0
1990              to enable the interface immediately.
1991
1992              This setting is honored only when at least one bonded  interface
1993              is  already  enabled.  When  no interfaces are enabled, then the
1994              first bond interface to come up is enabled immediately.
1995
1996       bond_downdelay: integer
1997              The number of milliseconds for which the link must stay down  on
1998              an  interface  before  the  interface  is considered to be down.
1999              Specify 0 to disable the interface immediately.
2000
2001     LACP Configuration:
2002
2003       LACP, the Link Aggregation Control Protocol, is an IEEE  standard  that
2004       allows switches to automatically detect that they are connected by mul‐
2005       tiple links and aggregate across those links.  These  settings  control
2006       LACP behavior.
2007
2008       lacp: optional string, one of active, off, or passive
2009              Configures  LACP  on  this  port. LACP allows directly connected
2010              switches to negotiate which links may be bonded. LACP may be en‐
2011              abled  on  non-bonded ports for the benefit of any switches they
2012              may be connected to. active ports are allowed to  initiate  LACP
2013              negotiations.  passive  ports are allowed to participate in LACP
2014              negotiations initiated by a remote switch, but  not  allowed  to
2015              initiate  such  negotiations themselves. If LACP is enabled on a
2016              port whose partner switch does not support LACP, the  bond  will
2017              be  disabled,  unless  other-config:lacp-fallback-ab  is  set to
2018              true. Defaults to off if unset.
2019
2020       other_config : lacp-system-id: optional string
2021              The LACP system ID of this Port. The system ID of a LACP bond is
2022              used  to  identify itself to its partners. Must be a nonzero MAC
2023              address. Defaults to the bridge Ethernet address if unset.
2024
2025       other_config : lacp-system-priority: optional string, containing an in‐
2026       teger, in range 1 to 65,535
2027              The  LACP  system  priority  of this Port. In LACP negotiations,
2028              link status decisions are made by the system  with  the  numeri‐
2029              cally lower priority.
2030
2031       other_config : lacp-time: optional string, either fast or slow
2032              The  LACP  timing  which should be used on this Port. By default
2033              slow is used. When configured to be fast LACP heartbeats are re‐
2034              quested  at a rate of once per second causing connectivity prob‐
2035              lems to be detected more quickly. In slow mode,  heartbeats  are
2036              requested at a rate of once every 30 seconds.
2037
2038       other_config : lacp-fallback-ab: optional string, either true or false
2039              Determines the behavior of openvswitch bond in LACP mode. If the
2040              partner switch does not support LACP,  setting  this  option  to
2041              true allows openvswitch to fallback to active-backup. If the op‐
2042              tion is set to false, the bond will be  disabled.  In  both  the
2043              cases,  once  the partner switch is configured to LACP mode, the
2044              bond will use LACP.
2045
2046     Rebalancing Configuration:
2047
2048       These settings control behavior when a bond is in balance-slb  or  bal‐
2049       ance-tcp mode.
2050
2051       other_config  : bond-rebalance-interval: optional string, containing an
2052       integer, in range 0 to 2,147,483,647
2053              For a load balanced bonded port, the number of milliseconds  be‐
2054              tween  successive  attempts  to  rebalance the bond, that is, to
2055              move flows from one interface on the bond to another in  an  at‐
2056              tempt  to  keep  usage of each interface roughly equal. If zero,
2057              load balancing is disabled on the bond (link failure still cause
2058              flows to move). If less than 1000ms, the rebalance interval will
2059              be 1000ms.
2060
2061       bond_fake_iface: boolean
2062              For a bonded port, whether to create a fake  internal  interface
2063              with  the  name  of  the  port.  Use only for compatibility with
2064              legacy software that requires this.
2065
2066     Spanning Tree Protocol:
2067
2068       The configuration here is only meaningful, and the status is only popu‐
2069       lated, when 802.1D-1998 Spanning Tree Protocol is enabled on the port’s
2070       Bridge with its stp_enable column.
2071
2072     STP Configuration:
2073
2074       other_config : stp-enable: optional string, either true or false
2075              When STP is enabled on a bridge, it is enabled by default on all
2076              of  the  bridge’s  ports except bond, internal, and mirror ports
2077              (which do not work with STP). If this column’s value  is  false,
2078              STP is disabled on the port.
2079
2080       other_config : stp-port-num: optional string, containing an integer, in
2081       range 1 to 255
2082              The port number used for the lower 8 bits of the port-id. By de‐
2083              fault, the numbers will be assigned automatically. If any port’s
2084              number is manually configured on a bridge, then  they  must  all
2085              be.
2086
2087       other_config  : stp-port-priority: optional string, containing an inte‐
2088       ger, in range 0 to 255
2089              The port’s relative priority value for determining the root port
2090              (the  upper  8 bits of the port-id). A port with a lower port-id
2091              will be chosen as the root port. By  default,  the  priority  is
2092              0x80.
2093
2094       other_config  :  stp-path-cost: optional string, containing an integer,
2095       in range 0 to 65,535
2096              Spanning tree path cost for the port. A lower number indicates a
2097              faster  link. By default, the cost is based on the maximum speed
2098              of the link.
2099
2100     STP Status:
2101
2102       status : stp_port_id: optional string
2103              The port ID used in spanning tree advertisements for this  port,
2104              as  4  hex  digits.  Configuring the port ID is described in the
2105              stp-port-num and stp-port-priority keys of the other_config sec‐
2106              tion earlier.
2107
2108       status  :  stp_state:  optional string, one of blocking, disabled, for‐
2109       warding, learning, or listening
2110              STP state of the port.
2111
2112       status : stp_sec_in_state: optional string, containing an  integer,  at
2113       least 0
2114              The  amount of time this port has been in the current STP state,
2115              in seconds.
2116
2117       status : stp_role: optional string, one of  alternate,  designated,  or
2118       root
2119              STP role of the port.
2120
2121     Rapid Spanning Tree Protocol:
2122
2123       The  configuration  here is only meaningful, and the status and statis‐
2124       tics are only populated, when 802.1D-1998 Spanning Tree Protocol is en‐
2125       abled on the port’s Bridge with its stp_enable column.
2126
2127     RSTP Configuration:
2128
2129       other_config : rstp-enable: optional string, either true or false
2130              When  RSTP  is  enabled on a bridge, it is enabled by default on
2131              all of the bridge’s ports  except  bond,  internal,  and  mirror
2132              ports  (which  do not work with RSTP). If this column’s value is
2133              false, RSTP is disabled on the port.
2134
2135       other_config : rstp-port-priority: optional string, containing an inte‐
2136       ger, in range 0 to 240
2137              The  port’s  relative  priority  value  for determining the root
2138              port, in multiples of 16. By default, the port priority is  0x80
2139              (128). Any value in the lower 4 bits is rounded off. The signif‐
2140              icant upper 4 bits become the upper 4 bits  of  the  port-id.  A
2141              port with the lowest port-id is elected as the root.
2142
2143       other_config  :  rstp-port-num: optional string, containing an integer,
2144       in range 1 to 4,095
2145              The local RSTP port number, used as the lower  12  bits  of  the
2146              port-id. By default the port numbers are assigned automatically,
2147              and typically may not correspond to the OpenFlow port numbers. A
2148              port with the lowest port-id is elected as the root.
2149
2150       other_config  : rstp-port-path-cost: optional string, containing an in‐
2151       teger
2152              The port path cost. The Port’s contribution, when it is the Root
2153              Port,  to the Root Path Cost for the Bridge. By default the cost
2154              is automatically calculated from the port’s speed.
2155
2156       other_config : rstp-port-admin-edge: optional string,  either  true  or
2157       false
2158              The admin edge port parameter for the Port. Default is false.
2159
2160       other_config  :  rstp-port-auto-edge:  optional  string, either true or
2161       false
2162              The auto edge port parameter for the Port. Default is true.
2163
2164       other_config : rstp-port-mcheck: optional string, either true or false
2165              The mcheck port parameter for the Port. Default is false. May be
2166              set to force the Port Protocol Migration state machine to trans‐
2167              mit RST BPDUs for a MigrateTime period, to test whether all  STP
2168              Bridges  on  the attached LAN have been removed and the Port can
2169              continue to transmit RSTP BPDUs. Setting mcheck has no effect if
2170              the Bridge is operating in STP Compatibility mode.
2171
2172              Changing  the  value from true to false has no effect, but needs
2173              to be done if this behavior is to be triggered again  by  subse‐
2174              quently changing the value from false to true.
2175
2176     RSTP Status:
2177
2178       rstp_status : rstp_port_id: optional string
2179              The  port ID used in spanning tree advertisements for this port,
2180              as 4 hex digits. Configuring the port ID  is  described  in  the
2181              rstp-port-num  and  rstp-port-priority  keys of the other_config
2182              section earlier.
2183
2184       rstp_status  :  rstp_port_role:  optional  string,  one  of  Alternate,
2185       Backup, Designated, Disabled, or Root
2186              RSTP role of the port.
2187
2188       rstp_status  :  rstp_port_state: optional string, one of Disabled, Dis‐
2189       carding, Forwarding, or Learning
2190              RSTP state of the port.
2191
2192       rstp_status : rstp_designated_bridge_id: optional string
2193              The port’s RSTP designated  bridge  ID,  in  the  same  form  as
2194              rstp_status:rstp_bridge_id in the Bridge table.
2195
2196       rstp_status : rstp_designated_port_id: optional string
2197              The port’s RSTP designated port ID, as 4 hex digits.
2198
2199       rstp_status : rstp_designated_path_cost: optional string, containing an
2200       integer
2201              The port’s RSTP designated path cost. Lower is better.
2202
2203     RSTP Statistics:
2204
2205       rstp_statistics : rstp_tx_count: optional integer
2206              Number of RSTP BPDUs transmitted through this port.
2207
2208       rstp_statistics : rstp_rx_count: optional integer
2209              Number of valid RSTP BPDUs received by this port.
2210
2211       rstp_statistics : rstp_error_count: optional integer
2212              Number of invalid RSTP BPDUs received by this port.
2213
2214       rstp_statistics : rstp_uptime: optional integer
2215              The duration covered by the other RSTP statistics, in seconds.
2216
2217     Multicast Snooping:
2218
2219       other_config : mcast-snooping-flood: optional string,  either  true  or
2220       false
2221              If  set to true, multicast packets (except Reports) are uncondi‐
2222              tionally forwarded to the specific port.
2223
2224       other_config : mcast-snooping-flood-reports:  optional  string,  either
2225       true or false
2226              If  set to true, multicast Reports are unconditionally forwarded
2227              to the specific port.
2228
2229     Other Features:
2230
2231       qos: optional QoS
2232              Quality of Service configuration for this port.
2233
2234       mac: optional string
2235              The MAC address to use for this port for the purpose of choosing
2236              the  bridge’s  MAC address. This column does not necessarily re‐
2237              flect the port’s actual MAC address, nor will setting it  change
2238              the port’s actual MAC address.
2239
2240       fake_bridge: boolean
2241              Does this port represent a sub-bridge for its tagged VLAN within
2242              the Bridge? See ovs-vsctl(8) for more information.
2243
2244       protected: boolean
2245              The protected ports feature allows certain ports  to  be  desig‐
2246              nated  as protected. Traffic between protected ports is blocked.
2247              Protected ports can send traffic to  unprotected  ports.  Unpro‐
2248              tected ports can send traffic to any port. Default is false.
2249
2250       external_ids : fake-bridge-id-*: optional string
2251              External  IDs for a fake bridge (see the fake_bridge column) are
2252              defined  by   prefixing   a   Bridge   external_ids   key   with
2253              fake-bridge-, e.g. fake-bridge-xs-network-uuids.
2254
2255       other_config : transient: optional string, either true or false
2256              If  set  to  true,  the  port will be removed when ovs-ctl start
2257              --delete-transient-ports is used.
2258
2259       bond_active_slave: optional string
2260              For a bonded port, record the MAC address of the current  active
2261              member.
2262
2263     Port Statistics:
2264
2265       Key-value  pairs that report port statistics. The update period is con‐
2266       trolled by other_config:stats-update-interval in the  Open_vSwitch  ta‐
2267       ble.
2268
2269     Statistics: STP transmit and receive counters:
2270
2271       statistics : stp_tx_count: optional integer
2272              Number  of  STP BPDUs sent on this port by the spanning tree li‐
2273              brary.
2274
2275       statistics : stp_rx_count: optional integer
2276              Number of STP BPDUs received on this port and  accepted  by  the
2277              spanning tree library.
2278
2279       statistics : stp_error_count: optional integer
2280              Number of bad STP BPDUs received on this port. Bad BPDUs include
2281              runt packets and those with an unexpected protocol ID.
2282
2283     Common Columns:
2284
2285       The overall purpose of these columns is described under Common  Columns
2286       at the beginning of this document.
2287
2288       other_config: map of string-string pairs
2289
2290       external_ids: map of string-string pairs
2291

Interface TABLE

2293       An interface within a Port.
2294
2295   Summary:
2296       Core Features:
2297         name                        immutable  string  (must be unique within
2298                                     table)
2299         ifindex                     optional   integer,   in   range   0   to
2300                                     4,294,967,295
2301         mac_in_use                  optional string
2302         mac                         optional string
2303         error                       optional string
2304         OpenFlow Port Number:
2305            ofport                   optional integer
2306            ofport_request           optional integer, in range 1 to 65,279
2307       System-Specific Details:
2308         type                        string
2309       Tunnel Options:
2310         options : remote_ip         optional string
2311         options : local_ip          optional string
2312         options : in_key            optional string
2313         options : out_key           optional string
2314         options : dst_port          optional string
2315         options : key               optional string
2316         options : tos               optional string
2317         options : ttl               optional string
2318         options : df_default        optional string, either true or false
2319         options : egress_pkt_mark   optional string
2320         Tunnel Options: lisp only:
2321            options : packet_type    optional string, either legacy_l3 or ptap
2322         Tunnel Options: vxlan only:
2323            options : exts           optional string
2324            options : packet_type    optional   string,   one   of  legacy_l2,
2325                                     legacy_l3, or ptap
2326         Tunnel Options: gre only:
2327            options : packet_type    optional  string,   one   of   legacy_l2,
2328                                     legacy_l3, or ptap
2329            options : seq            optional string, either true or false
2330         Tunnel Options: gre, ip6gre, geneve, bareudp and vxlan:
2331            options : csum           optional string, either true or false
2332         Tunnel Options: IPsec:
2333            options : psk            optional string
2334            options : remote_cert    optional string
2335            options : remote_name    optional string
2336       Tunnel Options: erspan only:
2337         options : erspan_idx        optional string
2338         options : erspan_ver        optional string
2339         options : erspan_dir        optional string
2340         options : erspan_hwid       optional string
2341       Tunnel Options: Bareudp only:
2342         options : payload_type      optional string
2343       Patch Options:
2344         options : peer              optional string
2345       PMD (Poll Mode Driver) Options:
2346         options : n_rxq             optional  string,  containing an integer,
2347                                     at least 1
2348         options : dpdk-devargs      optional string
2349         other_config : pmd-rxq-affinity
2350                                     optional string
2351         options : xdp-mode          optional  string,  one  of   best-effort,
2352                                     generic, native-with-zerocopy, or native
2353         options : use-need-wakeup   optional string, either true or false
2354         options : vhost-server-path
2355                                     optional string
2356         options : tx-retries-max    optional  string,  containing an integer,
2357                                     in range 0 to 32
2358         options : n_rxq_desc        optional string, containing  an  integer,
2359                                     in range 1 to 4,096
2360         options : n_txq_desc        optional  string,  containing an integer,
2361                                     in range 1 to 4,096
2362         options : dpdk-vf-mac       optional string
2363         other_config : tx-steering  optional string, either hash or thread
2364       EMC (Exact Match Cache) Configuration:
2365         other_config : emc-enable   optional string, either true or false
2366       MTU:
2367         mtu                         optional integer
2368         mtu_request                 optional integer, at least 1
2369       Interface Status:
2370         admin_state                 optional string, either down or up
2371         link_state                  optional string, either down or up
2372         link_resets                 optional integer
2373         link_speed                  optional integer
2374         duplex                      optional string, either full or half
2375         lacp_current                optional boolean
2376         status                      map of string-string pairs
2377         status : driver_name        optional string
2378         status : driver_version     optional string
2379         status : firmware_version   optional string
2380         status : source_ip          optional string
2381         status : tunnel_egress_iface
2382                                     optional string
2383         status : tunnel_egress_iface_carrier
2384                                     optional string, either down or up
2385         dpdk:
2386            status : port_no         optional string
2387            status : numa_id         optional string
2388            status : min_rx_bufsize  optional string
2389            status : max_rx_pktlen   optional string
2390            status : max_rx_queues   optional string
2391            status : max_tx_queues   optional string
2392            status : max_mac_addrs   optional string
2393            status : max_hash_mac_addrs
2394                                     optional string
2395            status : max_vfs         optional string
2396            status : max_vmdq_pools  optional string
2397            status : if_type         optional string
2398            status : if_descr        optional string
2399            status : pci-vendor_id   optional string
2400            status : pci-device_id   optional string
2401       Statistics:
2402         Statistics: Successful transmit and receive counters:
2403            statistics : rx_packets  optional integer
2404            statistics : rx_bytes    optional integer
2405            statistics : tx_packets  optional integer
2406            statistics : tx_bytes    optional integer
2407         Statistics: Receive errors:
2408            statistics : rx_dropped  optional integer
2409            statistics : rx_frame_err
2410                                     optional integer
2411            statistics : rx_over_err optional integer
2412            statistics : rx_crc_err  optional integer
2413            statistics : rx_errors   optional integer
2414         Statistics: Transmit errors:
2415            statistics : tx_dropped  optional integer
2416            statistics : collisions  optional integer
2417            statistics : tx_errors   optional integer
2418       Ingress Policing:
2419         ingress_policing_rate       integer, at least 0
2420         ingress_policing_kpkts_rate
2421                                     integer, at least 0
2422         ingress_policing_burst      integer, at least 0
2423         ingress_policing_kpkts_burst
2424                                     integer, at least 0
2425       Bidirectional Forwarding Detection (BFD):
2426         BFD Configuration:
2427            bfd : enable             optional string, either true or false
2428            bfd : min_rx             optional string, containing  an  integer,
2429                                     at least 1
2430            bfd : min_tx             optional  string,  containing an integer,
2431                                     at least 1
2432            bfd : decay_min_rx       optional string, containing an integer
2433            bfd : forwarding_if_rx   optional string, either true or false
2434            bfd : cpath_down         optional string, either true or false
2435            bfd : check_tnl_key      optional string, either true or false
2436            bfd : bfd_local_src_mac  optional string
2437            bfd : bfd_local_dst_mac  optional string
2438            bfd : bfd_remote_dst_mac optional string
2439            bfd : bfd_src_ip         optional string
2440            bfd : bfd_dst_ip         optional string
2441            bfd : oam                optional string
2442            bfd : mult               optional string, containing  an  integer,
2443                                     in range 1 to 255
2444         BFD Status:
2445            bfd_status : state       optional string, one of admin_down, down,
2446                                     init, or up
2447            bfd_status : forwarding  optional string, either true or false
2448            bfd_status : diagnostic  optional string
2449            bfd_status : remote_state
2450                                     optional string, one of admin_down, down,
2451                                     init, or up
2452            bfd_status : remote_diagnostic
2453                                     optional string
2454            bfd_status : flap_count  optional  string,  containing an integer,
2455                                     at least 0
2456       Connectivity Fault Management:
2457         cfm_mpid                    optional integer
2458         cfm_flap_count              optional integer
2459         cfm_fault                   optional boolean
2460         cfm_fault_status : recv     none
2461         cfm_fault_status : rdi      none
2462         cfm_fault_status : maid     none
2463         cfm_fault_status : loopback
2464                                     none
2465         cfm_fault_status : overflow
2466                                     none
2467         cfm_fault_status : override
2468                                     none
2469         cfm_fault_status : interval
2470                                     none
2471         cfm_remote_opstate          optional string, either down or up
2472         cfm_health                  optional integer, in range 0 to 100
2473         cfm_remote_mpids            set of integers
2474         other_config : cfm_interval
2475                                     optional string, containing an integer
2476         other_config : cfm_extended
2477                                     optional string, either true or false
2478         other_config : cfm_demand   optional string, either true or false
2479         other_config : cfm_opstate  optional string, either down or up
2480         other_config : cfm_ccm_vlan
2481                                     optional string, containing  an  integer,
2482                                     in range 1 to 4,095
2483         other_config : cfm_ccm_pcp  optional  string,  containing an integer,
2484                                     in range 1 to 7
2485       Bonding Configuration:
2486         other_config : lacp-port-id
2487                                     optional string, containing  an  integer,
2488                                     in range 1 to 65,535
2489         other_config : lacp-port-priority
2490                                     optional  string,  containing an integer,
2491                                     in range 1 to 65,535
2492         other_config : lacp-aggregation-key
2493                                     optional string, containing  an  integer,
2494                                     in range 1 to 65,535
2495       Virtual Machine Identifiers:
2496         external_ids : attached-mac
2497                                     optional string
2498         external_ids : iface-id     optional string
2499         external_ids : iface-status
2500                                     optional  string,  either active or inac‐
2501                                     tive
2502         external_ids : xs-vif-uuid  optional string
2503         external_ids : xs-network-uuid
2504                                     optional string
2505         external_ids : vm-id        optional string
2506         external_ids : xs-vm-uuid   optional string
2507       Auto Attach Configuration:
2508         lldp : enable               optional string, either true or false
2509       Flow control Configuration:
2510         options : rx-flow-ctrl      optional string, either true or false
2511         options : tx-flow-ctrl      optional string, either true or false
2512         options : flow-ctrl-autoneg
2513                                     optional string, either true or false
2514       Link State Change detection mode:
2515         options : dpdk-lsc-interrupt
2516                                     optional string, either true or false
2517       Common Columns:
2518         other_config                map of string-string pairs
2519         external_ids                map of string-string pairs
2520
2521   Details:
2522     Core Features:
2523
2524       name: immutable string (must be unique within table)
2525              Interface name. Should be  alphanumeric.  For  non-bonded  port,
2526              this  should  be the same as the port name. It must otherwise be
2527              unique among the names of ports, interfaces, and  bridges  on  a
2528              host.
2529
2530              The  maximum length of an interface name depends on the underly‐
2531              ing datapath:
2532
2533              •      The names of interfaces implemented as Linux and BSD net‐
2534                     work  devices,  including  interfaces with type internal,
2535                     tap, or system plus the different types of tunnel  ports,
2536                     are  limited  to  15 bytes. Windows limits these names to
2537                     255 bytes.
2538
2539              •      The names of patch ports are not used in  the  underlying
2540                     datapath,  so operating system restrictions do not apply.
2541                     Thus, they may have arbitrary length.
2542
2543              Regardless of other restrictions, OpenFlow only supports 15-byte
2544              names,  which means that ovs-ofctl and OpenFlow controllers will
2545              show names truncated to 15 bytes.
2546
2547       ifindex: optional integer, in range 0 to 4,294,967,295
2548              A positive interface index as defined for SNMP  MIB-II  in  RFCs
2549              1213  and  2863,  if  the  interface  has  one, otherwise 0. The
2550              ifindex is useful for seamless integration with  protocols  such
2551              as SNMP and sFlow.
2552
2553       mac_in_use: optional string
2554              The MAC address in use by this interface.
2555
2556       mac: optional string
2557              Ethernet  address  to  set for this interface. If unset then the
2558              default MAC address is used:
2559
2560              •      For the local interface, the default is  the  lowest-num‐
2561                     bered  MAC  address  among the other bridge ports, either
2562                     the value of the mac in its Port record, if set,  or  its
2563                     actual MAC (for bonded ports, the MAC of its member whose
2564                     name is first in alphabetical order). Internal ports  and
2565                     bridge ports that are used as port mirroring destinations
2566                     (see the Mirror table) are ignored.
2567
2568              •      For other internal interfaces, the default  MAC  is  ran‐
2569                     domly generated.
2570
2571              •      External  interfaces typically have a MAC address associ‐
2572                     ated with their hardware.
2573
2574              Some interfaces may not have  a  software-controllable  MAC  ad‐
2575              dress.  This  option only affects internal ports. For other type
2576              ports, you can change the MAC address outside Open vSwitch,  us‐
2577              ing ip command.
2578
2579       error: optional string
2580              If  the  configuration of the port failed, as indicated by -1 in
2581              ofport, Open vSwitch sets this column to an error description in
2582              human readable form. Otherwise, Open vSwitch clears this column.
2583
2584     OpenFlow Port Number:
2585
2586       When  a  client  adds a new interface, Open vSwitch chooses an OpenFlow
2587       port number for the new port. If the client that adds the port fills in
2588       ofport_request,  then  Open vSwitch tries to use its value as the Open‐
2589       Flow port number. Otherwise, or if the requested port number is already
2590       in use or cannot be used for another reason, Open vSwitch automatically
2591       assigns a free port number. Regardless of how the port number  was  ob‐
2592       tained,  Open  vSwitch  then reports in ofport the port number actually
2593       assigned.
2594
2595       Open vSwitch limits the port numbers that it automatically  assigns  to
2596       the  range 1 through 32,767, inclusive. Controllers therefore have free
2597       use of ports 32,768 and up.
2598
2599       ofport: optional integer
2600              OpenFlow port number for this interface. Open vSwitch sets  this
2601              column’s value, so other clients should treat it as read-only.
2602
2603              The  OpenFlow  ``local’’  port (OFPP_LOCAL) is 65,534. The other
2604              valid port numbers are in the  range  1  to  65,279,  inclusive.
2605              Value -1 indicates an error adding the interface.
2606
2607       ofport_request: optional integer, in range 1 to 65,279
2608              Requested OpenFlow port number for this interface.
2609
2610              A  client  should  ideally  set  this column’s value in the same
2611              database transaction that it uses to create the interface.  Open
2612              vSwitch  version  2.1 and later will honor a later request for a
2613              specific port  number,  althuogh  it  might  confuse  some  con‐
2614              trollers: OpenFlow does not have a way to announce a port number
2615              change, so Open vSwitch represents it over OpenFlow  as  a  port
2616              deletion followed immediately by a port addition.
2617
2618              If  ofport_request  is set or changed to some other port’s auto‐
2619              matically assigned port number, Open vSwitch chooses a new  port
2620              number for the latter port.
2621
2622     System-Specific Details:
2623
2624       type: string
2625              The interface type. The types supported by a particular instance
2626              of Open vSwitch are listed in  the  iface_types  column  in  the
2627              Open_vSwitch table. The following types are defined:
2628
2629              system An ordinary network device, e.g. eth0 on Linux. Sometimes
2630                     referred to as ``external  interfaces’’  since  they  are
2631                     generally connected to hardware external to that on which
2632                     the Open vSwitch is running. The empty string is  a  syn‐
2633                     onym for system.
2634
2635              internal
2636                     A  simulated network device that sends and receives traf‐
2637                     fic. An internal interface whose name is the same as  its
2638                     bridge’s  name is called the ``local interface.’’ It does
2639                     not make sense to bond  an  internal  interface,  so  the
2640                     terms  ``port’’  and  ``interface’’ are often used impre‐
2641                     cisely for internal interfaces.
2642
2643              tap    A TUN/TAP device managed by Open vSwitch.
2644
2645                     Open vSwitch checks the interface state before send pack‐
2646                     ets  to  the  device.  When  it  is down, the packets are
2647                     dropped and the tx_dropped statistic is  updated  accord‐
2648                     ingly.  Older  versions of Open vSwitch did not check the
2649                     interface state and then the tx_packets  was  incremented
2650                     along with tx_dropped.
2651
2652              geneve An             Ethernet            over            Geneve
2653                     (http://tools.ietf.org/html/draft-ietf-nvo3-geneve)
2654                     IPv4/IPv6  tunnel.  A description of how to match and set
2655                     Geneve options can be found in the ovs-ofctl manual page.
2656
2657              gre    Generic Routing Encapsulation  (GRE)  over  IPv4  tunnel,
2658                     configurable to encapsulate layer 2 or layer 3 traffic.
2659
2660              ip6gre Generic Routing Encapsulation (GRE) over IPv6 tunnel, en‐
2661                     capsulate layer 2 traffic.
2662
2663              vxlan  An Ethernet tunnel over the UDP-based VXLAN protocol  de‐
2664                     scribed in RFC 7348.
2665
2666                     Open  vSwitch  uses  IANA-assigned  UDP  destination port
2667                     4789. The source port used for VXLAN traffic varies on  a
2668                     per-flow basis and is in the ephemeral port range.
2669
2670              lisp   A  layer  3 tunnel over the experimental, UDP-based Loca‐
2671                     tor/ID Separation Protocol (RFC 6830).
2672
2673                     Only IPv4 and IPv6 packets are supported by the protocol,
2674                     and  they  are  sent  and  received  without  an Ethernet
2675                     header. Traffic to/from LISP ports is expected to be con‐
2676                     figured  explicitly,  and  the  ports are not intended to
2677                     participate in learning based switching.  As  such,  they
2678                     are always excluded from packet flooding.
2679
2680              stt    The  Stateless  TCP  Tunnel  (STT) is particularly useful
2681                     when tunnel endpoints are in end-systems, as it  utilizes
2682                     the  capabilities  of standard network interface cards to
2683                     improve performance. STT utilizes a TCP-like  header  in‐
2684                     side  the  IP  header. It is stateless, i.e., there is no
2685                     TCP connection state of any kind associated with the tun‐
2686                     nel. The TCP-like header is used to leverage the capabil‐
2687                     ities of existing network interface cards, but should not
2688                     be  interpreted  as implying any sort of connection state
2689                     between endpoints. Since the STT protocol does not engage
2690                     in  the usual TCP 3-way handshake, so it will have diffi‐
2691                     culty traversing stateful firewalls. The protocol is doc‐
2692                     umented   at  https://tools.ietf.org/html/draft-davie-stt
2693                     All traffic uses a default destination port of 7471.
2694
2695              patch  A pair of virtual devices that act as a patch cable.
2696
2697              gtpu   GPRS Tunneling Protocol (GTP) is a group of IP-based com‐
2698                     munications  protocols used to carry general packet radio
2699                     service (GPRS) within GSM, UMTS and LTE  networks.  GTP-U
2700                     is  used for carrying user data within the GPRS core net‐
2701                     work and between the radio access network  and  the  core
2702                     network.  The user data transported can be packets in any
2703                     of IPv4, IPv6, or PPP formats.
2704
2705                     The protocol is documented at http://www.3gpp.org/DynaRe
2706                     port/29281.htm
2707
2708                     Open  vSwitch  uses UDP destination port 2152. The source
2709                     port used for GTP traffic varies on a per-flow basis  and
2710                     is in the ephemeral port range.
2711
2712              Bareudp
2713                     The  Bareudp  tunnel  provides a generic L3 encapsulation
2714                     support for tunnelling different L3 protocols like  MPLS,
2715                     IP, NSH etc. inside a UDP tunnel.
2716
2717     Tunnel Options:
2718
2719       These  options  apply  to interfaces with type of geneve, bareudp, gre,
2720       ip6gre, vxlan, lisp and stt.
2721
2722       Each tunnel must be uniquely identified by the combination of type, op‐
2723       tions:remote_ip, options:local_ip, and options:in_key. If two ports are
2724       defined that are the same except one has an optional identifier and the
2725       other  does not, the more specific one is matched first. options:in_key
2726       is considered more specific than options:local_ip if a port defines one
2727       and  another  port  defines the other. options:in_key is not applicable
2728       for bareudp tunnels. Hence it is not  considered  while  identifying  a
2729       bareudp tunnel.
2730
2731       options : remote_ip: optional string
2732              Required. The remote tunnel endpoint, one of:
2733
2734              •      An   IPv4   or  IPv6  address  (not  a  DNS  name),  e.g.
2735                     192.168.0.123. Only unicast endpoints are supported.
2736
2737              •      The word flow. The tunnel accepts packets from any remote
2738                     tunnel  endpoint. To process only packets from a specific
2739                     remote tunnel endpoint, the flow entries may match on the
2740                     tun_src  or  tun_ipv6_srcfield. When sending packets to a
2741                     remote_ip=flow tunnel, the flow actions  must  explicitly
2742                     set  the  tun_dst or tun_ipv6_dst field to the IP address
2743                     of the  desired  remote  tunnel  endpoint,  e.g.  with  a
2744                     set_field action.
2745
2746              The remote tunnel endpoint for any packet received from a tunnel
2747              is available in the tun_src field for matching in the  flow  ta‐
2748              ble.
2749
2750       options : local_ip: optional string
2751              Optional.  The  tunnel destination IP that received packets must
2752              match. Default is to match all addresses. If specified,  may  be
2753              one of:
2754
2755              •      An IPv4/IPv6 address (not a DNS name), e.g. 192.168.12.3.
2756
2757              •      The  word flow. The tunnel accepts packets sent to any of
2758                     the local IP addresses of  the  system  running  OVS.  To
2759                     process  only  packets sent to a specific IP address, the
2760                     flow entries may match on  the  tun_dst  or  tun_ipv6_dst
2761                     field.  When  sending  packets to a local_ip=flow tunnel,
2762                     the flow  actions  may  explicitly  set  the  tun_src  or
2763                     tun_ipv6_src field to the desired IP address, e.g. with a
2764                     set_field action. However,  while  routing  the  tunneled
2765                     packet  out,  the local system may override the specified
2766                     address with the local IP address configured for the out‐
2767                     going system interface.
2768
2769                     This  option  is  valid  only for tunnels also configured
2770                     with the remote_ip=flow option.
2771
2772              The tunnel destination IP address for any packet received from a
2773              tunnel  is  available  in  the tun_dst or tun_ipv6_dst field for
2774              matching in the flow table.
2775
2776       options : in_key: optional string
2777              Optional, not applicable for  bareudp.  The  key  that  received
2778              packets must contain, one of:
2779
27800.  The tunnel receives packets with no key or with a key
2781                     of 0. This is equivalent to specifying no  options:in_key
2782                     at all.
2783
2784              •      A  positive  24-bit (for Geneve, VXLAN, and LISP), 32-bit
2785                     (for GRE) or 64-bit (for STT) number. The tunnel receives
2786                     only packets with the specified key.
2787
2788              •      The  word  flow. The tunnel accepts packets with any key.
2789                     The key will be placed in the tun_id field  for  matching
2790                     in the flow table. The ovs-fields(7) manual page contains
2791                     additional information about matching fields in  OpenFlow
2792                     flows.
2793
2794       options : out_key: optional string
2795              Optional,  not applicable for bareudp. The key to be set on out‐
2796              going packets, one of:
2797
27980. Packets sent through the tunnel will have no key. This
2799                     is equivalent to specifying no options:out_key at all.
2800
2801              •      A  positive  24-bit  (for Geneve, VXLAN and LISP), 32-bit
2802                     (for GRE)  or  64-bit  (for  STT)  number.  Packets  sent
2803                     through the tunnel will have the specified key.
2804
2805              •      The  word flow. Packets sent through the tunnel will have
2806                     the key set using the set_tunnel Nicira  OpenFlow  vendor
2807                     extension  (0  is  used in the absence of an action). The
2808                     ovs-fields(7) manual page contains additional information
2809                     about the Nicira OpenFlow vendor extensions.
2810
2811       options : dst_port: optional string
2812              Optional.  The  tunnel transport layer destination port, for UDP
2813              and TCP based tunnel protocols (Geneve, VXLAN, LISP, and STT).
2814
2815       options : key: optional string
2816              Optional. Shorthand to set in_key and out_key at the same time.
2817
2818       options : tos: optional string
2819              Optional. The value of the ToS bits to be set on the encapsulat‐
2820              ing  packet.  ToS  is interpreted as DSCP and ECN bits, ECN part
2821              must be zero. It may also be the word inherit, in which case the
2822              ToS  will  be copied from the inner packet if it is IPv4 or IPv6
2823              (otherwise it will be 0). The ECN fields are  always  inherited.
2824              Default is 0.
2825
2826       options : ttl: optional string
2827              Optional.  The TTL to be set on the encapsulating packet. It may
2828              also be the word inherit, in which case the TTL will  be  copied
2829              from  the  inner packet if it is IPv4 or IPv6 (otherwise it will
2830              be the system default, typically 64). Default is the system  de‐
2831              fault TTL.
2832
2833       options : df_default: optional string, either true or false
2834              Optional. If enabled, the Don’t Fragment bit will be set on tun‐
2835              nel outer headers to allow path MTU discovery.  Default  is  en‐
2836              abled; set to false to disable.
2837
2838       options : egress_pkt_mark: optional string
2839              Optional.  The  pkt_mark  to be set on the encapsulating packet.
2840              This option sets packet mark for the  tunnel  endpoint  for  all
2841              tunnel packets including tunnel monitoring.
2842
2843     Tunnel Options: lisp only:
2844
2845       options : packet_type: optional string, either legacy_l3 or ptap
2846              A  LISP  tunnel  sends  and receives only IPv4 and IPv6 packets.
2847              This option controls what how the tunnel represents the  packets
2848              that it sends and receives:
2849
2850              •      By  default,  or  if this option is legacy_l3, the tunnel
2851                     represents packets as Ethernet frames  for  compatibility
2852                     with  legacy OpenFlow controllers that expect this behav‐
2853                     ior.
2854
2855              •      If this option is ptap, the tunnel represents packets us‐
2856                     ing the packet_type mechanism introduced in OpenFlow 1.5.
2857
2858     Tunnel Options: vxlan only:
2859
2860       options : exts: optional string
2861              Optional.  Comma  separated list of optional VXLAN extensions to
2862              enable. The following extensions are supported:
2863
2864gbp: VXLAN-GBP allows to transport the group policy  con‐
2865                     text of a packet across the VXLAN tunnel to other network
2866                     peers.   See   the   description   of   tun_gbp_id    and
2867                     tun_gbp_flags  in  ovs-fields(7)  for additional informa‐
2868                     tion.
2869                     (https://tools.ietf.org/html/draft-smith-vxlan-group-pol
2870                     icy)
2871
2872gpe: Support for Generic Protocol Encapsulation in accor‐
2873                     dance             with             IETF             draft
2874                     https://tools.ietf.org/html/draft-ietf-nvo3-vxlan-gpe.
2875                     Without  this  option, a VXLAN packet always encapsulates
2876                     an Ethernet frame. With this option, an VXLAN packet  may
2877                     also encapsulate an IPv4, IPv6, NSH, or MPLS packet.
2878
2879       options : packet_type: optional string, one of legacy_l2, legacy_l3, or
2880       ptap
2881              This option controls what types of packets the tunnel sends  and
2882              receives and how it represents them:
2883
2884              •      By  default,  or  if this option is legacy_l2, the tunnel
2885                     sends and receives only Ethernet frames.
2886
2887              •      If this option is legacy_l3, the  tunnel  sends  and  re‐
2888                     ceives only non-Ethernet (L3) packet, but the packets are
2889                     represented as Ethernet  frames  for  compatibility  with
2890                     legacy  OpenFlow  controllers  that expect this behavior.
2891                     This requires enabling gpe in options:exts.
2892
2893              •      If this option is ptap, Open vSwitch  represents  packets
2894                     in  the tunnel using the packet_type mechanism introduced
2895                     in OpenFlow 1.5. This  mechanism  supports  any  kind  of
2896                     packet,  but  actually sending and receiving non-Ethernet
2897                     packets  requires  additionally  enabling  gpe   in   op‐
2898                     tions:exts.
2899
2900     Tunnel Options: gre only:
2901
2902       gre interfaces support these options.
2903
2904       options : packet_type: optional string, one of legacy_l2, legacy_l3, or
2905       ptap
2906              This option controls what types of packets the tunnel sends  and
2907              receives and how it represents them:
2908
2909              •      By  default,  or  if this option is legacy_l2, the tunnel
2910                     sends and receives only Ethernet frames.
2911
2912              •      If this option is legacy_l3, the  tunnel  sends  and  re‐
2913                     ceives only non-Ethernet (L3) packet, but the packets are
2914                     represented as Ethernet  frames  for  compatibility  with
2915                     legacy OpenFlow controllers that expect this behavior.
2916
2917              •      The legacy_l3 option is only available via the user space
2918                     datapath. The OVS kernel datapath does  not  support  de‐
2919                     vices  of  type ARPHRD_IPGRE which is the requirement for
2920                     legacy_l3 type packets.
2921
2922              •      If this option is ptap, the tunnel sends and receives any
2923                     kind  of  packet.  Open vSwitch represents packets in the
2924                     tunnel using  the  packet_type  mechanism  introduced  in
2925                     OpenFlow 1.5.
2926
2927       options : seq: optional string, either true or false
2928              Optional.  A  4-byte  sequence number field for GRE tunnel only.
2929              Default is disabled, set to true to enable. Sequence  number  is
2930              incremented by one on each outgoing packet.
2931
2932     Tunnel Options: gre, ip6gre, geneve, bareudp and vxlan:
2933
2934       gre,  ip6gre,  geneve,  bareudp  and vxlan interfaces support these op‐
2935       tions.
2936
2937       options : csum: optional string, either true or false
2938              Optional. Compute  encapsulation  header  (either  GRE  or  UDP)
2939              checksums  on outgoing packets. Default is disabled, set to true
2940              to enable. Checksums present on incoming packets will  be  vali‐
2941              dated regardless of this setting.
2942
2943              When  using  the  upstream  Linux  kernel module, computation of
2944              checksums for geneve and vxlan requires Linux kernel version 4.0
2945              or  higher. gre and ip6gre support checksums for all versions of
2946              Open vSwitch that support GRE. The out  of  tree  kernel  module
2947              distributed  as  part of OVS can compute all tunnel checksums on
2948              any kernel version that it is compatible with.
2949
2950     Tunnel Options: IPsec:
2951
2952       Setting any of these options enables IPsec support for a given  tunnel.
2953       gre,  geneve,  vxlan  and stt interfaces support these options. See the
2954       IPsec section in the Open_vSwitch table for a description of each mode.
2955
2956       options : psk: optional string
2957              In PSK mode only, the preshared secret to negotiate tunnel. This
2958              value must match on both tunnel ends.
2959
2960       options : remote_cert: optional string
2961              In  self-signed  certificate  mode only, name of a PEM file con‐
2962              taining a certificate of the remote switch. The certificate must
2963              be  x.509 version 3 and with the string in common name (CN) also
2964              set in the subject alternative name (SAN).
2965
2966       options : remote_name: optional string
2967              In CA-signed certificate mode only, common name (CN) of the  re‐
2968              mote certificate.
2969
2970     Tunnel Options: erspan only:
2971
2972       Only erspan interfaces support these options.
2973
2974       options : erspan_idx: optional string
2975              20  bit  index/port  number associated with the ERSPAN traffic’s
2976              source port and direction (ingress/egress). This field is  plat‐
2977              form dependent.
2978
2979       options : erspan_ver: optional string
2980              ERSPAN  version:  1  for  version 1 (type II) or 2 for version 2
2981              (type III).
2982
2983       options : erspan_dir: optional string
2984              Specifies the ERSPAN v2  mirrored  traffic’s  direction.  1  for
2985              egress traffic, and 0 for ingress traffic.
2986
2987       options : erspan_hwid: optional string
2988              ERSPAN  hardware ID is a 6-bit unique identifier of an ERSPAN v2
2989              engine within a system.
2990
2991     Tunnel Options: Bareudp only:
2992
2993       options : payload_type: optional string
2994              Specifies the ethertype of the l3 protocol the bareudp device is
2995              tunnelling.  For  the tunnels which supports multiple ethertypes
2996              of a l3 protocol (IP, MPLS) this field  specifies  the  protocol
2997              name as a string.
2998
2999     Patch Options:
3000
3001       These options apply only to patch ports, that is, interfaces whose type
3002       column is patch. Patch ports are mainly a way to connect otherwise  in‐
3003       dependent bridges to one another, similar to how one might plug an Eth‐
3004       ernet cable (a ``patch cable’’) into two physical switches  to  connect
3005       those  switches.  The effect of plugging a patch port into two switches
3006       is conceptually similar to that of plugging the two  ends  of  a  Linux
3007       veth  device into those switches, but the implementation of patch ports
3008       makes them much more efficient.
3009
3010       Patch ports may connect two different bridges (the usual case)  or  the
3011       same bridge. In the latter case, take special care to avoid loops, e.g.
3012       by programming appropriate flows with OpenFlow. Patch ports do not work
3013       if  its  ends  are  attached to bridges on different datapaths, e.g. to
3014       connect bridges in system and netdev datapaths.
3015
3016       The following command creates and connects patch ports p0  and  p1  and
3017       adds them to bridges br0 and br1, respectively:
3018
3019       ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
3020              -- add-port br1 p1 -- set Interface p1 type=patch options:peer=p0
3021
3022
3023       options : peer: optional string
3024              The  name  of the Interface for the other side of the patch. The
3025              named Interface’s own peer option must specify this  Interface’s
3026              name.  That is, the two patch interfaces must have reversed name
3027              and peer values.
3028
3029     PMD (Poll Mode Driver) Options:
3030
3031       Only PMD netdevs support these options.
3032
3033       options : n_rxq: optional string, containing an integer, at least 1
3034              Specifies the maximum number of rx queues to be created for  PMD
3035              netdev. If not specified or specified to 0, one rx queue will be
3036              created by default. Not supported by DPDK vHost interfaces.
3037
3038       options : dpdk-devargs: optional string
3039              Specifies the PCI address associated with the port for  physical
3040              devices,  or  the  virtual driver to be used for the port when a
3041              virtual PMD is intended to be used. For the latter, the argument
3042              string  typically  takes  the  form  of  eth_driver_namex, where
3043              driver_name is a valid virtual DPDK PMD driver name and x  is  a
3044              unique  identifier  of your choice for the given port. Only sup‐
3045              ported by the dpdk port type.
3046
3047       other_config : pmd-rxq-affinity: optional string
3048              Specifies mapping of RX queues of this interface to CPU cores.
3049
3050              Value should be set in the following form:
3051
3052              other_config:pmd-rxq-affinity=<rxq-affinity-list>
3053
3054              where
3055
3056              •      <rxq-affinity-list> ::= NULL | <non-empty-list>
3057
3058              •      <non-empty-list> ::= <affinity-pair> | <affinity-pair>  ,
3059                     <non-empty-list>
3060
3061              •      <affinity-pair> ::= <queue-id> : <core-id>
3062
3063       options  :  xdp-mode: optional string, one of best-effort, generic, na‐
3064       tive-with-zerocopy, or native
3065              Specifies the operational mode of the XDP program.
3066
3067              In native-with-zerocopy mode the XDP program is loaded into  the
3068              device  driver  with  zero-copy RX and TX enabled. This mode re‐
3069              quires device driver support and has the  best  performance  be‐
3070              cause there should be no copying of packets.
3071
3072              native  is  the  same as native-with-zerocopy, but without zero-
3073              copy capability. This requires at least one copy between  kernel
3074              and  the  userspace. This mode also requires support from device
3075              driver.
3076
3077              In generic case the XDP program in kernel works after skb  allo‐
3078              cation  on  early stages of packet processing inside the network
3079              stack. This mode doesn’t require driver support,  but  has  much
3080              lower performance.
3081
3082              best-effort  tries  to detect and choose the best (fastest) from
3083              the available modes for current interface.
3084
3085              Note that this option is specific to netdev-afxdp.  Defaults  to
3086              best-effort mode.
3087
3088       options : use-need-wakeup: optional string, either true or false
3089              Specifies whether to use need_wakeup feature in afxdp netdev. If
3090              enabled, OVS explicitly wakes up the  kernel  RX,  using  poll()
3091              syscall  and  wakes  up TX, using sendto() syscall. For physical
3092              devices, this feature improves the performance by  avoiding  un‐
3093              necessary  sendto  syscalls.  Defaults  to  true if supported by
3094              libbpf.
3095
3096       options : vhost-server-path: optional string
3097              The value specifies the path to the  socket  associated  with  a
3098              vHost  User  client mode device that has been or will be created
3099              by QEMU. Only supported by dpdkvhostuserclient interfaces.
3100
3101       options : tx-retries-max: optional string, containing  an  integer,  in
3102       range 0 to 32
3103              The  value specifies the maximum amount of vhost tx retries that
3104              can be made while trying to send a batch of packets to an inter‐
3105              face. Only supported by dpdkvhostuserclient interfaces.
3106
3107              Default value is 8.
3108
3109       options  : n_rxq_desc: optional string, containing an integer, in range
3110       1 to 4,096
3111              Specifies the rx queue size (number  rx  descriptors)  for  dpdk
3112              ports.  The  value must be a power of 2, less than 4096 and sup‐
3113              ported by the hardware of the device being  configured.  If  not
3114              specified  or  an incorrect value is specified, 2048 rx descrip‐
3115              tors will be used by default.
3116
3117       options : n_txq_desc: optional string, containing an integer, in  range
3118       1 to 4,096
3119              Specifies  the  tx  queue  size (number tx descriptors) for dpdk
3120              ports. The value must be a power of 2, less than 4096  and  sup‐
3121              ported  by  the  hardware of the device being configured. If not
3122              specified or an incorrect value is specified, 2048  tx  descrip‐
3123              tors will be used by default.
3124
3125       options : dpdk-vf-mac: optional string
3126              Ethernet address to set for this VF interface. If unset then the
3127              default MAC address is used:
3128
3129              •      For most drivers, the default  MAC  address  assigned  by
3130                     their hardware.
3131
3132              •      For  bifurcated  drivers,  the  MAC currently used by the
3133                     kernel netdevice.
3134
3135              This option may only be used with dpdk VF representors.
3136
3137       other_config : tx-steering: optional string, either hash or thread
3138              Specifies the Tx steering mode for the interface.
3139
3140              thread enables static (1:1) thread-to-txq mapping when the  num‐
3141              ber  of Tx queues is greater than number of PMD threads, and dy‐
3142              namic (N:1) mapping if equal or lower. In  this  mode  a  single
3143              thread can not use more than 1 transmit queue of a given port.
3144
3145              hash enables hash-based Tx steering, which distributes the pack‐
3146              ets on all the transmit queues based on their 5-tuples hashes.
3147
3148              Defaults to thread.
3149
3150     EMC (Exact Match Cache) Configuration:
3151
3152       These settings controls behaviour of EMC lookups/insertions for packets
3153       received from the interface.
3154
3155       other_config : emc-enable: optional string, either true or false
3156              Specifies  if  Exact Match Cache (EMC) should be used while pro‐
3157              cessing  packets  received  from  this   interface.   If   true,
3158              other_config:emc-insert-inv-prob will have effect on this inter‐
3159              face.
3160
3161              Defaults to true.
3162
3163     MTU:
3164
3165       The MTU (maximum transmission unit) is the largest amount of data  that
3166       can fit into a single Ethernet frame. The standard Ethernet MTU is 1500
3167       bytes. Some physical media and many kinds of virtual interfaces can  be
3168       configured with higher MTUs.
3169
3170       A  client  may  change an interface MTU by filling in mtu_request. Open
3171       vSwitch then reports in mtu the currently configured value.
3172
3173       mtu: optional integer
3174              The currently configured MTU for the interface.
3175
3176              This column will be empty for an interface that does not have an
3177              MTU as, for example, some kinds of tunnels do not.
3178
3179              Open  vSwitch  sets this column’s value, so other clients should
3180              treat it as read-only.
3181
3182       mtu_request: optional integer, at least 1
3183              Requested MTU (Maximum Transmission Unit) for the  interface.  A
3184              client can fill this column to change the MTU of an interface.
3185
3186              RFC  791  requires every internet module to be able to forward a
3187              datagram of 68 octets without further fragmentation. The maximum
3188              size of an IP packet is 65535 bytes.
3189
3190              If  this is not set and if the interface has internal type, Open
3191              vSwitch will change the MTU to match the minimum  of  the  other
3192              interfaces in the bridge.
3193
3194     Interface Status:
3195
3196       Status  information about interfaces attached to bridges, updated every
3197       5 seconds. Not all interfaces have all of these properties; virtual in‐
3198       terfaces  don’t  have a link speed, for example. Non-applicable columns
3199       will have empty values.
3200
3201       admin_state: optional string, either down or up
3202              The administrative state of the physical network link.
3203
3204       link_state: optional string, either down or up
3205              The observed state of the physical network link. This  is  ordi‐
3206              narily  the  link’s carrier status. If the interface’s Port is a
3207              bond configured for miimon monitoring, it is instead the network
3208              link’s miimon status.
3209
3210       link_resets: optional integer
3211              The  number of times Open vSwitch has observed the link_state of
3212              this Interface change.
3213
3214       link_speed: optional integer
3215              The negotiated speed of the physical network link. Valid  values
3216              are positive integers greater than 0.
3217
3218       duplex: optional string, either full or half
3219              The duplex mode of the physical network link.
3220
3221       lacp_current: optional boolean
3222              Boolean  value  indicating  LACP  status  for this interface. If
3223              true, this interface has current LACP information about its LACP
3224              partner.  This  information may be used to monitor the health of
3225              interfaces in a LACP enabled port. This column will be empty  if
3226              LACP is not enabled.
3227
3228       status: map of string-string pairs
3229              Key-value pairs that report port status. Supported status values
3230              are type-dependent; some interfaces may not have  a  valid  sta‐
3231              tus:driver_name, for example.
3232
3233       status : driver_name: optional string
3234              The name of the device driver controlling the network adapter.
3235
3236       status : driver_version: optional string
3237              The  version string of the device driver controlling the network
3238              adapter.
3239
3240       status : firmware_version: optional string
3241              The version string of the network adapter’s firmware, if  avail‐
3242              able.
3243
3244       status : source_ip: optional string
3245              The  source  IP  address used for an IPv4/IPv6 tunnel end-point,
3246              such as gre.
3247
3248       status : tunnel_egress_iface: optional string
3249              Egress interface for tunnels. Currently only relevant  for  tun‐
3250              nels on Linux systems, this column will show the name of the in‐
3251              terface which is responsible for routing  traffic  destined  for
3252              the  configured options:remote_ip. This could be an internal in‐
3253              terface such as a bridge port.
3254
3255       status : tunnel_egress_iface_carrier: optional string, either  down  or
3256       up
3257              Whether carrier is detected on status:tunnel_egress_iface.
3258
3259     dpdk:
3260
3261       DPDK specific interface status options.
3262
3263       status : port_no: optional string
3264              DPDK port ID.
3265
3266       status : numa_id: optional string
3267              NUMA socket ID to which an Ethernet device is connected.
3268
3269       status : min_rx_bufsize: optional string
3270              Minimum size of RX buffer.
3271
3272       status : max_rx_pktlen: optional string
3273              Maximum configurable length of RX pkt.
3274
3275       status : max_rx_queues: optional string
3276              Maximum number of RX queues.
3277
3278       status : max_tx_queues: optional string
3279              Maximum number of TX queues.
3280
3281       status : max_mac_addrs: optional string
3282              Maximum number of MAC addresses.
3283
3284       status : max_hash_mac_addrs: optional string
3285              Maximum number of hash MAC addresses for MTA and UTA.
3286
3287       status : max_vfs: optional string
3288              Maximum  number  of  hash MAC addresses for MTA and UTA. Maximum
3289              number of VFs.
3290
3291       status : max_vmdq_pools: optional string
3292              Maximum number of VMDq pools.
3293
3294       status : if_type: optional string
3295              Interface type ID according to IANA ifTYPE MIB definitions.
3296
3297       status : if_descr: optional string
3298              Interface description string.
3299
3300       status : pci-vendor_id: optional string
3301              Vendor ID of PCI device.
3302
3303       status : pci-device_id: optional string
3304              Device ID of PCI device.
3305
3306     Statistics:
3307
3308       Key-value pairs that report interface statistics. The current implemen‐
3309       tation  updates  these counters periodically. The update period is con‐
3310       trolled by other_config:stats-update-interval in the  Open_vSwitch  ta‐
3311       ble.  Future  implementations may update them when an interface is cre‐
3312       ated, when they are queried (e.g. using an OVSDB select operation), and
3313       just before an interface is deleted due to virtual interface hot-unplug
3314       or VM shutdown, and perhaps at other times, but not on any regular  pe‐
3315       riodic basis.
3316
3317       These  are  the  same  statistics  reported  by  OpenFlow in its struct
3318       ofp_port_stats structure. If an interface  does  not  support  a  given
3319       statistic, then that pair is omitted.
3320
3321     Statistics: Successful transmit and receive counters:
3322
3323       statistics : rx_packets: optional integer
3324              Number of received packets.
3325
3326       statistics : rx_bytes: optional integer
3327              Number of received bytes.
3328
3329       statistics : tx_packets: optional integer
3330              Number of transmitted packets.
3331
3332       statistics : tx_bytes: optional integer
3333              Number of transmitted bytes.
3334
3335     Statistics: Receive errors:
3336
3337       statistics : rx_dropped: optional integer
3338              Number of packets dropped by RX.
3339
3340       statistics : rx_frame_err: optional integer
3341              Number of frame alignment errors.
3342
3343       statistics : rx_over_err: optional integer
3344              Number of packets with RX overrun.
3345
3346       statistics : rx_crc_err: optional integer
3347              Number of CRC errors.
3348
3349       statistics : rx_errors: optional integer
3350              Total number of receive errors, greater than or equal to the sum
3351              of the above.
3352
3353     Statistics: Transmit errors:
3354
3355       statistics : tx_dropped: optional integer
3356              Number of packets dropped by TX.
3357
3358       statistics : collisions: optional integer
3359              Number of collisions.
3360
3361       statistics : tx_errors: optional integer
3362              Total number of transmit errors, greater than or  equal  to  the
3363              sum of the above.
3364
3365     Ingress Policing:
3366
3367       These  settings  control  ingress policing for packets received on this
3368       interface. On a physical interface, this limits the rate at which traf‐
3369       fic is allowed into the system from the outside; on a virtual interface
3370       (one connected to a virtual machine), this limits the rate at which the
3371       VM is able to transmit.
3372
3373       Policing is a simple form of quality-of-service that simply drops pack‐
3374       ets received in excess of the configured rate. Due to  its  simplicity,
3375       policing  is  usually  less accurate and less effective than egress QoS
3376       (which is configured using the QoS and Queue tables).
3377
3378       Policing settings can be set with byte rate or packet  rate,  and  they
3379       can  be  configured  together, in which case they take effect together,
3380       that means the smaller speed limit of them is in effect.
3381
3382       Currently, byte rate policing is implemented  on  Linux  and  OVS  with
3383       DPDK,  while  packet  rate  policing is only implemented on Linux. Both
3384       Linux and OVS DPDK implementations use a simple  ``token  bucket’’  ap‐
3385       proach.
3386
3387       Byte rate policing:
3388
3389              •      The  size  of  the  bucket  corresponds to ingress_polic‐
3390                     ing_burst. Initially the bucket is full.
3391
3392              •      Whenever a packet is received, its size (converted to to‐
3393                     kens)  is  compared  to the number of tokens currently in
3394                     the bucket. If the required number of tokens  are  avail‐
3395                     able,  they are removed and the packet is forwarded. Oth‐
3396                     erwise, the packet is dropped.
3397
3398              •      Whenever it is not full, the bucket is refilled with  to‐
3399                     kens at the rate specified by ingress_policing_rate.
3400
3401       Packet rate policing:
3402
3403              •      The  size  of  the  bucket  corresponds to ingress_polic‐
3404                     ing_kpkts_burst. Initially the bucket is full.
3405
3406              •      Whenever a packet is received, it will consume one  token
3407                     from the current bucket. If the token is available in the
3408                     bucket, it’s removed and the packet is forwarded.  Other‐
3409                     wise, the packet is dropped.
3410
3411              •      Whenever  it is not full, the bucket is refilled with to‐
3412                     kens  at  the  rate  specified  by   ingress_policing_kp‐
3413                     kts_rate.
3414
3415       Policing  interacts  badly  with some network protocols, and especially
3416       with fragmented IP packets. Suppose that there is enough network activ‐
3417       ity  to  keep  the  bucket  nearly  empty all the time. Then this token
3418       bucket algorithm will forward a single packet every so often, with  the
3419       period  depending on packet size and on the configured rate. All of the
3420       fragments of an IP packets are normally transmitted back-to-back, as  a
3421       group. In such a situation, therefore, only one of these fragments will
3422       be forwarded and the rest will be dropped. IP does not provide any  way
3423       for  the intended recipient to ask for only the remaining fragments. In
3424       such a case there are two likely possibilities  for  what  will  happen
3425       next:  either all of the fragments will eventually be retransmitted (as
3426       TCP will do), in which case the same problem will recur, or the  sender
3427       will  not realize that its packet has been dropped and data will simply
3428       be lost (as some UDP-based protocols will do). Either way, it is possi‐
3429       ble that no forward progress will ever occur.
3430
3431       ingress_policing_rate: integer, at least 0
3432              Maximum  rate for data received on this interface, in kbps. Data
3433              received faster than this rate is dropped. Set  to  0  (the  de‐
3434              fault) to disable policing.
3435
3436       ingress_policing_kpkts_rate: integer, at least 0
3437              Maximum  rate  for  data  received on this interface, in kpps (1
3438              kpps is 1000 pps).  Data  received  faster  than  this  rate  is
3439              dropped. Set to 0 (the default) to disable policing.
3440
3441       ingress_policing_burst: integer, at least 0
3442              Maximum  burst  size for data received on this interface, in kb.
3443              The default burst size if set to 0 is 8000 kbit. This value  has
3444              no effect if ingress_policing_rate is 0.
3445
3446              Specifying  a  larger burst size lets the algorithm be more for‐
3447              giving, which is important for protocols like TCP that react se‐
3448              verely to dropped packets. The burst size should be at least the
3449              size of the interface’s MTU. Specifying a value that is  numeri‐
3450              cally  at  least  as large as 80% of ingress_policing_rate helps
3451              TCP come closer to achieving the full rate.
3452
3453       ingress_policing_kpkts_burst: integer, at least 0
3454              Maximum burst size for data received on this interface, in kpkts
3455              (1 kpkts is 1000 packets). The default burst size if set to 0 is
3456              16 kpkts. This  value  has  no  effect  if  ingress_policing_kp‐
3457              kts_rate is 0.
3458
3459              Specifying  a  larger burst size lets the algorithm be more for‐
3460              giving, which is important for protocols like TCP that react se‐
3461              verely  to  dropped  packets. Specifying a value that is numeri‐
3462              cally at least as large as  80%  of  ingress_policing_kpkts_rate
3463              helps TCP come closer to achieving the full rate.
3464
3465     Bidirectional Forwarding Detection (BFD):
3466
3467       BFD,  defined in RFC 5880 and RFC 5881, allows point-to-point detection
3468       of connectivity failures by occasional transmission of BFD control mes‐
3469       sages. Open vSwitch implements BFD to serve as a more popular and stan‐
3470       dards compliant alternative to CFM.
3471
3472       BFD operates by regularly transmitting BFD control messages at  a  rate
3473       negotiated independently in each direction. Each endpoint specifies the
3474       rate at which it expects to receive control messages, and the  rate  at
3475       which  it  is willing to transmit them. By default, Open vSwitch uses a
3476       detection multiplier of three, meaning that an endpoint signals a  con‐
3477       nectivity  fault  if three consecutive BFD control messages fail to ar‐
3478       rive. In the case of a unidirectional connectivity  issue,  the  system
3479       not  receiving  BFD control messages signals the problem to its peer in
3480       the messages it transmits.
3481
3482       The Open vSwitch implementation of BFD aims to comply  faithfully  with
3483       RFC 5880 requirements. Open vSwitch does not implement the optional Au‐
3484       thentication or ``Echo Mode’’ features.
3485
3486       OVS 2.13 and earlier intercepted and processed  all  BFD  packets.  OVS
3487       2.14  and  later  only  intercept and process BFD packets destined to a
3488       configured BFD instance, and other BFD packets are  made  available  to
3489       the OVS flow table for forwarding.
3490
3491     BFD Configuration:
3492
3493       A  controller  sets  up key-value pairs in the bfd column to enable and
3494       configure BFD.
3495
3496       bfd : enable: optional string, either true or false
3497              True to enable BFD on this Interface. If not specified, BFD will
3498              not be enabled by default.
3499
3500       bfd : min_rx: optional string, containing an integer, at least 1
3501              The  shortest  interval, in milliseconds, at which this BFD ses‐
3502              sion offers to receive BFD control messages. The remote endpoint
3503              may choose to send messages at a slower rate. Defaults to 1000.
3504
3505       bfd : min_tx: optional string, containing an integer, at least 1
3506              The  shortest  interval, in milliseconds, at which this BFD ses‐
3507              sion is willing to transmit BFD control messages. Messages  will
3508              actually  be transmitted at a slower rate if the remote endpoint
3509              is not willing to receive as quickly as specified.  Defaults  to
3510              100.
3511
3512       bfd : decay_min_rx: optional string, containing an integer
3513              An  alternate  receive  interval,  in milliseconds, that must be
3514              greater than or equal to bfd:min_rx. The implementation switches
3515              from bfd:min_rx to bfd:decay_min_rx when there is no obvious in‐
3516              coming data traffic at the interface,  to  reduce  the  CPU  and
3517              bandwidth cost of monitoring an idle interface. This feature may
3518              be disabled by setting a value of 0. This feature is reset when‐
3519              ever bfd:decay_min_rx or bfd:min_rx changes.
3520
3521       bfd : forwarding_if_rx: optional string, either true or false
3522              When true, traffic received on the Interface is used to indicate
3523              the capability of packet I/O.  BFD  control  packets  are  still
3524              transmitted  and  received. At least one BFD control packet must
3525              be received every 100 * bfd:min_rx amount  of  time.  Otherwise,
3526              even if traffic are received, the bfd:forwarding will be false.
3527
3528       bfd : cpath_down: optional string, either true or false
3529              Set  to  true  to notify the remote endpoint that traffic should
3530              not be forwarded to this system for some  reason  other  than  a
3531              connectivty  failure on the interface being monitored. The typi‐
3532              cal underlying reason is ``concatenated path  down,’’  that  is,
3533              that  connectivity  beyond the local system is down. Defaults to
3534              false.
3535
3536       bfd : check_tnl_key: optional string, either true or false
3537              Set to true to make BFD accept only control messages with a tun‐
3538              nel  key  of zero. By default, BFD accepts control messages with
3539              any tunnel key.
3540
3541       bfd : bfd_local_src_mac: optional string
3542              Set to an Ethernet address in the form xx:xx:xx:xx:xx:xx to  set
3543              the  MAC used as source for transmitted BFD packets. The default
3544              is the mac address of the BFD enabled interface.
3545
3546       bfd : bfd_local_dst_mac: optional string
3547              Set to an Ethernet address in the form xx:xx:xx:xx:xx:xx to  set
3548              the MAC used as destination for transmitted BFD packets. The de‐
3549              fault is 00:23:20:00:00:01.
3550
3551       bfd : bfd_remote_dst_mac: optional string
3552              Set to an Ethernet address in the form xx:xx:xx:xx:xx:xx to  set
3553              the  MAC used for checking the destination of received BFD pack‐
3554              ets. Packets with different destination MAC will not be  consid‐
3555              ered  as  BFD  packets. If not specified the destination MAC ad‐
3556              dress of received BFD packets are not checked.
3557
3558       bfd : bfd_src_ip: optional string
3559              Set to an IPv4 address to set the IP address used as source  for
3560              transmitted BFD packets. The default is 169.254.1.1.
3561
3562       bfd : bfd_dst_ip: optional string
3563              Set to an IPv4 address to set the IP address used as destination
3564              for transmitted BFD packets. The default is 169.254.1.0.
3565
3566       bfd : oam: optional string
3567              Some tunnel protocols (such as Geneve)  include  a  bit  in  the
3568              header to indicate that the encapsulated packet is an OAM frame.
3569              By setting this to true, BFD packets will be marked  as  OAM  if
3570              encapsulated in one of these tunnels.
3571
3572       bfd : mult: optional string, containing an integer, in range 1 to 255
3573              The  BFD  detection multiplier, which defaults to 3. An endpoint
3574              signals a connectivity fault if the given number of  consecutive
3575              BFD control messages fail to arrive.
3576
3577     BFD Status:
3578
3579       The  switch sets key-value pairs in the bfd_status column to report the
3580       status of BFD on this interface. When BFD is not enabled, with  bfd:en‐
3581       able, the switch clears all key-value pairs from bfd_status.
3582
3583       bfd_status  : state: optional string, one of admin_down, down, init, or
3584       up
3585              Reports the state of the BFD session. The BFD session  is  fully
3586              healthy and negotiated if UP.
3587
3588       bfd_status : forwarding: optional string, either true or false
3589              Reports  whether  the BFD session believes this Interface may be
3590              used to forward traffic. Typically this means the local  session
3591              is signaling UP, and the remote system isn’t signaling a problem
3592              such as concatenated path down.
3593
3594       bfd_status : diagnostic: optional string
3595              A diagnostic code specifying the local system’s reason  for  the
3596              last  change in session state. The error messages are defined in
3597              section 4.1 of [RFC 5880].
3598
3599       bfd_status : remote_state: optional string, one  of  admin_down,  down,
3600       init, or up
3601              Reports the state of the remote endpoint’s BFD session.
3602
3603       bfd_status : remote_diagnostic: optional string
3604              A  diagnostic code specifying the remote system’s reason for the
3605              last change in session state. The error messages are defined  in
3606              section 4.1 of [RFC 5880].
3607
3608       bfd_status  :  flap_count:  optional  string, containing an integer, at
3609       least 0
3610              Counts the number of bfd_status:forwarding flaps since start.  A
3611              flap  is  considered  as  a  change of the bfd_status:forwarding
3612              value.
3613
3614     Connectivity Fault Management:
3615
3616       802.1ag Connectivity Fault Management (CFM) allows a group  of  Mainte‐
3617       nance Points (MPs) called a Maintenance Association (MA) to detect con‐
3618       nectivity problems with each other. MPs within a MA  should  have  com‐
3619       plete and exclusive interconnectivity. This is verified by occasionally
3620       broadcasting Continuity Check Messages (CCMs) at a configurable  trans‐
3621       mission interval.
3622
3623       According  to  the 802.1ag specification, each Maintenance Point should
3624       be configured out-of-band with a list of Remote Maintenance  Points  it
3625       should  have  connectivity to. Open vSwitch differs from the specifica‐
3626       tion in this area. It simply assumes the link is faulted if  no  Remote
3627       Maintenance  Points  are reachable, and considers it not faulted other‐
3628       wise.
3629
3630       When operating over tunnels which have no in_key, or an in_key of flow.
3631       CFM will only accept CCMs with a tunnel key of zero.
3632
3633       cfm_mpid: optional integer
3634              A  Maintenance Point ID (MPID) uniquely identifies each endpoint
3635              within a Maintenance Association. The MPID is used  to  identify
3636              this endpoint to other Maintenance Points in the MA. Each end of
3637              a link being monitored should have a  different  MPID.  Must  be
3638              configured to enable CFM on this Interface.
3639
3640              According to the 802.1ag specification, MPIDs can only range be‐
3641              tween  [1,  8191].  However,  extended  mode   (see   other_con‐
3642              fig:cfm_extended) supports eight byte MPIDs.
3643
3644       cfm_flap_count: optional integer
3645              Counts the number of cfm fault flapps since boot. A flap is con‐
3646              sidered to be a change of the cfm_fault value.
3647
3648       cfm_fault: optional boolean
3649              Indicates a connectivity fault triggered by an inability to  re‐
3650              ceive heartbeats from any remote endpoint. When a fault is trig‐
3651              gered on Interfaces participating in bonds, they  will  be  dis‐
3652              abled.
3653
3654              Faults  can  be  triggered for several reasons. Most importantly
3655              they are triggered when no CCMs are received for a period of 3.5
3656              times  the transmission interval. Faults are also triggered when
3657              any CCMs indicate that a Remote Maintenance Point is not receiv‐
3658              ing CCMs but able to send them. Finally, a fault is triggered if
3659              a CCM is received which indicates unexpected configuration.  No‐
3660              tably,  this case arises when a CCM is received which advertises
3661              the local MPID.
3662
3663       cfm_fault_status : recv: none
3664              Indicates a CFM fault was triggered due to a lack  of  CCMs  re‐
3665              ceived on the Interface.
3666
3667       cfm_fault_status : rdi: none
3668              Indicates  a  CFM  fault was triggered due to the reception of a
3669              CCM with the RDI bit flagged. Endpoints set the RDI bit in their
3670              CCMs when they are not receiving CCMs themselves. This typically
3671              indicates a unidirectional connectivity failure.
3672
3673       cfm_fault_status : maid: none
3674              Indicates a CFM fault was triggered due to the  reception  of  a
3675              CCM with a MAID other than the one Open vSwitch uses. CFM broad‐
3676              casts are tagged with an identification number  in  addition  to
3677              the  MPID  called the MAID. Open vSwitch only supports receiving
3678              CCM broadcasts tagged with the MAID it uses internally.
3679
3680       cfm_fault_status : loopback: none
3681              Indicates a CFM fault was triggered due to the  reception  of  a
3682              CCM  advertising the same MPID configured in the cfm_mpid column
3683              of this Interface. This may indicate a loop in the network.
3684
3685       cfm_fault_status : overflow: none
3686              Indicates a CFM fault was triggered because the CFM  module  re‐
3687              ceived  CCMs  from  more remote endpoints than it can keep track
3688              of.
3689
3690       cfm_fault_status : override: none
3691              Indicates a CFM fault was manually triggered by an administrator
3692              using an ovs-appctl command.
3693
3694       cfm_fault_status : interval: none
3695              Indicates  a  CFM  fault was triggered due to the reception of a
3696              CCM frame having an invalid interval.
3697
3698       cfm_remote_opstate: optional string, either down or up
3699              When in extended mode, indicates the operational  state  of  the
3700              remote  endpoint  as either up or down. See other_config:cfm_op‐
3701              state.
3702
3703       cfm_health: optional integer, in range 0 to 100
3704              Indicates the health of the interface as  a  percentage  of  CCM
3705              frames  received  over 21 other_config:cfm_intervals. The health
3706              of an interface is undefined if it is  communicating  with  more
3707              than  one cfm_remote_mpids. It reduces if healthy heartbeats are
3708              not received at the expected rate,  and  gradually  improves  as
3709              healthy  heartbeats  are  received at the desired rate. Every 21
3710              other_config:cfm_intervals, the health of the interface  is  re‐
3711              freshed.
3712
3713              As mentioned above, the faults can be triggered for several rea‐
3714              sons. The link health will deteriorate even  if  heartbeats  are
3715              received  but  they  are  reported to be unhealthy. An unhealthy
3716              heartbeat in this context is a heartbeat for which  either  some
3717              fault  is set or is out of sequence. The interface health can be
3718              100 only on receiving healthy heartbeats at the desired rate.
3719
3720       cfm_remote_mpids: set of integers
3721              When CFM is properly configured, Open vSwitch will  occasionally
3722              receive CCM broadcasts. These broadcasts contain the MPID of the
3723              sending Maintenance Point. The list of MPIDs from which this In‐
3724              terface  is receiving broadcasts from is regularly collected and
3725              written to this column.
3726
3727       other_config : cfm_interval: optional string, containing an integer
3728              The interval, in  milliseconds,  between  transmissions  of  CFM
3729              heartbeats. Three missed heartbeat receptions indicate a connec‐
3730              tivity fault.
3731
3732              In standard operation only  intervals  of  3,  10,  100,  1,000,
3733              10,000,  60,000,  or 600,000 ms are supported. Other values will
3734              be rounded down to the nearest value on the list. Extended  mode
3735              (see  other_config:cfm_extended)  supports  any  interval  up to
3736              65,535 ms. In either mode, the default is 1000 ms.
3737
3738              We do not recommend using intervals less than 100 ms.
3739
3740       other_config : cfm_extended: optional string, either true or false
3741              When true, the CFM module operates in extended mode. This causes
3742              it to use a nonstandard destination address to avoid conflicting
3743              with compliant implementations which may be running concurrently
3744              on  the  network. Furthermore, extended mode increases the accu‐
3745              racy of the cfm_interval  configuration  parameter  by  breaking
3746              wire  compatibility  with 802.1ag compliant implementations. And
3747              extended mode allows eight byte MPIDs. Defaults to false.
3748
3749       other_config : cfm_demand: optional string, either true or false
3750              When true, and other_config:cfm_extended is true, the CFM module
3751              operates  in  demand mode. When in demand mode, traffic received
3752              on the Interface is used to indicate liveness.  CCMs  are  still
3753              transmitted  and received. At least one CCM must be received ev‐
3754              ery 100 * other_config:cfm_interval amount of  time.  Otherwise,
3755              even if traffic are received, the CFM module will raise the con‐
3756              nectivity fault.
3757
3758              Demand mode has a couple of caveats:
3759
3760              •      To ensure that ovs-vswitchd has enough time to pull  sta‐
3761                     tistics  from  the datapath, the fault detection interval
3762                     is set to 3.5 * MAX(other_config:cfm_interval, 500) ms.
3763
3764              •      To avoid ambiguity,  demand  mode  disables  itself  when
3765                     there are multiple remote maintenance points.
3766
3767              •      If  the  Interface  is heavily congested, CCMs containing
3768                     the other_config:cfm_opstate status may be dropped  caus‐
3769                     ing changes in the operational state to be delayed. Simi‐
3770                     larly, if CCMs containing the RDI bit are  not  received,
3771                     unidirectional link failures may not be detected.
3772
3773       other_config : cfm_opstate: optional string, either down or up
3774              When  down, the CFM module marks all CCMs it generates as opera‐
3775              tionally down without triggering a  fault.  This  allows  remote
3776              maintenance  points  to choose not to forward traffic to the In‐
3777              terface on which this CFM module is running. Currently, in  Open
3778              vSwitch, the opdown bit of CCMs affects Interfaces participating
3779              in bonds, and the bundle OpenFlow action. This  setting  is  ig‐
3780              nored when CFM is not in extended mode. Defaults to up.
3781
3782       other_config : cfm_ccm_vlan: optional string, containing an integer, in
3783       range 1 to 4,095
3784              When set, the CFM module will apply a VLAN tag to  all  CCMs  it
3785              generates  with  the  given  value.  May be the string random in
3786              which case each CCM will be tagged  with  a  different  randomly
3787              generated VLAN.
3788
3789       other_config  : cfm_ccm_pcp: optional string, containing an integer, in
3790       range 1 to 7
3791              When set, the CFM module will apply a VLAN tag to  all  CCMs  it
3792              generates  with  the  given PCP value, the VLAN ID of the tag is
3793              governed  by  the   value   of   other_config:cfm_ccm_vlan.   If
3794              other_config:cfm_ccm_vlan is unset, a VLAN ID of zero is used.
3795
3796     Bonding Configuration:
3797
3798       other_config : lacp-port-id: optional string, containing an integer, in
3799       range 1 to 65,535
3800              The LACP port ID of this Interface. Port IDs are  used  in  LACP
3801              negotiations  to  identify  individual  ports participating in a
3802              bond.
3803
3804       other_config : lacp-port-priority: optional string, containing an inte‐
3805       ger, in range 1 to 65,535
3806              The  LACP  port priority of this Interface. In LACP negotiations
3807              Interfaces with numerically lower priorities are  preferred  for
3808              aggregation.
3809
3810       other_config : lacp-aggregation-key: optional string, containing an in‐
3811       teger, in range 1 to 65,535
3812              The LACP aggregation key of this Interface. Interfaces with dif‐
3813              ferent aggregation keys may not be active within a given Port at
3814              the same time.
3815
3816     Virtual Machine Identifiers:
3817
3818       These key-value pairs specifically apply to an  interface  that  repre‐
3819       sents  a  virtual  Ethernet  interface  connected to a virtual machine.
3820       These key-value pairs should not be present for other types  of  inter‐
3821       faces. Keys whose names end in -uuid have values that uniquely identify
3822       the entity in question. For a Citrix XenServer hypervisor, these values
3823       are UUIDs in RFC 4122 format. Other hypervisors may use other formats.
3824
3825       external_ids : attached-mac: optional string
3826              The  MAC  address  programmed  into the ``virtual hardware’’ for
3827              this  interface,  in  the  form  xx:xx:xx:xx:xx:xx.  For  Citrix
3828              XenServer,  this is the value of the MAC field in the VIF record
3829              for this interface.
3830
3831       external_ids : iface-id: optional string
3832              A system-unique identifier for the interface. On XenServer, this
3833              will commonly be the same as external_ids:xs-vif-uuid.
3834
3835       external_ids : iface-status: optional string, either active or inactive
3836              Hypervisors  may  sometimes have more than one interface associ‐
3837              ated with a given external_ids:iface-id, only one  of  which  is
3838              actually  in  use  at a given time. For example, in some circum‐
3839              stances XenServer has both a ``tap’’ and a ``vif’’ interface for
3840              a  single  external_ids:iface-id, but only uses one of them at a
3841              time. A hypervisor that behaves this way must mark the currently
3842              in  use  interface  active and the others inactive. A hypervisor
3843              that never has more  than  one  interface  for  a  given  exter‐
3844              nal_ids:iface-id  may  mark that interface active or omit exter‐
3845              nal_ids:iface-status entirely.
3846
3847              During VM migration, a given external_ids:iface-id  might  tran‐
3848              siently  be marked active on two different hypervisors. That is,
3849              active means that this external_ids:iface-id is the  active  in‐
3850              stance within a single hypervisor, not in a broader scope. There
3851              is one exception: some hypervisors support ``migration’’ from  a
3852              given  hypervisor to itself (most often for test purposes). Dur‐
3853              ing such a ``migration,’’  two  instances  of  a  single  exter‐
3854              nal_ids:iface-id might both be briefly marked active on a single
3855              hypervisor.
3856
3857       external_ids : xs-vif-uuid: optional string
3858              The virtual interface associated with this interface.
3859
3860       external_ids : xs-network-uuid: optional string
3861              The virtual network to which this interface is attached.
3862
3863       external_ids : vm-id: optional string
3864              The VM to which this interface belongs. On XenServer, this  will
3865              be the same as external_ids:xs-vm-uuid.
3866
3867       external_ids : xs-vm-uuid: optional string
3868              The VM to which this interface belongs.
3869
3870     Auto Attach Configuration:
3871
3872       Auto Attach configuration for a particular interface.
3873
3874       lldp : enable: optional string, either true or false
3875              True  to  enable  LLDP on this Interface. If not specified, LLDP
3876              will be disabled by default.
3877
3878     Flow control Configuration:
3879
3880       Ethernet flow control defined in IEEE 802.1Qbb provides link level flow
3881       control  using  MAC  pause frames. Implemented only for interfaces with
3882       type dpdk.
3883
3884       options : rx-flow-ctrl: optional string, either true or false
3885              Set to true to enable Rx flow control on physical ports. By  de‐
3886              fault, Rx flow control is disabled.
3887
3888       options : tx-flow-ctrl: optional string, either true or false
3889              Set  to true to enable Tx flow control on physical ports. By de‐
3890              fault, Tx flow control is disabled.
3891
3892       options : flow-ctrl-autoneg: optional string, either true or false
3893              Set to true to enable flow control auto negotiation on  physical
3894              ports. By default, auto-neg is disabled.
3895
3896     Link State Change detection mode:
3897
3898       options : dpdk-lsc-interrupt: optional string, either true or false
3899              Set  this  value  to  true  to configure interrupt mode for Link
3900              State Change (LSC) detection instead of poll mode for  the  DPDK
3901              interface.
3902
3903              If this value is not set, poll mode is configured.
3904
3905              This parameter has an effect only on netdev dpdk interfaces.
3906
3907     Common Columns:
3908
3909       The  overall purpose of these columns is described under Common Columns
3910       at the beginning of this document.
3911
3912       other_config: map of string-string pairs
3913
3914       external_ids: map of string-string pairs
3915

Flow_Table TABLE

3917       Configuration for a particular OpenFlow table.
3918
3919   Summary:
3920       name                          optional string
3921       Eviction Policy:
3922         flow_limit                  optional integer, at least 0
3923         overflow_policy             optional string, either evict or refuse
3924         groups                      set of strings
3925       Classifier Optimization:
3926         prefixes                    set of up to 3 strings
3927       Common Columns:
3928         external_ids                map of string-string pairs
3929
3930   Details:
3931       name: optional string
3932              The table’s name. Set this column to change the name  that  con‐
3933              trollers  will  receive when they request table statistics, e.g.
3934              ovs-ofctl dump-tables. The name does not affect switch behavior.
3935
3936     Eviction Policy:
3937
3938       Open vSwitch supports limiting the number of  flows  that  may  be  in‐
3939       stalled  in a flow table, via the flow_limit column. When adding a flow
3940       would exceed this limit, by default Open vSwitch reports an error,  but
3941       there  are  two  ways  to  configure  Open  vSwitch  to  instead delete
3942       (``evict’’) a flow to make room for the new one:
3943
3944              •      Set the overflow_policy column to evict.
3945
3946              •      Send an OpenFlow 1.4+ ``table  mod  request’’  to  enable
3947                     eviction for the flow table (e.g. ovs-ofctl -O OpenFlow14
3948                     mod-table br0 0 evict to enable eviction on flow table  0
3949                     of bridge br0).
3950
3951       When  a flow must be evicted due to overflow, the flow to evict is cho‐
3952       sen through an approximation of the following algorithm. This algorithm
3953       is used regardless of how eviction was enabled:
3954
3955              1.  Divide  the flows in the table into groups based on the val‐
3956                  ues of the fields or subfields specified in the groups  col‐
3957                  umn, so that all of the flows in a given group have the same
3958                  values for those fields. If a flow does not specify a  given
3959                  field,  that  field’s  value  is  treated as 0. If groups is
3960                  empty, then all of the flows in the flow table  are  treated
3961                  as a single group.
3962
3963              2.  Consider  the flows in the largest group, that is, the group
3964                  that contains the greatest number of flows. If two  or  more
3965                  groups  all  have the same largest number of flows, consider
3966                  the flows in all of those groups.
3967
3968              3.  If the flows under consideration have  different  importance
3969                  values,  eliminate from consideration any flows except those
3970                  with the lowest importance. (``Importance,’’ a 16-bit  inte‐
3971                  ger  value attached to each flow, was introduced in OpenFlow
3972                  1.4. Flows inserted with older versions of  OpenFlow  always
3973                  have an importance of 0.)
3974
3975              4.  Among  the  flows  under consideration, choose the flow that
3976                  expires soonest for eviction.
3977
3978       The eviction process only considers flows that have an idle timeout  or
3979       a  hard timeout. That is, eviction never deletes permanent flows. (Per‐
3980       manent flows do count against flow_limit.)
3981
3982       flow_limit: optional integer, at least 0
3983              If set, limits the number of flows that may be added to the  ta‐
3984              ble.  Open  vSwitch may limit the number of flows in a table for
3985              other reasons, e.g. due to hardware limitations or for  resource
3986              availability or performance reasons.
3987
3988       overflow_policy: optional string, either evict or refuse
3989              Controls the switch’s behavior when an OpenFlow flow table modi‐
3990              fication request would add flows in excess  of  flow_limit.  The
3991              supported values are:
3992
3993              refuse Refuse to add the flow or flows. This is also the default
3994                     policy when overflow_policy is unset.
3995
3996              evict  Delete a flow chosen according to the algorithm described
3997                     above.
3998
3999       groups: set of strings
4000              When  overflow_policy is evict, this controls how flows are cho‐
4001              sen for eviction when the  flow  table  would  otherwise  exceed
4002              flow_limit  flows.  Its  value  is  a  set of NXM fields or sub-
4003              fields, each  of  which  takes  one  of  the  forms  field[]  or
4004              field[start..end], e.g. NXM_OF_IN_PORT[]. Please see meta-flow.h
4005              for a complete list of NXM field names.
4006
4007              Open vSwitch ignores any invalid  or  unknown  field  specifica‐
4008              tions.
4009
4010              When eviction is not enabled, via overflow_policy or an OpenFlow
4011              1.4+ ``table mod,’’ this column has no effect.
4012
4013     Classifier Optimization:
4014
4015       prefixes: set of up to 3 strings
4016              This string set specifies which fields should be  used  for  ad‐
4017              dress  prefix tracking. Prefix tracking allows the classifier to
4018              skip rules with longer than  necessary  prefixes,  resulting  in
4019              better wildcarding for datapath flows.
4020
4021              Prefix  tracking  may  be  beneficial when a flow table contains
4022              matches on IP address fields with different prefix lengths.  For
4023              example,  when  a flow table contains IP address matches on both
4024              full addresses and proper prefixes,  the  full  address  matches
4025              will  typically cause the datapath flow to un-wildcard the whole
4026              address field (depending on flow entry priorities). In this case
4027              each  packet  with  a  different  address  gets  handed  to  the
4028              userspace for flow processing and  generates  its  own  datapath
4029              flow.  With  prefix  tracking  enabled  for the address field in
4030              question packets with addresses matching shorter prefixes  would
4031              generate  datapath  flows  where the irrelevant address bits are
4032              wildcarded, allowing the same datapath flow to  handle  all  the
4033              packets  within  the  prefix  in  question.  In  this  case many
4034              userspace upcalls can be avoided and the overall performance can
4035              be better.
4036
4037              This is a performance optimization only, so packets will receive
4038              the same treatment with or without prefix tracking.
4039
4040              The   supported   fields   are:   tun_id,   tun_src,    tun_dst,
4041              tun_ipv6_src,  tun_ipv6_dst,  nw_src,  nw_dst (or aliases ip_src
4042              and ip_dst), ipv6_src, and ipv6_dst.  (Using  this  feature  for
4043              tun_id  would  only  make  sense  if  the tunnel IDs have prefix
4044              structure similar to IP addresses.)
4045
4046              By default, the prefixes=ip_dst,ip_src are used on each flow ta‐
4047              ble. This instructs the flow classifier to track the IP destina‐
4048              tion and source addresses used by the  rules  in  this  specific
4049              flow table.
4050
4051              The  keyword  none  is recognized as an explicit override of the
4052              default values, causing no prefix fields to be tracked.
4053
4054              To set the prefix fields, the flow table record needs to exist:
4055
4056              ovs-vsctl set Bridge br0 flow_tables:0=@N1  --  --id=@N1  create
4057              Flow_Table name=table0
4058                     Creates a flow table record for the OpenFlow table number
4059                     0.
4060
4061              ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src
4062                     Enables prefix tracking for IP source and destination ad‐
4063                     dress fields.
4064
4065              There  is a maximum number of fields that can be enabled for any
4066              one flow table. Currently this limit is 3.
4067
4068     Common Columns:
4069
4070       The overall purpose of these columns is described under Common  Columns
4071       at the beginning of this document.
4072
4073       external_ids: map of string-string pairs
4074

QoS TABLE

4076       Quality  of  Service  (QoS) configuration for each Port that references
4077       it.
4078
4079   Summary:
4080       type                          string
4081       queues                        map of integer-Queue pairs, key in  range
4082                                     0 to 4,294,967,295
4083       Configuration for linux-htb and linux-hfsc:
4084         other_config : max-rate     optional string, containing an integer
4085       Configuration for egress-policer QoS:
4086         other_config : cir          optional string, containing an integer
4087         other_config : cbs          optional string, containing an integer
4088         other_config : eir          optional string, containing an integer
4089         other_config : ebs          optional string, containing an integer
4090       Configuration for linux-sfq:
4091         other_config : perturb      optional string, containing an integer
4092         other_config : quantum      optional string, containing an integer
4093       Configuration for linux-netem:
4094         other_config : latency      optional string, containing an integer
4095         other_config : limit        optional string, containing an integer
4096         other_config : loss         optional string, containing an integer
4097       Common Columns:
4098         other_config                map of string-string pairs
4099         external_ids                map of string-string pairs
4100
4101   Details:
4102       type: string
4103              The  type  of  QoS to implement. The currently defined types are
4104              listed below:
4105
4106              linux-htb
4107                     Linux ``hierarchy  token  bucket’’  classifier.  See  tc-
4108                     htb(8)  (also  at  http://linux.die.net/man/8/tc-htb) and
4109                     the HTB  manual  (http://luxik.cdi.cz/~devik/qos/htb/man‐
4110                     ual/userg.htm)  for  information  on  how this classifier
4111                     works and how to configure it.
4112
4113              linux-hfsc
4114                     Linux "Hierarchical Fair Service Curve"  classifier.  See
4115                     http://linux-ip.net/articles/hfsc.en/  for information on
4116                     how this classifier works.
4117
4118              linux-sfq
4119                     Linux ``Stochastic Fairness  Queueing’’  classifier.  See
4120                     tc-sfq(8) (also at http://linux.die.net/man/8/tc-sfq) for
4121                     information on how this classifier works.
4122
4123              linux-codel
4124                     Linux ``Controlled Delay’’  classifier.  See  tc-codel(8)
4125                     (also                                                  at
4126                     http://man7.org/linux/man-pages/man8/tc-codel.8.html) for
4127                     information on how this classifier works.
4128
4129              linux-fq_codel
4130                     Linux  ``Fair Queuing with Controlled Delay’’ classifier.
4131                     See           tc-fq_codel(8)           (also           at
4132                     http://man7.org/linux/man-pages/man8/tc-fq_codel.8.html)
4133                     for information on how this classifier works.
4134
4135              linux-netem
4136                     Linux ``Network Emulator’’  classifier.  See  tc-netem(8)
4137                     (also                                                  at
4138                     http://man7.org/linux/man-pages/man8/tc-netem.8.html) for
4139                     information on how this classifier works.
4140
4141              linux-noop
4142                     Linux  ``No operation.’’ By default, Open vSwitch manages
4143                     quality of service on all of its configured  ports.  This
4144                     can  be  helpful,  but sometimes administrators prefer to
4145                     use other software to manage QoS. This type prevents Open
4146                     vSwitch from changing the QoS configuration for a port.
4147
4148              egress-policer
4149                     A  DPDK egress policer algorithm using the DPDK rte_meter
4150                     library. The rte_meter library provides an implementation
4151                     which  allows  the  metering and policing of traffic. The
4152                     implementation in OVS essentially creates a single  token
4153                     bucket  used  to  police traffic. It should be noted that
4154                     when the rte_meter is configured as  part  of  QoS  there
4155                     will  be  a  performance overhead as the rte_meter itself
4156                     will consume CPU cycles in order to police traffic. These
4157                     CPU cycles ordinarily are used for packet proccessing. As
4158                     such the drop in performance will be noticed in terms  of
4159                     overall aggregate traffic throughput.
4160
4161              trtcm-policer
4162                     A  DPDK  egress  policer  algorithm using RFC 4115’s Two-
4163                     Rate, Three-Color marker. It’s a  two-level  hierarchical
4164                     policer  which  first  does  a color-blind marking of the
4165                     traffic at the queue level,  followed  by  a  color-aware
4166                     marking  at  the port level. At the end traffic marked as
4167                     Green or Yellow is forwarded, Red is dropped. For details
4168                     on  how traffic is marked, see RFC 4115. If the ``default
4169                     queue’’, 0, is not configured it’s automatically  created
4170                     with the same other_config values as the physical port.
4171
4172       queues: map of integer-Queue pairs, key in range 0 to 4,294,967,295
4173              A  map  from queue numbers to Queue records. The supported range
4174              of queue numbers depend on type. The queue numbers are the  same
4175              as  the  queue_id  used in OpenFlow in struct ofp_action_enqueue
4176              and other structures.
4177
4178              Queue 0 is the ``default queue.’’ It is used by OpenFlow  output
4179              actions  when no specific queue has been set. When no configura‐
4180              tion for queue 0 is present, it is automatically  configured  as
4181              if  a  Queue record with empty dscp and other_config columns had
4182              been specified. (Before version 1.6, Open  vSwitch  would  leave
4183              queue  0  unconfigured  in  this  case. With some queuing disci‐
4184              plines, this  dropped  all  packets  destined  for  the  default
4185              queue.)
4186
4187     Configuration for linux-htb and linux-hfsc:
4188
4189       The  linux-htb  and  linux-hfsc classes support the following key-value
4190       pair:
4191
4192       other_config : max-rate: optional string, containing an integer
4193              Maximum rate shared by all queued traffic, in  bit/s.  Optional.
4194              If  not  specified,  for physical interfaces, the default is the
4195              link rate. For other interfaces or if the link  rate  cannot  be
4196              determined, the default is currently 100 Mbps.
4197
4198     Configuration for egress-policer QoS:
4199
4200       QoS  type  egress-policer  provides  egress policing for userspace port
4201       types with DPDK. It has the following key-value pairs defined.
4202
4203       other_config : cir: optional string, containing an integer
4204              The Committed Information Rate (CIR) is measured in bytes of  IP
4205              packets per second, i.e. it includes the IP header, but not link
4206              specific (e.g. Ethernet) headers. This represents the bytes  per
4207              second  rate  at which the token bucket will be updated. The cir
4208              value is calculated by (pps x packet data size). For example as‐
4209              suming  a  user  wishes  to limit a stream consisting of 64 byte
4210              packets to 1 million packets per second the CIR would be set  to
4211              to  to 46000000. This value can be broken into ’1,000,000 x 46’.
4212              Where 1,000,000 is the policing rate for the number  of  packets
4213              per  second  and 46 represents the size of the packet data for a
4214              64 bytes IP packet without 14 bytes Ethernet  and  4  bytes  FCS
4215              header.
4216
4217       other_config : cbs: optional string, containing an integer
4218              The  Committed  Burst Size (CBS) is measured in bytes and repre‐
4219              sents a token bucket. At a minimum this value should be  be  set
4220              to  the  expected  largest size packet in the traffic stream. In
4221              practice larger values may be used to increase the size  of  the
4222              token  bucket.  If a packet can be transmitted then the cbs will
4223              be decremented by the number of bytes/tokens of the  packet.  If
4224              there are not enough tokens in the cbs bucket the packet will be
4225              dropped.
4226
4227       other_config : eir: optional string, containing an integer
4228              The Excess Information Rate (EIR) is measured  in  bytes  of  IP
4229              packets per second, i.e. it includes the IP header, but not link
4230              specific (e.g. Ethernet) headers. This represents the bytes  per
4231              second  rate  at which the token bucket will be updated. The eir
4232              value is calculated by (pps x packet data size). For example as‐
4233              suming  a  user  wishes  to limit a stream consisting of 64 byte
4234              packets to 1 million packets per second the EIR would be set  to
4235              to  to 46000000. This value can be broken into ’1,000,000 x 46’.
4236              Where 1,000,000 is the policing rate for the number  of  packets
4237              per  second  and 46 represents the size of the packet data for a
4238              64 bytes IP packet without 14 bytes Ethernet  and  4  bytes  FCS
4239              header.
4240
4241       other_config : ebs: optional string, containing an integer
4242              The  Excess Burst Size (EBS) is measured in bytes and represents
4243              a token bucket. At a minimum this value should be be set to  the
4244              expected  largest size packet in the traffic stream. In practice
4245              larger values may be used to increase  the  size  of  the  token
4246              bucket.  If  a  packet  can  be transmitted then the ebs will be
4247              decremented by the number of  bytes/tokens  of  the  packet.  If
4248              there  are  not enough tokens in the cbs bucket the packet might
4249              be dropped.
4250
4251     Configuration for linux-sfq:
4252
4253       The linux-sfq QoS supports the following key-value pairs:
4254
4255       other_config : perturb: optional string, containing an integer
4256              Number of seconds between consecutive perturbations  in  hashing
4257              algorithm.  Different  flows  can end up in the same hash bucket
4258              causing unfairness. Perturbation’s goal is  to  remove  possible
4259              unfairness.  The  default and recommended value is 10. Too low a
4260              value is discouraged because each perturbation can cause  packet
4261              reordering.
4262
4263       other_config : quantum: optional string, containing an integer
4264              Number  of bytes linux-sfq QoS can dequeue in one turn in round-
4265              robin from one flow. The default and recommended value is  equal
4266              to interface’s MTU.
4267
4268     Configuration for linux-netem:
4269
4270       The linux-netem QoS supports the following key-value pairs:
4271
4272       other_config : latency: optional string, containing an integer
4273              Adds  the chosen delay to the packets outgoing to chosen network
4274              interface. The latency value expressed in us.
4275
4276       other_config : limit: optional string, containing an integer
4277              Maximum number of packets the qdisc may hold queued at  a  time.
4278              The default value is 1000.
4279
4280       other_config : loss: optional string, containing an integer
4281              Adds  an  independent  loss  probability to the packets outgoing
4282              from the chosen network interface.
4283
4284     Common Columns:
4285
4286       The overall purpose of these columns is described under Common  Columns
4287       at the beginning of this document.
4288
4289       other_config: map of string-string pairs
4290
4291       external_ids: map of string-string pairs
4292

Queue TABLE

4294       A configuration for a port output queue, used in configuring Quality of
4295       Service (QoS) features. May be referenced by queues column in  QoS  ta‐
4296       ble.
4297
4298   Summary:
4299       dscp                          optional integer, in range 0 to 63
4300       Configuration for linux-htb QoS:
4301         other_config : min-rate     optional  string,  containing an integer,
4302                                     at least 1
4303         other_config : max-rate     optional string, containing  an  integer,
4304                                     at least 1
4305         other_config : burst        optional  string,  containing an integer,
4306                                     at least 1
4307         other_config : priority     optional string, containing  an  integer,
4308                                     in range 0 to 4,294,967,295
4309       Configuration for linux-hfsc QoS:
4310         other_config : min-rate     optional  string,  containing an integer,
4311                                     at least 1
4312         other_config : max-rate     optional string, containing  an  integer,
4313                                     at least 1
4314       Common Columns:
4315         other_config                map of string-string pairs
4316         external_ids                map of string-string pairs
4317
4318   Details:
4319       dscp: optional integer, in range 0 to 63
4320              If  set, Open vSwitch will mark all traffic egressing this Queue
4321              with the given DSCP bits. Traffic egressing the default Queue is
4322              only  marked  if  it was explicitly selected as the Queue at the
4323              time the packet was output. If unset, the DSCP bits  of  traffic
4324              egressing this Queue will remain unchanged.
4325
4326     Configuration for linux-htb QoS:
4327
4328       QoS  type  linux-htb may use queue_ids less than 61440. It has the fol‐
4329       lowing key-value pairs defined.
4330
4331       other_config : min-rate: optional string,  containing  an  integer,  at
4332       least 1
4333              Minimum guaranteed bandwidth, in bit/s.
4334
4335       other_config  :  max-rate:  optional  string, containing an integer, at
4336       least 1
4337              Maximum allowed bandwidth, in bit/s. Optional. If specified, the
4338              queue’s  rate will not be allowed to exceed the specified value,
4339              even if excess bandwidth is available. If unspecified,  defaults
4340              to no limit.
4341
4342       other_config  : burst: optional string, containing an integer, at least
4343       1
4344              Burst size, in bits. This is the maximum amount  of  ``credits’’
4345              that  a queue can accumulate while it is idle. Optional. Details
4346              of the linux-htb implementation require a minimum burst size, so
4347              a too-small burst will be silently ignored.
4348
4349       other_config  :  priority:  optional  string, containing an integer, in
4350       range 0 to 4,294,967,295
4351              A queue with a smaller priority  will  receive  all  the  excess
4352              bandwidth that it can use before a queue with a larger value re‐
4353              ceives any. Specific priority values are unimportant; only rela‐
4354              tive ordering matters. Defaults to 0 if unspecified.
4355
4356     Configuration for linux-hfsc QoS:
4357
4358       QoS  type linux-hfsc may use queue_ids less than 61440. It has the fol‐
4359       lowing key-value pairs defined.
4360
4361       other_config : min-rate: optional string,  containing  an  integer,  at
4362       least 1
4363              Minimum guaranteed bandwidth, in bit/s.
4364
4365       other_config  :  max-rate:  optional  string, containing an integer, at
4366       least 1
4367              Maximum allowed bandwidth, in bit/s. Optional. If specified, the
4368              queue’s  rate will not be allowed to exceed the specified value,
4369              even if excess bandwidth is available. If unspecified,  defaults
4370              to no limit.
4371
4372     Common Columns:
4373
4374       The  overall purpose of these columns is described under Common Columns
4375       at the beginning of this document.
4376
4377       other_config: map of string-string pairs
4378
4379       external_ids: map of string-string pairs
4380

Mirror TABLE

4382       A port mirror within a Bridge.
4383
4384       A port mirror configures a bridge to send selected  frames  to  special
4385       ``mirrored’’ ports, in addition to their normal destinations. Mirroring
4386       traffic may also be referred to as SPAN or RSPAN, depending on how  the
4387       mirrored traffic is sent.
4388
4389       When  a  packet  enters an Open vSwitch bridge, it becomes eligible for
4390       mirroring based on its ingress port and VLAN.  As  the  packet  travels
4391       through  the  flow tables, each time it is output to a port, it becomes
4392       eligible for mirroring based on the  egress  port  and  VLAN.  In  Open
4393       vSwitch  2.5  and later, mirroring occurs just after a packet first be‐
4394       comes eligible, using the packet as it exists at that  point;  in  Open
4395       vSwitch  2.4 and earlier, mirroring occurs only after a packet has tra‐
4396       versed all the flow tables, using the original packet as it entered the
4397       bridge.  This  makes a difference only when the flow table modifies the
4398       packet: in Open vSwitch 2.4, the modifications  are  never  visible  to
4399       mirrors,  whereas  in Open vSwitch 2.5 and later modifications made be‐
4400       fore the first output that makes it eligible for mirroring to a partic‐
4401       ular destination are visible.
4402
4403       A packet that enters an Open vSwitch bridge is mirrored to a particular
4404       destination only once, even if it is eligible for multiple reasons. For
4405       example,  a  packet  would be mirrored to a particular output_port only
4406       once, even if it  is  selected  for  mirroring  to  that  port  by  se‐
4407       lect_dst_port  and  select_src_port  in  the  same  or different Mirror
4408       records.
4409
4410   Summary:
4411       name                          string
4412       Selecting Packets for Mirroring:
4413         select_all                  boolean
4414         select_dst_port             set of weak reference to Ports
4415         select_src_port             set of weak reference to Ports
4416         select_vlan                 set of up to 4,096 integers, in  range  0
4417                                     to 4,095
4418       Mirroring Destination Configuration:
4419         output_port                 optional weak reference to Port
4420         output_vlan                 optional integer, in range 1 to 4,095
4421         snaplen                     optional integer, in range 14 to 65,535
4422       Statistics: Mirror counters:
4423         statistics : tx_packets     optional integer
4424         statistics : tx_bytes       optional integer
4425       Common Columns:
4426         external_ids                map of string-string pairs
4427
4428   Details:
4429       name: string
4430              Arbitrary identifier for the Mirror.
4431
4432     Selecting Packets for Mirroring:
4433
4434       To  be  selected  for mirroring, a given packet must enter or leave the
4435       bridge through a selected port and it must also be in one  of  the  se‐
4436       lected VLANs.
4437
4438       select_all: boolean
4439              If  true,  every packet arriving or departing on any port is se‐
4440              lected for mirroring.
4441
4442       select_dst_port: set of weak reference to Ports
4443              Ports on which departing packets are selected for mirroring.
4444
4445       select_src_port: set of weak reference to Ports
4446              Ports on which arriving packets are selected for mirroring.
4447
4448       select_vlan: set of up to 4,096 integers, in range 0 to 4,095
4449              VLANs on which packets are selected for mirroring. An empty  set
4450              selects packets on all VLANs.
4451
4452     Mirroring Destination Configuration:
4453
4454       These  columns  are  mutually  exclusive.  Exactly  one of them must be
4455       nonempty.
4456
4457       output_port: optional weak reference to Port
4458              Output port for selected packets, if nonempty.
4459
4460              Specifying a port for mirror output reserves  that  port  exclu‐
4461              sively  for  mirroring.  No frames other than those selected for
4462              mirroring via this column will be forwarded to the port, and any
4463              frames received on the port will be discarded.
4464
4465              The  output  port  may  be  any  kind  of port supported by Open
4466              vSwitch. It may be, for  example,  a  physical  port  (sometimes
4467              called SPAN) or a GRE tunnel.
4468
4469       output_vlan: optional integer, in range 1 to 4,095
4470              Output VLAN for selected packets, if nonempty.
4471
4472              The frames will be sent out all ports that trunk output_vlan, as
4473              well as any ports with implicit VLAN output_vlan.  When  a  mir‐
4474              rored  frame is sent out a trunk port, the frame’s VLAN tag will
4475              be set to output_vlan, replacing any existing tag;  when  it  is
4476              sent  out  an  implicit VLAN port, the frame will not be tagged.
4477              This type of mirroring is sometimes called RSPAN.
4478
4479              See the documentation for other_config:forward-bpdu in  the  In‐
4480              terface table for a list of destination MAC addresses which will
4481              not be mirrored to a VLAN to avoid confusing switches  that  in‐
4482              terpret the protocols that they represent.
4483
4484              Please note: Mirroring to a VLAN can disrupt a network that con‐
4485              tains unmanaged switches. Consider an unmanaged physical  switch
4486              with  two  ports:  port 1, connected to an end host, and port 2,
4487              connected to an Open vSwitch configured to mirror received pack‐
4488              ets  into  VLAN 123 on port 2. Suppose that the end host sends a
4489              packet on port 1 that the physical switch forwards  to  port  2.
4490              The  Open  vSwitch  forwards  this packet to its destination and
4491              then reflects it back on port 2  in  VLAN  123.  This  reflected
4492              packet  causes  the unmanaged physical switch to replace the MAC
4493              learning table entry, which correctly pointed to  port  1,  with
4494              one  that  incorrectly points to port 2. Afterward, the physical
4495              switch will direct packets destined for the end host to the Open
4496              vSwitch  on  port  2, instead of to the end host on port 1, dis‐
4497              rupting connectivity. If mirroring to a VLAN is desired in  this
4498              scenario,  then the physical switch must be replaced by one that
4499              learns Ethernet addresses on  a  per-VLAN  basis.  In  addition,
4500              learning  should  be  disabled  on  the VLAN containing mirrored
4501              traffic. If this is not done  then  intermediate  switches  will
4502              learn  the  MAC address of each end host from the mirrored traf‐
4503              fic. If packets being sent to that end host are  also  mirrored,
4504              then  they will be dropped since the switch will attempt to send
4505              them out the input port. Disabling learning for  the  VLAN  will
4506              cause the switch to correctly send the packet out all ports con‐
4507              figured for that VLAN. If Open vSwitch is being used as  an  in‐
4508              termediate  switch,  learning can be disabled by adding the mir‐
4509              rored VLAN to flood_vlans in the appropriate Bridge table or ta‐
4510              bles.
4511
4512              Mirroring  to a GRE tunnel has fewer caveats than mirroring to a
4513              VLAN and should generally be preferred.
4514
4515       snaplen: optional integer, in range 14 to 65,535
4516              Maximum per-packet number of bytes to mirror.
4517
4518              A mirrored packet with size larger than snaplen  will  be  trun‐
4519              cated  in datapath to snaplen bytes before sending to the mirror
4520              output port. If omitted, packets are not truncated.
4521
4522     Statistics: Mirror counters:
4523
4524       Key-value pairs that report mirror statistics.  The  update  period  is
4525       controlled  by  other_config:stats-update-interval  in the Open_vSwitch
4526       table.
4527
4528       statistics : tx_packets: optional integer
4529              Number of packets transmitted through this mirror.
4530
4531       statistics : tx_bytes: optional integer
4532              Number of bytes transmitted through this mirror.
4533
4534     Common Columns:
4535
4536       The overall purpose of these columns is described under Common  Columns
4537       at the beginning of this document.
4538
4539       external_ids: map of string-string pairs
4540

Controller TABLE

4542       An OpenFlow controller.
4543
4544   Summary:
4545       Core Features:
4546         type                        optional  string,  either primary or ser‐
4547                                     vice
4548         target                      string
4549         connection_mode             optional  string,   either   in-band   or
4550                                     out-of-band
4551       Controller Failure Detection and Handling:
4552         max_backoff                 optional integer, at least 1,000
4553         inactivity_probe            optional integer
4554       Asynchronous Messages:
4555         enable_async_messages       optional boolean
4556         Controller Rate Limiting:
4557            controller_queue_size    optional integer, in range 1 to 512
4558            controller_rate_limit    optional integer, at least 100
4559            controller_burst_limit   optional integer, at least 25
4560            Controller Rate Limiting Statistics:
4561              status : packet-in-TYPE-bypassed
4562                                     optional  string,  containing an integer,
4563                                     at least 0
4564              status : packet-in-TYPE-queued
4565                                     optional string, containing  an  integer,
4566                                     at least 0
4567              status : packet-in-TYPE-dropped
4568                                     optional  string,  containing an integer,
4569                                     at least 0
4570              status : packet-in-TYPE-backlog
4571                                     optional string, containing  an  integer,
4572                                     at least 0
4573       Additional In-Band Configuration:
4574         local_ip                    optional string
4575         local_netmask               optional string
4576         local_gateway               optional string
4577       Controller Status:
4578         is_connected                boolean
4579         role                        optional string, one of master, other, or
4580                                     slave
4581         status : last_error         optional string
4582         status : state              optional string, one of ACTIVE,  BACKOFF,
4583                                     CONNECTING, IDLE, or VOID
4584         status : sec_since_connect  optional  string,  containing an integer,
4585                                     at least 0
4586         status : sec_since_disconnect
4587                                     optional string, containing  an  integer,
4588                                     at least 1
4589       Connection Parameters:
4590         other_config : dscp         optional string, containing an integer
4591       Common Columns:
4592         external_ids                map of string-string pairs
4593         other_config                map of string-string pairs
4594
4595   Details:
4596     Core Features:
4597
4598       type: optional string, either primary or service
4599              Open  vSwitch  supports  two  kinds  of  OpenFlow controllers. A
4600              bridge may have any number of each kind:
4601
4602              Primary controllers
4603                     This is the kind of controller envisioned by the OpenFlow
4604                     specifications.  Usually, a primary controller implements
4605                     a network policy by taking charge of  the  switch’s  flow
4606                     table.
4607
4608                     The  fail_mode column in the Bridge table applies to pri‐
4609                     mary controllers.
4610
4611                     When multiple primary controllers  are  configured,  Open
4612                     vSwitch  connects to all of them simultaneously. OpenFlow
4613                     provides few facilities to allow multiple controllers  to
4614                     coordinate  in  interacting with a single switch, so more
4615                     than one primary controller should be specified  only  if
4616                     the  controllers  are  themselves  designed to coordinate
4617                     with each other.
4618
4619              Service controllers
4620                     These kinds of OpenFlow controller  connections  are  in‐
4621                     tended  for  occasional support and maintenance use, e.g.
4622                     with ovs-ofctl. Usually  a  service  controller  connects
4623                     only  briefly  to  inspect  or  modify some of a switch’s
4624                     state.
4625
4626                     The fail_mode column in the Bridge table does  not  apply
4627                     to service controllers.
4628
4629              By  default, Open vSwitch treats controllers with active connec‐
4630              tion methods as primary controllers and those with passive  con‐
4631              nection  methods  as service controllers. Set this column to the
4632              desired type to override this default.
4633
4634       target: string
4635              Connection method for controller.
4636
4637              The following active connection methods are currently supported:
4638
4639              ssl:host[:port]
4640                     The specified SSL port on the host  at  the  given  host,
4641                     which can either be a DNS name (if built with unbound li‐
4642                     brary)  or  an  IP  address.  The  ssl  column   in   the
4643                     Open_vSwitch  table  must point to a valid SSL configura‐
4644                     tion when this form is used.
4645
4646                     If port is not specified, it defaults to 6653.
4647
4648                     SSL support is an optional feature  that  is  not  always
4649                     built as part of Open vSwitch.
4650
4651              tcp:host[:port]
4652                     The  specified  TCP  port  on the host at the given host,
4653                     which can either be a DNS name (if built with unbound li‐
4654                     brary)  or  an  IP  address (IPv4 or IPv6). If host is an
4655                     IPv6  address,  wrap  it   in   square   brackets,   e.g.
4656                     tcp:[::1]:6653.
4657
4658                     If port is not specified, it defaults to 6653.
4659
4660              The  following  passive  connection  methods  are currently sup‐
4661              ported:
4662
4663              pssl:[port][:host]
4664                     Listens for SSL connections on the specified TCP port. If
4665                     host,  which  can either be a DNS name (if built with un‐
4666                     bound library) or an IP address, is specified, then  con‐
4667                     nections  are restricted to the resolved or specified lo‐
4668                     cal IP address (either IPv4 or IPv6). If host is an  IPv6
4669                     address,    wrap    it    in    square   brackets,   e.g.
4670                     pssl:6653:[::1].
4671
4672                     If port is not specified, it defaults to 6653. If host is
4673                     not specified then it listens only on IPv4 (but not IPv6)
4674                     addresses. The ssl column in the Open_vSwitch table  must
4675                     point  to  a  valid  SSL  configuration when this form is
4676                     used.
4677
4678                     If port is not specified, it currently to 6653.
4679
4680                     SSL support is an optional feature  that  is  not  always
4681                     built as part of Open vSwitch.
4682
4683              ptcp:[port][:host]
4684                     Listens  for  connections  on  the specified TCP port. If
4685                     host, which can either be a DNS name (if built  with  un‐
4686                     bound  library) or an IP address, is specified, then con‐
4687                     nections are restricted to the resolved or specified  lo‐
4688                     cal  IP address (either IPv4 or IPv6). If host is an IPv6
4689                     address,   wrap   it    in    square    brackets,    e.g.
4690                     ptcp:6653:[::1]. If host is not specified then it listens
4691                     only on IPv4 addresses.
4692
4693                     If port is not specified, it defaults to 6653.
4694
4695              When multiple controllers are configured for  a  single  bridge,
4696              the  target values must be unique. Duplicate target values yield
4697              unspecified results.
4698
4699       connection_mode: optional string, either in-band or out-of-band
4700              If it is specified, this setting must be one  of  the  following
4701              strings  that  describes how Open vSwitch contacts this OpenFlow
4702              controller over the network:
4703
4704              in-band
4705                     In this mode, this controller’s OpenFlow traffic  travels
4706                     over the bridge associated with the controller. With this
4707                     setting, Open vSwitch allows traffic to and from the con‐
4708                     troller  regardless  of the contents of the OpenFlow flow
4709                     table. (Otherwise, Open vSwitch would never  be  able  to
4710                     connect to the controller, because it did not have a flow
4711                     to enable it.) This is the most  common  connection  mode
4712                     because  it  is not necessary to maintain two independent
4713                     networks.
4714
4715              out-of-band
4716                     In this mode, OpenFlow traffic  uses  a  control  network
4717                     separate from the bridge associated with this controller,
4718                     that is, the bridge does not use any of its  own  network
4719                     devices  to  communicate with the controller. The control
4720                     network must be configured separately,  before  or  after
4721                     ovs-vswitchd is started.
4722
4723              If not specified, the default is implementation-specific.
4724
4725     Controller Failure Detection and Handling:
4726
4727       max_backoff: optional integer, at least 1,000
4728              Maximum  number  of  milliseconds to wait between connection at‐
4729              tempts. Default is implementation-specific.
4730
4731       inactivity_probe: optional integer
4732              Maximum number of milliseconds of idle  time  on  connection  to
4733              controller  before  sending an inactivity probe message. If Open
4734              vSwitch does not communicate with the controller for the  speci‐
4735              fied  number  of seconds, it will send a probe. If a response is
4736              not received for  the  same  additional  amount  of  time,  Open
4737              vSwitch  assumes  the connection has been broken and attempts to
4738              reconnect. Default is implementation-specific. A value of 0 dis‐
4739              ables inactivity probes.
4740
4741     Asynchronous Messages:
4742
4743       OpenFlow  switches send certain messages to controllers spontanenously,
4744       that is, not in response to any request from the controller. These mes‐
4745       sages  are  called ``asynchronous messages.’’ These columns allow asyn‐
4746       chronous messages to be limited or disabled to ensure the best  use  of
4747       network resources.
4748
4749       enable_async_messages: optional boolean
4750              The  OpenFlow  protocol enables asynchronous messages at time of
4751              connection establishment, which means that a controller can  re‐
4752              ceive  asynchronous  messages, potentially many of them, even if
4753              it turns them off immediately after connecting. Set this  column
4754              to false to change Open vSwitch behavior to disable, by default,
4755              all  asynchronous  messages.  The   controller   can   use   the
4756              NXT_SET_ASYNC_CONFIG Nicira extension to OpenFlow to turn on any
4757              messages that it does want to receive, if any.
4758
4759     Controller Rate Limiting:
4760
4761       A switch can forward packets to a controller over the  OpenFlow  proto‐
4762       col.  Forwarding  packets  this  way at too high a rate can overwhelm a
4763       controller, frustrate use of the OpenFlow  connection  for  other  pur‐
4764       poses,  increase  the  latency  of  flow setup, and use an unreasonable
4765       amount of bandwidth. Therefore, Open vSwitch supports limiting the rate
4766       of packet forwarding to a controller.
4767
4768       There  are  two  main  reasons in OpenFlow for a packet to be sent to a
4769       controller: either the packet ``misses’’ in the flow  table,  that  is,
4770       there  is  no  matching  flow,  or a flow table action says to send the
4771       packet to the controller. Open vSwitch limits the rate of each kind  of
4772       packet  separately  at  the configured rate. Therefore, the actual rate
4773       that packets are sent to the controller can be up to twice the  config‐
4774       ured rate, when packets are sent for both reasons.
4775
4776       This feature is specific to forwarding packets over an OpenFlow connec‐
4777       tion. It is not general-purpose QoS. See the QoS table for  quality  of
4778       service configuration, and ingress_policing_rate in the Interface table
4779       for ingress policing configuration.
4780
4781       controller_queue_size: optional integer, in range 1 to 512
4782              This sets the maximum size of the queue of packets that need  to
4783              be sent to this OpenFlow controller. The value must be less than
4784              512. If not specified the queue size is limited to the value set
4785              for  the management controller in other_config:controller-queue-
4786              size if present or 100 packets by default. Note: increasing  the
4787              queue size might have a negative impact on latency.
4788
4789       controller_rate_limit: optional integer, at least 100
4790              The maximum rate at which the switch will forward packets to the
4791              OpenFlow controller, in packets per second. If no value is spec‐
4792              ified, rate limiting is disabled.
4793
4794       controller_burst_limit: optional integer, at least 25
4795              When  a  high  rate  triggers rate-limiting, Open vSwitch queues
4796              packets to the controller for each port and  transmits  them  to
4797              the  controller  at  the  configured rate. This value limits the
4798              number of queued packets. Ports on a  bridge  share  the  packet
4799              queue fairly.
4800
4801              This value has no effect unless controller_rate_limit is config‐
4802              ured. The current default when this value is  not  specified  is
4803              one-quarter  of  controller_rate_limit, meaning that queuing can
4804              delay forwarding a packet to the controller by up to 250 ms.
4805
4806     Controller Rate Limiting Statistics:
4807
4808       These values report the effects of rate limiting. Their values are rel‐
4809       ative to establishment of the most recent OpenFlow connection, or since
4810       rate limiting was enabled, whichever happened more recently. Each  con‐
4811       sists  of  two values, one with TYPE replaced by miss for rate limiting
4812       flow table misses, and the other with TYPE replaced by action for  rate
4813       limiting packets sent by OpenFlow actions.
4814
4815       These statistics are reported only when controller rate limiting is en‐
4816       abled.
4817
4818       status : packet-in-TYPE-bypassed: optional string, containing an  inte‐
4819       ger, at least 0
4820              Number of packets sent directly to the controller, without queu‐
4821              ing, because the rate did not exceed the configured maximum.
4822
4823       status : packet-in-TYPE-queued: optional string, containing an integer,
4824       at least 0
4825              Number of packets added to the queue to send later.
4826
4827       status  :  packet-in-TYPE-dropped: optional string, containing an inte‐
4828       ger, at least 0
4829              Number of packets added to the queue that were later dropped due
4830              to  overflow. This value is less than or equal to status:packet-
4831              in-TYPE-queued.
4832
4833       status : packet-in-TYPE-backlog: optional string, containing  an  inte‐
4834       ger, at least 0
4835              Number  of  packets  currently  queued. The other statistics in‐
4836              crease monotonically, but this one fluctuates between 0 and  the
4837              controller_burst_limit as conditions change.
4838
4839     Additional In-Band Configuration:
4840
4841       These  values  are considered only in in-band control mode (see connec‐
4842       tion_mode).
4843
4844       When multiple controllers are configured  on  a  single  bridge,  there
4845       should  be only one set of unique values in these columns. If different
4846       values are set for these columns in different controllers,  the  effect
4847       is unspecified.
4848
4849       local_ip: optional string
4850              The   IP   address   to   configure  on  the  local  port,  e.g.
4851              192.168.0.123. If this value is unset,  then  local_netmask  and
4852              local_gateway are ignored.
4853
4854       local_netmask: optional string
4855              The   IP   netmask   to   configure  on  the  local  port,  e.g.
4856              255.255.255.0. If local_ip is set but this value is unset,  then
4857              the  default  is chosen based on whether the IP address is class
4858              A, B, or C.
4859
4860       local_gateway: optional string
4861              The IP address of the gateway to configure on the local port, as
4862              a string, e.g. 192.168.0.1. Leave this column unset if this net‐
4863              work has no gateway.
4864
4865     Controller Status:
4866
4867       is_connected: boolean
4868              true if currently connected to this controller, false otherwise.
4869
4870       role: optional string, one of master, other, or slave
4871              The level of authority this controller  has  on  the  associated
4872              bridge. Possible values are:
4873
4874              other  Allows the controller access to all OpenFlow features.
4875
4876              master Equivalent to other, except that there may be at most one
4877                     such controller at a time. If a given controller promotes
4878                     itself  to  this  role, ovs-vswitchd demotes any existing
4879                     controller with the role to slave.
4880
4881              slave  Allows the controller read-only access to  OpenFlow  fea‐
4882                     tures. Attempts to modify the flow table will be rejected
4883                     with  an  error.  Such   controllers   do   not   receive
4884                     OFPT_PACKET_IN or OFPT_FLOW_REMOVED messages, but they do
4885                     receive OFPT_PORT_STATUS messages.
4886
4887       status : last_error: optional string
4888              A human-readable description of the last error on the connection
4889              to  the  controller;  i.e.  strerror(errno). This key will exist
4890              only if an error has occurred.
4891
4892       status : state: optional string, one of  ACTIVE,  BACKOFF,  CONNECTING,
4893       IDLE, or VOID
4894              The state of the connection to the controller:
4895
4896              VOID   Connection is disabled.
4897
4898              BACKOFF
4899                     Attempting to reconnect at an increasing period.
4900
4901              CONNECTING
4902                     Attempting to connect.
4903
4904              ACTIVE Connected, remote host responsive.
4905
4906              IDLE   Connection is idle. Waiting for response to keep-alive.
4907
4908              These  values  may  change in the future. They are provided only
4909              for human consumption.
4910
4911       status : sec_since_connect: optional string, containing an integer,  at
4912       least 0
4913              The  amount of time since this controller last successfully con‐
4914              nected to the switch (in seconds). Value is empty if  controller
4915              has never successfully connected.
4916
4917       status  : sec_since_disconnect: optional string, containing an integer,
4918       at least 1
4919              The amount of time since this controller last disconnected  from
4920              the  switch (in seconds). Value is empty if controller has never
4921              disconnected.
4922
4923     Connection Parameters:
4924
4925       Additional configuration for a connection between  the  controller  and
4926       the Open vSwitch.
4927
4928       other_config : dscp: optional string, containing an integer
4929              The  Differentiated Service Code Point (DSCP) is specified using
4930              6 bits in the Type of Service (TOS) field in the IP header. DSCP
4931              provides a mechanism to classify the network traffic and provide
4932              Quality of Service (QoS) on IP networks. The DSCP  value  speci‐
4933              fied  here  is used when establishing the connection between the
4934              controller and the Open vSwitch. If no value is specified, a de‐
4935              fault  value  of  48 is chosen. Valid DSCP values must be in the
4936              range 0 to 63.
4937
4938     Common Columns:
4939
4940       The overall purpose of these columns is described under Common  Columns
4941       at the beginning of this document.
4942
4943       external_ids: map of string-string pairs
4944
4945       other_config: map of string-string pairs
4946

Manager TABLE

4948       Configuration  for  a  database  connection to an Open vSwitch database
4949       (OVSDB) client.
4950
4951       This   table   primarily   configures   the   Open   vSwitch   database
4952       (ovsdb-server),  not the Open vSwitch switch (ovs-vswitchd). The switch
4953       does read the table to determine what connections should be treated  as
4954       in-band.
4955
4956       The  Open vSwitch database server can initiate and maintain active con‐
4957       nections to remote clients. It can also  listen  for  database  connec‐
4958       tions.
4959
4960   Summary:
4961       Core Features:
4962         target                      string (must be unique within table)
4963         connection_mode             optional   string,   either   in-band  or
4964                                     out-of-band
4965       Client Failure Detection and Handling:
4966         max_backoff                 optional integer, at least 1,000
4967         inactivity_probe            optional integer
4968       Status:
4969         is_connected                boolean
4970         status : last_error         optional string
4971         status : state              optional string, one of ACTIVE,  BACKOFF,
4972                                     CONNECTING, IDLE, or VOID
4973         status : sec_since_connect  optional  string,  containing an integer,
4974                                     at least 0
4975         status : sec_since_disconnect
4976                                     optional string, containing  an  integer,
4977                                     at least 0
4978         status : locks_held         optional string
4979         status : locks_waiting      optional string
4980         status : locks_lost         optional string
4981         status : n_connections      optional  string,  containing an integer,
4982                                     at least 2
4983         status : bound_port         optional string, containing an integer
4984       Connection Parameters:
4985         other_config : dscp         optional string, containing an integer
4986       Common Columns:
4987         external_ids                map of string-string pairs
4988         other_config                map of string-string pairs
4989
4990   Details:
4991     Core Features:
4992
4993       target: string (must be unique within table)
4994              Connection method for managers.
4995
4996              The following connection methods are currently supported:
4997
4998              ssl:host[:port]
4999                     The specified SSL port on the host  at  the  given  host,
5000                     which can either be a DNS name (if built with unbound li‐
5001                     brary)  or  an  IP  address.  The  ssl  column   in   the
5002                     Open_vSwitch  table  must point to a valid SSL configura‐
5003                     tion when this form is used.
5004
5005                     If port is not specified, it defaults to 6640.
5006
5007                     SSL support is an optional feature  that  is  not  always
5008                     built as part of Open vSwitch.
5009
5010              tcp:host[:port]
5011                     The  specified  TCP  port  on the host at the given host,
5012                     which can either be a DNS name (if built with unbound li‐
5013                     brary)  or  an  IP  address (IPv4 or IPv6). If host is an
5014                     IPv6  address,  wrap  it   in   square   brackets,   e.g.
5015                     tcp:[::1]:6640.
5016
5017                     If port is not specified, it defaults to 6640.
5018
5019              pssl:[port][:host]
5020                     Listens  for  SSL  connections on the specified TCP port.
5021                     Specify 0 for  port  to  have  the  kernel  automatically
5022                     choose  an available port. If host, which can either be a
5023                     DNS name (if built with unbound library)  or  an  IP  ad‐
5024                     dress,  is  specified, then connections are restricted to
5025                     the resolved or specified local IP address  (either  IPv4
5026                     or  IPv6  address).  If  host is an IPv6 address, wrap in
5027                     square brackets, e.g. pssl:6640:[::1].  If  host  is  not
5028                     specified then it listens only on IPv4 (but not IPv6) ad‐
5029                     dresses. The ssl column in the  Open_vSwitch  table  must
5030                     point  to  a  valid  SSL  configuration when this form is
5031                     used.
5032
5033                     If port is not specified, it defaults to 6640.
5034
5035                     SSL support is an optional feature  that  is  not  always
5036                     built as part of Open vSwitch.
5037
5038              ptcp:[port][:host]
5039                     Listens  for connections on the specified TCP port. Spec‐
5040                     ify 0 for port to have the kernel automatically choose an
5041                     available  port.  If host, which can either be a DNS name
5042                     (if built with unbound library)  or  an  IP  address,  is
5043                     specified,  then  connections  are  restricted to the re‐
5044                     solved or specified local IP address (either IPv4 or IPv6
5045                     address).  If  host is an IPv6 address, wrap it in square
5046                     brackets, e.g. ptcp:6640:[::1]. If host is not  specified
5047                     then it listens only on IPv4 addresses.
5048
5049                     If port is not specified, it defaults to 6640.
5050
5051              When multiple managers are configured, the target values must be
5052              unique. Duplicate target values yield unspecified results.
5053
5054       connection_mode: optional string, either in-band or out-of-band
5055              If it is specified, this setting must be one  of  the  following
5056              strings  that  describes  how  Open  vSwitch contacts this OVSDB
5057              client over the network:
5058
5059              in-band
5060                     In this mode, this connection’s traffic  travels  over  a
5061                     bridge  managed  by Open vSwitch. With this setting, Open
5062                     vSwitch allows traffic to and from the client  regardless
5063                     of  the  contents of the OpenFlow flow table. (Otherwise,
5064                     Open vSwitch would  never  be  able  to  connect  to  the
5065                     client,  because  it  did  not have a flow to enable it.)
5066                     This is the most common connection mode because it is not
5067                     necessary to maintain two independent networks.
5068
5069              out-of-band
5070                     In this mode, the client’s traffic uses a control network
5071                     separate from that managed by Open vSwitch, that is, Open
5072                     vSwitch  does  not  use any of its own network devices to
5073                     communicate with the client. The control network must  be
5074                     configured  separately,  before  or after ovs-vswitchd is
5075                     started.
5076
5077              If not specified, the default is implementation-specific.
5078
5079     Client Failure Detection and Handling:
5080
5081       max_backoff: optional integer, at least 1,000
5082              Maximum number of milliseconds to wait  between  connection  at‐
5083              tempts. Default is implementation-specific.
5084
5085       inactivity_probe: optional integer
5086              Maximum number of milliseconds of idle time on connection to the
5087              client before sending  an  inactivity  probe  message.  If  Open
5088              vSwitch  does  not communicate with the client for the specified
5089              number of seconds, it will send a probe. If a  response  is  not
5090              received  for  the  same additional amount of time, Open vSwitch
5091              assumes the connection has been broken and  attempts  to  recon‐
5092              nect.  Default is implementation-specific. A value of 0 disables
5093              inactivity probes.
5094
5095     Status:
5096
5097       Key-value pair of is_connected is always updated. Other key-value pairs
5098       in the status columns may be updated depends on the target type.
5099
5100       When target specifies a connection method that listens for inbound con‐
5101       nections (e.g. ptcp: or punix:), both  n_connections  and  is_connected
5102       may also be updated while the remaining key-value pairs are omitted.
5103
5104       On  the  other  hand, when target specifies an outbound connection, all
5105       key-value pairs may be updated, except  the  above-mentioned  two  key-
5106       value  pairs associated with inbound connection targets. They are omit‐
5107       ted.
5108
5109       is_connected: boolean
5110              true if currently connected to this manager, false otherwise.
5111
5112       status : last_error: optional string
5113              A human-readable description of the last error on the connection
5114              to  the  manager; i.e. strerror(errno). This key will exist only
5115              if an error has occurred.
5116
5117       status : state: optional string, one of  ACTIVE,  BACKOFF,  CONNECTING,
5118       IDLE, or VOID
5119              The state of the connection to the manager:
5120
5121              VOID   Connection is disabled.
5122
5123              BACKOFF
5124                     Attempting to reconnect at an increasing period.
5125
5126              CONNECTING
5127                     Attempting to connect.
5128
5129              ACTIVE Connected, remote host responsive.
5130
5131              IDLE   Connection is idle. Waiting for response to keep-alive.
5132
5133              These  values  may  change in the future. They are provided only
5134              for human consumption.
5135
5136       status : sec_since_connect: optional string, containing an integer,  at
5137       least 0
5138              The  amount  of  time  since this manager last successfully con‐
5139              nected to the database (in seconds). Value is empty  if  manager
5140              has never successfully connected.
5141
5142       status  : sec_since_disconnect: optional string, containing an integer,
5143       at least 0
5144              The amount of time since this manager last disconnected from the
5145              database  (in seconds). Value is empty if manager has never dis‐
5146              connected.
5147
5148       status : locks_held: optional string
5149              Space-separated list of the names of OVSDB locks that  the  con‐
5150              nection  holds.  Omitted  if  the  connection  does not hold any
5151              locks.
5152
5153       status : locks_waiting: optional string
5154              Space-separated list of the names of OVSDB locks that  the  con‐
5155              nection  is currently waiting to acquire. Omitted if the connec‐
5156              tion is not waiting for any locks.
5157
5158       status : locks_lost: optional string
5159              Space-separated list of the names of OVSDB locks that  the  con‐
5160              nection  has  had  stolen by another OVSDB client. Omitted if no
5161              locks have been stolen from this connection.
5162
5163       status : n_connections: optional  string,  containing  an  integer,  at
5164       least 2
5165              When  target  specifies a connection method that listens for in‐
5166              bound connections (e.g. ptcp: or pssl:) and more than  one  con‐
5167              nection  is  actually  active, the value is the number of active
5168              connections. Otherwise, this key-value pair is omitted.
5169
5170       status : bound_port: optional string, containing an integer
5171              When target is ptcp: or pssl:, this is the TCP port on which the
5172              OVSDB  server  is  listening.  (This is particularly useful when
5173              target specifies a port of 0, allowing the kernel to choose  any
5174              available port.)
5175
5176     Connection Parameters:
5177
5178       Additional  configuration  for a connection between the manager and the
5179       Open vSwitch Database.
5180
5181       other_config : dscp: optional string, containing an integer
5182              The Differentiated Service Code Point (DSCP) is specified  using
5183              6 bits in the Type of Service (TOS) field in the IP header. DSCP
5184              provides a mechanism to classify the network traffic and provide
5185              Quality  of  Service (QoS) on IP networks. The DSCP value speci‐
5186              fied here is used when establishing the connection  between  the
5187              manager  and  the  Open vSwitch. If no value is specified, a de‐
5188              fault value of 48 is chosen. Valid DSCP values must  be  in  the
5189              range 0 to 63.
5190
5191     Common Columns:
5192
5193       The  overall purpose of these columns is described under Common Columns
5194       at the beginning of this document.
5195
5196       external_ids: map of string-string pairs
5197
5198       other_config: map of string-string pairs
5199

NetFlow TABLE

5201       A NetFlow target. NetFlow is a protocol that exports a  number  of  de‐
5202       tails  about  terminating IP flows, such as the principals involved and
5203       duration.
5204
5205   Summary:
5206       targets                       set of 1 or more strings
5207       engine_id                     optional integer, in range 0 to 255
5208       engine_type                   optional integer, in range 0 to 255
5209       active_timeout                integer, at least -1
5210       add_id_to_interface           boolean
5211       Common Columns:
5212         external_ids                map of string-string pairs
5213
5214   Details:
5215       targets: set of 1 or more strings
5216              NetFlow targets in the form ip:port. The ip  must  be  specified
5217              numerically, not as a DNS name.
5218
5219       engine_id: optional integer, in range 0 to 255
5220              Engine ID to use in NetFlow messages. Defaults to datapath index
5221              if not specified.
5222
5223       engine_type: optional integer, in range 0 to 255
5224              Engine type to use in NetFlow messages. Defaults to datapath in‐
5225              dex if not specified.
5226
5227       active_timeout: integer, at least -1
5228              The  interval  at  which NetFlow records are sent for flows that
5229              are still active, in seconds. A value of 0 requests the  default
5230              timeout  (currently  600 seconds); a value of -1 disables active
5231              timeouts.
5232
5233              The NetFlow passive timeout, for flows that become inactive,  is
5234              not  configurable.  It  will  vary depending on the Open vSwitch
5235              version, the forms and contents of the OpenFlow flow tables, CPU
5236              and  memory usage, and network activity. A typical passive time‐
5237              out is about a second.
5238
5239       add_id_to_interface: boolean
5240              If this column’s value is false, the ingress and  egress  inter‐
5241              face  fields  of  NetFlow flow records are derived from OpenFlow
5242              port numbers. When it is true, the 7 most  significant  bits  of
5243              these fields will be replaced by the least significant 7 bits of
5244              the engine id. This is useful because many NetFlow collectors do
5245              not  expect  multiple  switches  to be sending messages from the
5246              same host, so they do not store  the  engine  information  which
5247              could be used to disambiguate the traffic.
5248
5249              When  this  option  is  enabled, a maximum of 508 ports are sup‐
5250              ported.
5251
5252     Common Columns:
5253
5254       The overall purpose of these columns is described under Common  Columns
5255       at the beginning of this document.
5256
5257       external_ids: map of string-string pairs
5258

Datapath TABLE

5260       Configuration for a datapath within Open_vSwitch.
5261
5262       A  datapath  is  responsible  for providing the packet handling in Open
5263       vSwitch. There are two primary datapath implementations  used  by  Open
5264       vSwitch:  kernel  and  userspace.  Kernel  datapath implementations are
5265       available for Linux and Hyper-V, and selected as system  in  the  data‐
5266       path_type column of the Bridge table. The userspace datapath is used by
5267       DPDK and AF-XDP, and is selected as netdev in the datapath_type  column
5268       of the Bridge table.
5269
5270       A  datapath  of a particular type is shared by all the bridges that use
5271       that datapath. Thus, configurations applied to this  table  affect  all
5272       bridges that use this datapath.
5273
5274   Summary:
5275       datapath_version              string
5276       ct_zones                      map  of  integer-CT_Zone  pairs,  key  in
5277                                     range 0 to 65,535
5278       Capabilities:
5279         capabilities : max_vlan_headers
5280                                     optional string, containing  an  integer,
5281                                     at least 0
5282         capabilities : recirc       optional string, either true or false
5283         capabilities : lb_output_action
5284                                     optional string, either true or false
5285         Connection-Tracking Capabilities:
5286            capabilities : ct_state  optional string, either true or false
5287            capabilities : ct_state_nat
5288                                     optional string, either true or false
5289            capabilities : ct_zone   optional string, either true or false
5290            capabilities : ct_mark   optional string, either true or false
5291            capabilities : ct_label  optional string, either true or false
5292            capabilities : ct_orig_tuple
5293                                     optional string, either true or false
5294            capabilities : ct_orig_tuple6
5295                                     optional string, either true or false
5296         capabilities : masked_set_action
5297                                     optional string, either true or false
5298         capabilities : tnl_push_pop
5299                                     optional string, either true or false
5300         capabilities : ufid         optional string, either true or false
5301         capabilities : trunc        optional string, either true or false
5302         capabilities : nd_ext       optional string, either true or false
5303         Clone Actions:
5304            capabilities : clone     optional string, either true or false
5305            capabilities : sample_nesting
5306                                     optional  string,  containing an integer,
5307                                     at least 0
5308         capabilities : ct_eventmask
5309                                     optional string, either true or false
5310         capabilities : ct_clear     optional string, either true or false
5311         capabilities : max_hash_alg
5312                                     optional string, containing  an  integer,
5313                                     at least 0
5314         capabilities : check_pkt_len
5315                                     optional string, either true or false
5316         capabilities : ct_timeout   optional string, either true or false
5317         capabilities : explicit_drop_action
5318                                     optional string, either true or false
5319         capabilities : ct_zero_snat
5320                                     optional string, either true or false
5321       Common Columns:
5322         external_ids                map of string-string pairs
5323
5324   Details:
5325       datapath_version: string
5326              Reports  the version number of the Open vSwitch datapath in use.
5327              This allows management software to detect and report  discrepan‐
5328              cies  between Open vSwitch userspace and datapath versions. (The
5329              ovs_version column in the Open_vSwitch reports the Open  vSwitch
5330              userspace version.) The version reported depends on the datapath
5331              in use:
5332
5333              •      When the kernel  module  included  in  the  Open  vSwitch
5334                     source tree is used, this column reports the Open vSwitch
5335                     version from which the module was taken.
5336
5337              •      When the kernel module that is part of the upstream Linux
5338                     kernel is used, this column reports <unknown>.
5339
5340              •      When  the datapath is built into the ovs-vswitchd binary,
5341                     this column reports <built-in>. A built-in datapath is by
5342                     definition  the  same  version  as  the  rest of the Open
5343                     vSwitch userspace.
5344
5345              •      Other datapaths (such as  the  Hyper-V  kernel  datapath)
5346                     currently report <unknown>.
5347
5348              A  version  discrepancy between ovs-vswitchd and the datapath in
5349              use is not normally cause for alarm.  The  Open  vSwitch  kernel
5350              datapaths for Linux and Hyper-V, in particular, are designed for
5351              maximum inter-version compatibility: any userspace version works
5352              with with any kernel version. Some reasons do exist to insist on
5353              particular user/kernel pairings. First,  newer  kernel  versions
5354              add new features, that can only be used by new-enough userspace,
5355              e.g. VXLAN tunneling requires certain minimal userspace and ker‐
5356              nel  versions. Second, as an extension to the first reason, some
5357              newer kernel versions add new features for enhancing performance
5358              that only new-enough userspace versions can take advantage of.
5359
5360       ct_zones: map of integer-CT_Zone pairs, key in range 0 to 65,535
5361              Configuration for connection tracking zones. Each pair maps from
5362              a zone id to a configuration for that zone. Zone  0  applies  to
5363              the default zone (ie, the one used if a zone is not specified in
5364              connection tracking-related OpenFlow matches and actions).
5365
5366     Capabilities:
5367
5368       The capabilities column reports a datapath’s features. For  the  netdev
5369       datapath,  the  capabilities  are  fixed  for  a  given version of Open
5370       vSwitch because this datapath is built into  the  ovs-vswitchd  binary.
5371       The Linux kernel and Windows and other datapaths, which are external to
5372       OVS userspace, can vary in version and capabilities independently  from
5373       ovs-vswitchd.
5374
5375       Some  of these features indicate whether higher-level Open vSwitch fea‐
5376       tures are available. For example,  OpenFlow  features  for  connection-
5377       tracking  are available only when capabilities:ct_state is true. A con‐
5378       troller that wishes to determine whether a feature is supported  could,
5379       therefore, consult the relevant capabilities in this table. However, as
5380       a general rule, it is better for a controller to try to use the higher-
5381       level feature and use the result as an indication of support, since the
5382       low-level capabilities are more likely to  shift  over  time  than  the
5383       high-level features that rely on them.
5384
5385       capabilities  :  max_vlan_headers: optional string, containing an inte‐
5386       ger, at least 0
5387              Number of 802.1q VLAN headers  supported  by  the  datapath,  as
5388              probed  by  the ovs-vswitchd slow path. If the datapath supports
5389              more VLAN headers than the slow  path,  this  reports  the  slow
5390              path’s  limit.  The  value  of  other-config:vlan-limit  in  the
5391              Open_vSwitch table does not influence the number reported here.
5392
5393       capabilities : recirc: optional string, either true or false
5394              If this is  true,  then  the  datapath  supports  recirculation,
5395              specifically   OVS_KEY_ATTR_RECIRC_ID.   Recirculation   enables
5396              higher performance for MPLS  and  active-active  load  balancing
5397              bonding modes.
5398
5399       capabilities : lb_output_action: optional string, either true or false
5400              If  this  is true, then the datapath supports optimized balance-
5401              tcp bond mode. This capability replaces existing hash and recirc
5402              actions  with  new  action lb_output and avoids recirculation of
5403              packet in datapath. It is supported only  for  balance-tcp  bond
5404              mode  in netdev datapath. The new action gives higer performance
5405              by using bond buckets instead of post  recirculation  flows  for
5406              selection of slave port from bond. By default this new action is
5407              disabled, however it can be enabled by setting  other-config:lb-
5408              output-action in Port table.
5409
5410     Connection-Tracking Capabilities:
5411
5412       These  capabilities are granular because Open vSwitch and its datapaths
5413       added support for connection tracking over several releases, with  fea‐
5414       tures added individually over that time.
5415
5416       capabilities : ct_state: optional string, either true or false
5417              If  true,  datapath  supports OVS_KEY_ATTR_CT_STATE, which indi‐
5418              cates support for the bits in the OpenFlow ct_state  field  (see
5419              ovs-fields(7))  other  than snat and dnat, which have a separate
5420              capability.
5421
5422              If this is false, the  datapath  does  not  support  connection-
5423              tracking  at all and the remaining connection-tracking capabili‐
5424              ties should all be false. In this case, Open vSwitch will reject
5425              flows that match on the ct_state field or use the ct action.
5426
5427       capabilities : ct_state_nat: optional string, either true or false
5428              If  true,  it means that the datapath supports the snat and dnat
5429              flags in the OpenFlow ct_state field.  The  ct_state  capability
5430              must be true for this to make sense.
5431
5432              If  false, Open vSwitch will reject flows that match on the snat
5433              or dnat bits in ct_state or use nat in the ct action.
5434
5435       capabilities : ct_zone: optional string, either true or false
5436              If true, datapath supports OVS_KEY_ATTR_CT_ZONE. If false,  Open
5437              vSwitch  rejects  flows  that match on the ct_zone field or that
5438              specify a nonzero zone or a zone field on the ct action.
5439
5440       capabilities : ct_mark: optional string, either true or false
5441              If true, datapath supports OVS_KEY_ATTR_CT_MARK. If false,  Open
5442              vSwitch  rejects  flows  that match on the ct_mark field or that
5443              set ct_mark in the ct action.
5444
5445       capabilities : ct_label: optional string, either true or false
5446              If true, datapath supports OVS_KEY_ATTR_CT_LABEL. If false, Open
5447              vSwitch  rejects  flows that match on the ct_label field or that
5448              set ct_label in the ct action.
5449
5450       capabilities : ct_orig_tuple: optional string, either true or false
5451              If true, the datapath supports matching  the  5-tuple  from  the
5452              connection’s original direction for IPv4 traffic. If false, Open
5453              vSwitch rejects flows that match on ct_nw_src or ct_nw_dst, that
5454              use  the ct feature of the resubmit action, or the force keyword
5455              in the ct action. (The latter isn’t tied to connection  tracking
5456              support  of  original tuples in any technical way. They are con‐
5457              flated because all current datapaths implemented  the  two  fea‐
5458              tures at the same time.)
5459
5460              If  this  and  capabilities:ct_orig_tuple6  are both false, Open
5461              vSwitch rejects flows that match on ct_nw_proto,  ct_tp_src,  or
5462              ct_tp_dst.
5463
5464       capabilities : ct_orig_tuple6: optional string, either true or false
5465              If  true,  the  datapath  supports matching the 5-tuple from the
5466              connection’s original direction for IPv6 traffic. If false, Open
5467              vSwitch rejects flows that match on ct_ipv6_src or ct_ipv6_dst.
5468
5469       capabilities : masked_set_action: optional string, either true or false
5470              True if the datapath supports masked data in OVS_ACTION_ATTR_SET
5471              actions.  Masked  data  can  improve  performance  by   allowing
5472              megaflows to match on fewer fields.
5473
5474       capabilities : tnl_push_pop: optional string, either true or false
5475              True  if the datapath supports tnl_push and pop actions. This is
5476              a prerequisite for a datapath to support native tunneling.
5477
5478       capabilities : ufid: optional string, either true or false
5479              True if the datapath supports OVS_FLOW_ATTR_UFID.  UFID  support
5480              improves  revalidation performance by transferring less data be‐
5481              tween the slow path and the datapath.
5482
5483       capabilities : trunc: optional string, either true or false
5484              True if the datapath supports OVS_ACTION_ATTR_TRUNC  action.  If
5485              false,  the  output action with packet truncation requires every
5486              packet to be sent to the Open vSwitch slow path, which is likely
5487              to make it too slow for mirroring traffic in bulk.
5488
5489       capabilities : nd_ext: optional string, either true or false
5490              True  if  the  datapath  supports  OVS_KEY_ATTR_ND_EXTENSIONS to
5491              match on ICMPv6  "ND  reserved"  and  "ND  option  type"  header
5492              fields.  If  false, the datapath reports error if the feature is
5493              used.
5494
5495     Clone Actions:
5496
5497       When Open vSwitch translates actions from OpenFlow  into  the  datapath
5498       representation,  some  of the datapath actions may modify the packet or
5499       have other side effects that later datapath  actions  can’t  undo.  The
5500       OpenFlow   ct,   meter,  output  with  truncation,  encap,  decap,  and
5501       dec_nsh_ttl actions fall into this category. Often, this is not a prob‐
5502       lem because nothing later on needs the original packet.
5503
5504       Such actions can, however, occur in circumstances where the translation
5505       does require the original packet. For example, an OpenFlow  output  ac‐
5506       tion might direct a packet to a patch port, which might in turn lead to
5507       a ct action that NATs the packet (which cannot be undone), and then af‐
5508       terward  when  control  flow pops back across the patch port some other
5509       action might need to act on the original packet.
5510
5511       Open vSwitch has two different ways to implement this  ``save  and  re‐
5512       store’’  via  datapath  actions.  These capabilities indicate which one
5513       Open vSwitch will choose. When neither is available, Open vSwitch  sim‐
5514       ply fails in situations that require this feature.
5515
5516       capabilities : clone: optional string, either true or false
5517              True if the datapath supports OVS_ACTION_ATTR_CLONE action. This
5518              is the preferred option for saving and restoring packets,  since
5519              it is intended for the purpose, but old datapaths do not support
5520              it. Open vSwitch will use it whenever it is available.
5521
5522              (The OpenFlow clone action  does  not  always  yield  a  OVS_AC‐
5523              TION_ATTR_CLONE  action.  It only does so when the datapath sup‐
5524              ports it and the clone brackets actions that otherwise cannot be
5525              undone.)
5526
5527       capabilities  : sample_nesting: optional string, containing an integer,
5528       at least 0
5529              Maximum level of nesting allowed by  OVS_ACTION_ATTR_SAMPLE  ac‐
5530              tion.  Open vSwitch misuses this action for saving and restoring
5531              packets when the datapath supports more than 3 levels of nesting
5532              and OVS_ACTION_ATTR_CLONE is not available.
5533
5534       capabilities : ct_eventmask: optional string, either true or false
5535              True  if the datapath’s OVS_ACTION_ATTR_CT action implements the
5536              OVS_CT_ATTR_EVENTMASK attribute. When this is true, Open vSwitch
5537              uses  the  event  mask  feature to limit the kinds of events re‐
5538              ported to conntrack update listeners. When Open vSwitch  doesn’t
5539              limit the event mask, listeners receive reports of numerous usu‐
5540              ally unimportant events, such  as  TCP  state  machine  changes,
5541              which can waste CPU time.
5542
5543       capabilities : ct_clear: optional string, either true or false
5544              True  if  the datapath supports OVS_ACTION_ATTR_CT_CLEAR action.
5545              If false, the OpenFlow ct_clear action  has  no  effect  on  the
5546              datapath.
5547
5548       capabilities : max_hash_alg: optional string, containing an integer, at
5549       least 0
5550              Highest supported dp_hash algorithm. This allows Open vSwitch to
5551              avoid  requesting  a packet hash that the datapath does not sup‐
5552              port.
5553
5554       capabilities : check_pkt_len: optional string, either true or false
5555              True if the datapath supports OVS_ACTION_ATTR_CHECK_PKT_LEN.  If
5556              false,  Open  vSwitch  implements the check_pkt_larger action by
5557              sending every packet through the Open vSwitch slow  path,  which
5558              is likely to make it too slow for handling traffic in bulk.
5559
5560       capabilities : ct_timeout: optional string, either true or false
5561              True if the datapath supports OVS_CT_ATTR_TIMEOUT in the OVS_AC‐
5562              TION_ATTR_CT action. If false,  Open  vswitch  cannot  implement
5563              timeout  policies based on connection tracking zones, as config‐
5564              ured through the CT_Timeout_Policy table.
5565
5566       capabilities : explicit_drop_action: optional string,  either  true  or
5567       false
5568              True  if  the  datapath supports OVS_ACTION_ATTR_DROP. If false,
5569              explicit drop action will not be sent to the datapath.
5570
5571       capabilities : ct_zero_snat: optional string, either true or false
5572              True if the datapath supports all-zero SNAT. This is  a  special
5573              case  if  the  src  IP  address  is configured as all 0’s, i.e.,
5574              nat(src=0.0.0.0). In this case, when a source port collision  is
5575              detected  during  the commit, the source port will be translated
5576              to an ephemeral port. If there is no collision, no SNAT is  per‐
5577              formed.
5578
5579     Common Columns:
5580
5581       The  overall purpose of these columns is described under Common Columns
5582       at the beginning of this document.
5583
5584       external_ids: map of string-string pairs
5585

CT_Zone TABLE

5587       Connection tracking zone configuration
5588
5589   Summary:
5590       timeout_policy                optional CT_Timeout_Policy
5591       Common Columns:
5592         external_ids                map of string-string pairs
5593
5594   Details:
5595       timeout_policy: optional CT_Timeout_Policy
5596              Connection tracking timeout policy for this zone. If  a  timeout
5597              policy  is  not  specified, it defaults to the timeout policy in
5598              the system.
5599
5600     Common Columns:
5601
5602       The overall purpose of these columns is described under Common  Columns
5603       at the beginning of this document.
5604
5605       external_ids: map of string-string pairs
5606

CT_Timeout_Policy TABLE

5608       Connection tracking timeout policy configuration
5609
5610   Summary:
5611       Timeouts:
5612         timeouts                    map  of  string-integer pairs, key one of
5613                                     icmp_first,    icmp_reply,     tcp_close,
5614                                     tcp_close_wait,          tcp_established,
5615                                     tcp_fin_wait, tcp_last_ack,  tcp_retrans‐
5616                                     mit,     tcp_syn_recv,     tcp_syn_sent2,
5617                                     tcp_syn_sent,  tcp_time_wait,  tcp_unack,
5618                                     udp_first,  udp_multiple,  or udp_single,
5619                                     value in range 0 to 4,294,967,295
5620         TCP Timeouts:
5621            timeouts : tcp_syn_sent  optional   integer,   in   range   0   to
5622                                     4,294,967,295
5623            timeouts : tcp_syn_recv  optional   integer,   in   range   0   to
5624                                     4,294,967,295
5625            timeouts : tcp_established
5626                                     optional   integer,   in   range   0   to
5627                                     4,294,967,295
5628            timeouts : tcp_fin_wait  optional   integer,   in   range   0   to
5629                                     4,294,967,295
5630            timeouts : tcp_close_wait
5631                                     optional   integer,   in   range   0   to
5632                                     4,294,967,295
5633            timeouts : tcp_last_ack  optional   integer,   in   range   0   to
5634                                     4,294,967,295
5635            timeouts : tcp_time_wait optional   integer,   in   range   0   to
5636                                     4,294,967,295
5637            timeouts : tcp_close     optional   integer,   in   range   0   to
5638                                     4,294,967,295
5639            timeouts : tcp_syn_sent2 optional   integer,   in   range   0   to
5640                                     4,294,967,295
5641            timeouts : tcp_retransmit
5642                                     optional   integer,   in   range   0   to
5643                                     4,294,967,295
5644            timeouts : tcp_unack     optional   integer,   in   range   0   to
5645                                     4,294,967,295
5646         UDP Timeouts:
5647            timeouts : udp_first     optional   integer,   in   range   0   to
5648                                     4,294,967,295
5649            timeouts : udp_single    optional   integer,   in   range   0   to
5650                                     4,294,967,295
5651            timeouts : udp_multiple  optional   integer,   in   range   0   to
5652                                     4,294,967,295
5653         ICMP Timeouts:
5654            timeouts : icmp_first    optional   integer,   in   range   0   to
5655                                     4,294,967,295
5656            timeouts : icmp_reply    optional   integer,   in   range   0   to
5657                                     4,294,967,295
5658       Common Columns:
5659         external_ids                map of string-string pairs
5660
5661   Details:
5662     Timeouts:
5663
5664       timeouts: map of string-integer pairs, key one of icmp_first,  icmp_re‐
5665       ply,    tcp_close,   tcp_close_wait,   tcp_established,   tcp_fin_wait,
5666       tcp_last_ack,     tcp_retransmit,     tcp_syn_recv,      tcp_syn_sent2,
5667       tcp_syn_sent,  tcp_time_wait,  tcp_unack,  udp_first,  udp_multiple, or
5668       udp_single, value in range 0 to 4,294,967,295
5669              The timeouts column contains key-value pairs used  to  configure
5670              connection tracking timeouts in a datapath. Key-value pairs that
5671              are not supported by a datapath are ignored. The  timeout  value
5672              is in seconds.
5673
5674     TCP Timeouts:
5675
5676       timeouts : tcp_syn_sent: optional integer, in range 0 to 4,294,967,295
5677              The  timeout  for  the connection after the first TCP SYN packet
5678              has been seen by conntrack.
5679
5680       timeouts : tcp_syn_recv: optional integer, in range 0 to 4,294,967,295
5681              The timeout of the connection after the first TCP SYN-ACK packet
5682              has been seen by conntrack.
5683
5684       timeouts   :   tcp_established:   optional   integer,  in  range  0  to
5685       4,294,967,295
5686              The timeout of the connection  after  the  connection  has  been
5687              fully established.
5688
5689       timeouts : tcp_fin_wait: optional integer, in range 0 to 4,294,967,295
5690              The timeout of the connection after the first TCP FIN packet has
5691              been seen by conntrack.
5692
5693       timeouts  :  tcp_close_wait:  optional   integer,   in   range   0   to
5694       4,294,967,295
5695              The timeout of the connection after the first TCP ACK packet has
5696              been seen after it receives TCP FIN packet. This timeout is only
5697              supported by the Linux kernel datapath.
5698
5699       timeouts : tcp_last_ack: optional integer, in range 0 to 4,294,967,295
5700              The  timeout  of  the connection after TCP FIN packets have been
5701              seen by conntrack from both directions.  This  timeout  is  only
5702              supported by the Linux kernel datapath.
5703
5704       timeouts : tcp_time_wait: optional integer, in range 0 to 4,294,967,295
5705              The  timeout  of the connection after conntrack has seen the TCP
5706              ACK packet for the second TCP FIN packet.
5707
5708       timeouts : tcp_close: optional integer, in range 0 to 4,294,967,295
5709              The timeout of the connection after the first TCP RST packet has
5710              been seen by conntrack.
5711
5712       timeouts : tcp_syn_sent2: optional integer, in range 0 to 4,294,967,295
5713              The  timeout  of  the  connection when only a TCP SYN packet has
5714              been seen by conntrack from both directions (simultaneous open).
5715              This timeout is only supported by the Linux kernel datapath.
5716
5717       timeouts   :   tcp_retransmit:   optional   integer,   in  range  0  to
5718       4,294,967,295
5719              The timeout of the connection when it exceeds the maximum number
5720              of  retransmissions. This timeout is only supported by the Linux
5721              kernel datapath.
5722
5723       timeouts : tcp_unack: optional integer, in range 0 to 4,294,967,295
5724              The timeout of the connection when non-SYN packets create an es‐
5725              tablished connection in TCP loose tracking mode. This timeout is
5726              only supported by the Linux kernel datapath.
5727
5728     UDP Timeouts:
5729
5730       timeouts : udp_first: optional integer, in range 0 to 4,294,967,295
5731              The timeout of the connection after the  first  UDP  packet  has
5732              been  seen  by  conntrack. This timeout is only supported by the
5733              userspace datapath.
5734
5735       timeouts : udp_single: optional integer, in range 0 to 4,294,967,295
5736              The timeout of the  connection  when  conntrack  only  seen  UDP
5737              packet  from the source host, but the destination host has never
5738              sent one back.
5739
5740       timeouts : udp_multiple: optional integer, in range 0 to 4,294,967,295
5741              The timeout of the connection when UDP packets have been seen in
5742              both directions.
5743
5744     ICMP Timeouts:
5745
5746       timeouts : icmp_first: optional integer, in range 0 to 4,294,967,295
5747              The  timeout  of  the connection after the first ICMP packet has
5748              been seen by conntrack.
5749
5750       timeouts : icmp_reply: optional integer, in range 0 to 4,294,967,295
5751              The timeout of the connection when ICMP packets have  been  seen
5752              in  both  direction.  This  timeout  is  only  supported  by the
5753              userspace datapath.
5754
5755     Common Columns:
5756
5757       The overall purpose of these columns is described under Common  Columns
5758       at the beginning of this document.
5759
5760       external_ids: map of string-string pairs
5761

SSL TABLE

5763       SSL configuration for an Open_vSwitch.
5764
5765   Summary:
5766       private_key                   string
5767       certificate                   string
5768       ca_cert                       string
5769       bootstrap_ca_cert             boolean
5770       Common Columns:
5771         external_ids                map of string-string pairs
5772
5773   Details:
5774       private_key: string
5775              Name  of  a  PEM  file  containing  the  private key used as the
5776              switch’s identity for SSL connections to the controller.
5777
5778       certificate: string
5779              Name of a PEM file containing a certificate, signed by the  cer‐
5780              tificate authority (CA) used by the controller and manager, that
5781              certifies the switch’s private key,  identifying  a  trustworthy
5782              switch.
5783
5784       ca_cert: string
5785              Name  of a PEM file containing the CA certificate used to verify
5786              that the switch is connected to a trustworthy controller.
5787
5788       bootstrap_ca_cert: boolean
5789              If set to true, then Open vSwitch will attempt to obtain the  CA
5790              certificate  from the controller on its first SSL connection and
5791              save it to the named PEM file. If it is successful, it will  im‐
5792              mediately  drop  the  connection and reconnect, and from then on
5793              all SSL connections  must  be  authenticated  by  a  certificate
5794              signed  by the CA certificate thus obtained. This option exposes
5795              the SSL connection to a man-in-the-middle attack  obtaining  the
5796              initial  CA  certificate.  It may still be useful for bootstrap‐
5797              ping.
5798
5799     Common Columns:
5800
5801       The overall purpose of these columns is described under Common  Columns
5802       at the beginning of this document.
5803
5804       external_ids: map of string-string pairs
5805

sFlow TABLE

5807       A set of sFlow(R) targets. sFlow is a protocol for remote monitoring of
5808       switches.
5809
5810   Summary:
5811       agent                         optional string
5812       header                        optional integer
5813       polling                       optional integer
5814       sampling                      optional integer
5815       targets                       set of 1 or more strings
5816       Common Columns:
5817         external_ids                map of string-string pairs
5818
5819   Details:
5820       agent: optional string
5821              Determines the agent address, that is, the IP  address  reported
5822              to  collectors  as the source of the sFlow data. It may be an IP
5823              address or the name of a network device. In the latter case, the
5824              network device’s IP address is used,
5825
5826              If  not  specified,  the  agent device is figured from the first
5827              target address and the routing table. If the routing table  does
5828              not  contain  a  route to the target, the IP address defaults to
5829              the local_ip in the collector’s Controller.
5830
5831              If an agent IP address cannot be determined, sFlow is disabled.
5832
5833       header: optional integer
5834              Number of bytes of a sampled packet to send to the collector. If
5835              not specified, the default is 128 bytes.
5836
5837       polling: optional integer
5838              Polling  rate  in seconds to send port statistics to the collec‐
5839              tor. If not specified, defaults to 30 seconds.
5840
5841       sampling: optional integer
5842              Rate at which packets should be sampled and sent to the  collec‐
5843              tor.  If  not specified, defaults to 400, which means one out of
5844              400 packets, on average, will be sent to the collector.
5845
5846       targets: set of 1 or more strings
5847              sFlow targets in the form ip:port.
5848
5849     Common Columns:
5850
5851       The overall purpose of these columns is described under Common  Columns
5852       at the beginning of this document.
5853
5854       external_ids: map of string-string pairs
5855

IPFIX TABLE

5857       Configuration for sending packets to IPFIX collectors.
5858
5859       IPFIX  is  a protocol that exports a number of details about flows. The
5860       IPFIX implementation in Open vSwitch samples packets at a  configurable
5861       rate,  extracts  flow information from those packets, optionally caches
5862       and aggregates the flow information, and sends the  result  to  one  or
5863       more collectors.
5864
5865       IPFIX in Open vSwitch can be configured two different ways:
5866
5867              •      With  per-bridge  sampling,  Open  vSwitch performs IPFIX
5868                     sampling automatically on all packets that pass through a
5869                     bridge. To configure per-bridge sampling, create an IPFIX
5870                     record and point a Bridge table’s ipfix column to it. The
5871                     Flow_Sample_Collector_Set  table  is  not  used  for per-
5872                     bridge sampling.
5873
5874              •      With flow-based sampling, sample actions in the  OpenFlow
5875                     flow table drive IPFIX sampling. See ovs-actions(7) for a
5876                     description of the sample action.
5877
5878                     Flow-based sampling also requires database configuration:
5879                     create a IPFIX record that describes the IPFIX configura‐
5880                     tion and a Flow_Sample_Collector_Set record  that  points
5881                     to  the  Bridge whose flow table holds the sample actions
5882                     and to IPFIX record. The ipfix in the Bridge table is not
5883                     used for flow-based sampling.
5884
5885   Summary:
5886       targets                       set of strings
5887       cache_active_timeout          optional integer, in range 0 to 4,200
5888       cache_max_flows               optional   integer,   in   range   0   to
5889                                     4,294,967,295
5890       other_config : enable-tunnel-sampling
5891                                     optional string, either true or false
5892       other_config : virtual_obs_id optional string
5893       Per-Bridge Sampling:
5894         sampling                    optional   integer,   in   range   1   to
5895                                     4,294,967,295
5896         obs_domain_id               optional   integer,   in   range   0   to
5897                                     4,294,967,295
5898         obs_point_id                optional   integer,   in   range   0   to
5899                                     4,294,967,295
5900         other_config : enable-input-sampling
5901                                     optional string, either true or false
5902         other_config : enable-output-sampling
5903                                     optional string, either true or false
5904       Common Columns:
5905         external_ids                map of string-string pairs
5906
5907   Details:
5908       targets: set of strings
5909              IPFIX target collectors in the form ip:port.
5910
5911       cache_active_timeout: optional integer, in range 0 to 4,200
5912              The  maximum period in seconds for which an IPFIX flow record is
5913              cached and aggregated before being sent. If not  specified,  de‐
5914              faults to 0. If 0, caching is disabled.
5915
5916       cache_max_flows: optional integer, in range 0 to 4,294,967,295
5917              The maximum number of IPFIX flow records that can be cached at a
5918              time. If not specified, defaults to 0. If  0,  caching  is  dis‐
5919              abled.
5920
5921       other_config  : enable-tunnel-sampling: optional string, either true or
5922       false
5923              Set to true to enable sampling and reporting tunnel header 7-tu‐
5924              ples  in  IPFIX  flow records. Tunnel sampling is enabled by de‐
5925              fault.
5926
5927              The following enterprise  entities  report  the  sampled  tunnel
5928              info:
5929
5930              tunnelType:
5931                     ID: 891, and enterprise ID 6876 (VMware).
5932
5933                     type: unsigned 8-bit integer.
5934
5935                     data type semantics: identifier.
5936
5937                     description:  Identifier  of  the layer 2 network overlay
5938                     network encapsulation type: 0x01 VxLAN,  0x02  GRE,  0x03
5939                     LISP, 0x07 GENEVE.
5940
5941              tunnelKey:
5942                     ID: 892, and enterprise ID 6876 (VMware).
5943
5944                     type: variable-length octetarray.
5945
5946                     data type semantics: identifier.
5947
5948                     description:  Key  which is used for identifying an indi‐
5949                     vidual traffic flow within a VxLAN (24-bit  VNI),  GENEVE
5950                     (24-bit  VNI), GRE (32-bit key), or LISP (24-bit instance
5951                     ID) tunnel. The key is encoded in this  octetarray  as  a
5952                     3-, 4-, or 8-byte integer ID in network byte order.
5953
5954              tunnelSourceIPv4Address:
5955                     ID: 893, and enterprise ID 6876 (VMware).
5956
5957                     type: unsigned 32-bit integer.
5958
5959                     data type semantics: identifier.
5960
5961                     description:  The  IPv4  source  address in the tunnel IP
5962                     packet header.
5963
5964              tunnelDestinationIPv4Address:
5965                     ID: 894, and enterprise ID 6876 (VMware).
5966
5967                     type: unsigned 32-bit integer.
5968
5969                     data type semantics: identifier.
5970
5971                     description: The IPv4 destination address in  the  tunnel
5972                     IP packet header.
5973
5974              tunnelProtocolIdentifier:
5975                     ID: 895, and enterprise ID 6876 (VMware).
5976
5977                     type: unsigned 8-bit integer.
5978
5979                     data type semantics: identifier.
5980
5981                     description: The value of the protocol number in the tun‐
5982                     nel IP packet header. The protocol number identifies  the
5983                     tunnel IP packet payload type.
5984
5985              tunnelSourceTransportPort:
5986                     ID: 896, and enterprise ID 6876 (VMware).
5987
5988                     type: unsigned 16-bit integer.
5989
5990                     data type semantics: identifier.
5991
5992                     description:  The  source  port  identifier in the tunnel
5993                     transport header. For the transport protocols  UDP,  TCP,
5994                     and SCTP, this is the source port number given in the re‐
5995                     spective header.
5996
5997              tunnelDestinationTransportPort:
5998                     ID: 897, and enterprise ID 6876 (VMware).
5999
6000                     type: unsigned 16-bit integer.
6001
6002                     data type semantics: identifier.
6003
6004                     description: The destination port identifier in the  tun‐
6005                     nel  transport  header.  For the transport protocols UDP,
6006                     TCP, and SCTP, this is the destination port number  given
6007                     in the respective header.
6008
6009              Before  Open vSwitch 2.5.90, other_config:enable-tunnel-sampling
6010              was only supported with per-bridge sampling, and ignored  other‐
6011              wise. Open vSwitch 2.5.90 and later support other_config:enable-
6012              tunnel-sampling for per-bridge and per-flow sampling.
6013
6014       other_config : virtual_obs_id: optional string
6015              A string that accompanies each IPFIX flow record.  Its  intended
6016              use  is  for  the ``virtual observation ID,’’ an identifier of a
6017              virtual observation point that is locally unique  in  a  virtual
6018              network. It describes a location in the virtual network where IP
6019              packets can be observed. The maximum length is 254 bytes. If not
6020              specified, the field is omitted from the IPFIX flow record.
6021
6022              The  following  enterprise  entity reports the specified virtual
6023              observation ID:
6024
6025              virtualObsID:
6026                     ID: 898, and enterprise ID 6876 (VMware).
6027
6028                     type: variable-length string.
6029
6030                     data type semantics: identifier.
6031
6032                     description: A virtual observation domain ID that is  lo‐
6033                     cally unique in a virtual network.
6034
6035              This feature was introduced in Open vSwitch 2.5.90.
6036
6037     Per-Bridge Sampling:
6038
6039       These  values affect only per-bridge sampling. See above for a descrip‐
6040       tion of the differences between per-bridge and flow-based sampling.
6041
6042       sampling: optional integer, in range 1 to 4,294,967,295
6043              The rate at which packets should be sampled  and  sent  to  each
6044              target collector. If not specified, defaults to 400, which means
6045              one out of 400 packets, on average, will be sent to each  target
6046              collector.
6047
6048       obs_domain_id: optional integer, in range 0 to 4,294,967,295
6049              The  IPFIX  Observation  Domain ID sent in each IPFIX packet. If
6050              not specified, defaults to 0.
6051
6052       obs_point_id: optional integer, in range 0 to 4,294,967,295
6053              The IPFIX Observation Point ID sent in each IPFIX  flow  record.
6054              If not specified, defaults to 0.
6055
6056       other_config  :  enable-input-sampling: optional string, either true or
6057       false
6058              By default, Open vSwitch samples and  reports  flows  at  bridge
6059              port  input  in  IPFIX flow records. Set this column to false to
6060              disable input sampling.
6061
6062       other_config : enable-output-sampling: optional string, either true  or
6063       false
6064              By  default,  Open  vSwitch  samples and reports flows at bridge
6065              port output in IPFIX flow records. Set this column to  false  to
6066              disable output sampling.
6067
6068     Common Columns:
6069
6070       The  overall purpose of these columns is described under Common Columns
6071       at the beginning of this document.
6072
6073       external_ids: map of string-string pairs
6074

Flow_Sample_Collector_Set TABLE

6076       A set of IPFIX collectors of packet samples generated by OpenFlow  sam‐
6077       ple actions. This table is used only for IPFIX flow-based sampling, not
6078       for per-bridge sampling (see the IPFIX table for a description  of  the
6079       two forms).
6080
6081   Summary:
6082       id                            integer, in range 0 to 4,294,967,295
6083       bridge                        Bridge
6084       ipfix                         optional IPFIX
6085       Common Columns:
6086         external_ids                map of string-string pairs
6087
6088   Details:
6089       id: integer, in range 0 to 4,294,967,295
6090              The  ID of this collector set, unique among the bridge’s collec‐
6091              tor sets, to be used as the collector_set_id in OpenFlow  sample
6092              actions.
6093
6094       bridge: Bridge
6095              The  bridge  into  which OpenFlow sample actions can be added to
6096              send packet samples to this set of IPFIX collectors.
6097
6098       ipfix: optional IPFIX
6099              Configuration of the set of IPFIX collectors to  send  one  flow
6100              record per sampled packet to.
6101
6102     Common Columns:
6103
6104       The  overall purpose of these columns is described under Common Columns
6105       at the beginning of this document.
6106
6107       external_ids: map of string-string pairs
6108

AutoAttach TABLE

6110       Auto Attach configuration within a bridge. The  IETF  Auto-Attach  SPBM
6111       draft  standard  describes  a compact method of using IEEE 802.1AB Link
6112       Layer Discovery Protocol (LLDP) together with a IEEE  802.1aq  Shortest
6113       Path  Bridging (SPB) network to automatically attach network devices to
6114       individual services in a SPB network. The intent here is to allow  net‐
6115       work  applications  and devices using OVS to be able to easily take ad‐
6116       vantage of features offered by industry standard SPB networks.
6117
6118       Auto Attach (AA) uses LLDP to communicate between a directly  connected
6119       Auto  Attach Client (AAC) and Auto Attach Server (AAS). The LLDP proto‐
6120       col is extended to add two new  Type-Length-Value  tuples  (TLVs).  The
6121       first  new  TLV supports the ongoing discovery of directly connected AA
6122       correspondents. Auto Attach operates by regularly transmitting AA  dis‐
6123       covery  TLVs  between  the AA client and AA server. By exchanging these
6124       discovery messages, both the AAC and AAS learn the system name and sys‐
6125       tem  description of their peer. In the OVS context, OVS operates as the
6126       AA client and the AA server resides on a switch at the edge of the  SPB
6127       network.
6128
6129       Once  AA  discovery has been completed the AAC then uses the second new
6130       TLV to deliver identifier mappings from the AAC to the AAS.  A  primary
6131       feature  of  Auto  Attach is to facilitate the mapping of VLANs defined
6132       outside the SPB network onto service ids (ISIDs) defined within the SPM
6133       network.  By doing so individual external VLANs can be mapped onto spe‐
6134       cific SPB network services. These VLAN id to ISID mappings can be  con‐
6135       figured  and  managed  locally using new options added to the ovs-vsctl
6136       command.
6137
6138       The Auto Attach OVS feature does not provide a full  implementation  of
6139       the  LLDP  protocol.  Support  for the mandatory TLVs as defined by the
6140       LLDP standard and support for the AA TLV extensions is  provided.  LLDP
6141       protocol  support  in  OVS can be enabled or disabled on a port by port
6142       basis. LLDP support is disabled by default.
6143
6144   Summary:
6145       system_name                   string
6146       system_description            string
6147       mappings                      map  of  integer-integer  pairs,  key  in
6148                                     range  0  to 16,777,215, value in range 0
6149                                     to 4,095
6150
6151   Details:
6152       system_name: string
6153              The system_name string is exported in LLDP messages.  It  should
6154              uniquely identify the bridge in the network.
6155
6156       system_description: string
6157              The  system_description  string is exported in LLDP messages. It
6158              should describe the type of software and hardware.
6159
6160       mappings: map of integer-integer pairs, key in range 0  to  16,777,215,
6161       value in range 0 to 4,095
6162              A  mapping from SPB network Individual Service Identifier (ISID)
6163              to VLAN id.
6164
6165
6166
6167Open vSwitch 2.17.0             DB Schema 8.3.0        ovs-vswitchd.conf.db(5)
Impressum