1vtep(5)                       Open vSwitch Manual                      vtep(5)
2
3
4

NAME

6       vtep - hardware_vtep database schema
7
8       This schema specifies relations that a VTEP can use to integrate physi‐
9       cal ports into logical switches maintained by a network  virtualization
10       controller such as NSX.
11
12       Glossary:
13
14              VTEP   VXLAN Tunnel End Point, an entity which originates and/or
15                     terminates VXLAN tunnels.
16
17              HSC    Hardware Switch Controller.
18
19              NVC    Network Virtualization Controller, e.g. NSX.
20
21              VRF    Virtual Routing and Forwarding instance.
22
23   Common Column
24       Some tables contain a column, named other_config. This column  has  the
25       same  form  and  purpose  each place that it appears, so we describe it
26       here to save space later.
27
28              other_config: map of string-string pairs
29                     Key-value pairs for configuring rarely  used  or  propri‐
30                     etary features.
31
32                     Some  tables  do  not have other_config column because no
33                     key-value pairs have yet been defined for them.
34

TABLE SUMMARY

36       The following list summarizes the purpose of each of the tables in  the
37       hardware_vtep  database.   Each  table is described in more detail on a
38       later page.
39
40       Table     Purpose
41       Global    Top-level configuration.
42       Manager   OVSDB management connection.
43       Physical_Switch
44                 A physical switch.
45       Tunnel    A tunnel created by a physical switch.
46       Physical_Port
47                 A port within a physical switch.
48       Logical_Binding_Stats
49                 Statistics for a VLAN on a physical port bound to  a  logical
50                 network.
51       Logical_Switch
52                 A layer-2 domain.
53       Ucast_Macs_Local
54                 Unicast MACs (local)
55       Ucast_Macs_Remote
56                 Unicast MACs (remote)
57       Mcast_Macs_Local
58                 Multicast MACs (local)
59       Mcast_Macs_Remote
60                 Multicast MACs (remote)
61       Logical_Router
62                 A logical L3 router.
63       Arp_Sources_Local
64                 ARP source addresses for logical routers
65       Arp_Sources_Remote
66                 ARP source addresses for logical routers
67       Physical_Locator_Set
68                 Physical_Locator_Set configuration.
69       Physical_Locator
70                 Physical_Locator configuration.
71       ACL_entry ACL_entry configuration.
72       ACL       ACL configuration.
73

Global TABLE

75       Top-level  configuration for a hardware VTEP. There must be exactly one
76       record in the Global table.
77
78   Summary:
79       switches                      set of Physical_Switchs
80       Database Configuration:
81         managers                    set of Managers
82       Common Column:
83         other_config                map of string-string pairs
84
85   Details:
86       switches: set of Physical_Switchs
87              The physical switch or switches managed by the VTEP.
88
89              When a physical switch integrates support for this VTEP  schema,
90              which is expected to be the most common case, this column should
91              point to one Physical_Switch record that represents  the  switch
92              itself.  In  another  possible  implementation, a server or a VM
93              presents a VTEP schema front-end interface to one or more physi‐
94              cal  switches,  presumably  communicating  with  those  physical
95              switches over a proprietary protocol. In that case, this  column
96              would point to one Physical_Switch for each physical switch, and
97              the set might change over time as the front-end server comes  to
98              represent a differing set of switches.
99
100     Database Configuration:
101
102       These  columns  primarily configure the database server (ovsdb-server),
103       not the hardware VTEP itself.
104
105       managers: set of Managers
106              Database clients to which the database server should connect  or
107              to which it should listen, along with options for how these con‐
108              nection should be configured. See the Manager table for more in‐
109              formation.
110
111     Common Column:
112
113       The  overall purpose of this column is described under Common Column at
114       the beginning of this document.
115
116       other_config: map of string-string pairs
117

Manager TABLE

119       Configuration for a database connection to  an  Open  vSwitch  Database
120       (OVSDB) client.
121
122       The database server can initiate and maintain active connections to re‐
123       mote clients. It can also listen for database connections.
124
125   Summary:
126       Core Features:
127         target                      string (must be unique within table)
128       Client Failure Detection and Handling:
129         max_backoff                 optional integer, at least 1,000
130         inactivity_probe            optional integer
131       Status:
132         is_connected                boolean
133         status : last_error         optional string
134         status : state              optional string, one of ACTIVE,  BACKOFF,
135                                     CONNECTING, IDLE, or VOID
136         status : sec_since_connect  optional  string,  containing an integer,
137                                     at least 0
138         status : sec_since_disconnect
139                                     optional string, containing  an  integer,
140                                     at least 0
141         status : locks_held         optional string
142         status : locks_waiting      optional string
143         status : locks_lost         optional string
144         status : n_connections      optional  string,  containing an integer,
145                                     at least 2
146       Connection Parameters:
147         other_config : dscp         optional string, containing an integer
148
149   Details:
150     Core Features:
151
152       target: string (must be unique within table)
153              Connection method for managers.
154
155              The following connection methods are currently supported:
156
157              ssl:host[:port]
158                     The specified SSL port (default: 6640) on the given host,
159                     which can either be a DNS name (if built with unbound li‐
160                     brary) or an IP address.
161
162                     SSL key and certificate configuration happens outside the
163                     database.
164
165              tcp:host[:port]
166                     The specified TCP port (default: 6640) on the given host,
167                     which can either be a DNS name (if built with unbound li‐
168                     brary) or an IP address.
169
170              pssl:[port][:host]
171                     Listens  for  SSL  connections  on the specified TCP port
172                     (default: 6640). If host, which can either be a DNS  name
173                     (if  built  with  unbound  library)  or an IP address, is
174                     specified, then connections are  restricted  to  the  re‐
175                     solved or specified local IP address.
176
177              ptcp:[port][:host]
178                     Listens  for  connections  on the specified TCP port (de‐
179                     fault: 6640). If host, which can either be a DNS name (if
180                     built  with  unbound library) or an IP address, is speci‐
181                     fied, then connections are restricted to the resolved  or
182                     specified local IP address.
183
184     Client Failure Detection and Handling:
185
186       max_backoff: optional integer, at least 1,000
187              Maximum  number  of  milliseconds to wait between connection at‐
188              tempts. Default is implementation-specific.
189
190       inactivity_probe: optional integer
191              Maximum number of milliseconds of idle time on connection to the
192              client  before  sending an inactivity probe message. If the Open
193              vSwitch database does not communicate with the  client  for  the
194              specified number of seconds, it will send a probe. If a response
195              is not received for the same  additional  amount  of  time,  the
196              database  server  assumes the connection has been broken and at‐
197              tempts to reconnect. Default is implementation-specific. A value
198              of 0 disables inactivity probes.
199
200     Status:
201
202       is_connected: boolean
203              true if currently connected to this manager, false otherwise.
204
205       status : last_error: optional string
206              A human-readable description of the last error on the connection
207              to the manager; i.e. strerror(errno). This key will  exist  only
208              if an error has occurred.
209
210       status  :  state:  optional string, one of ACTIVE, BACKOFF, CONNECTING,
211       IDLE, or VOID
212              The state of the connection to the manager:
213
214              VOID   Connection is disabled.
215
216              BACKOFF
217                     Attempting to reconnect at an increasing period.
218
219              CONNECTING
220                     Attempting to connect.
221
222              ACTIVE Connected, remote host responsive.
223
224              IDLE   Connection is idle. Waiting for response to keep-alive.
225
226              These values may change in the future. They  are  provided  only
227              for human consumption.
228
229       status  : sec_since_connect: optional string, containing an integer, at
230       least 0
231              The amount of time since this  manager  last  successfully  con‐
232              nected  to  the database (in seconds). Value is empty if manager
233              has never successfully connected.
234
235       status : sec_since_disconnect: optional string, containing an  integer,
236       at least 0
237              The amount of time since this manager last disconnected from the
238              database (in seconds). Value is empty if manager has never  dis‐
239              connected.
240
241       status : locks_held: optional string
242              Space-separated  list  of the names of OVSDB locks that the con‐
243              nection holds. Omitted if  the  connection  does  not  hold  any
244              locks.
245
246       status : locks_waiting: optional string
247              Space-separated  list  of the names of OVSDB locks that the con‐
248              nection is currently waiting to acquire. Omitted if the  connec‐
249              tion is not waiting for any locks.
250
251       status : locks_lost: optional string
252              Space-separated  list  of the names of OVSDB locks that the con‐
253              nection has had stolen by another OVSDB client.  Omitted  if  no
254              locks have been stolen from this connection.
255
256       status  :  n_connections:  optional  string,  containing an integer, at
257       least 2
258              When target specifies a connection method that listens  for  in‐
259              bound  connections  (e.g. ptcp: or pssl:) and more than one con‐
260              nection is actually active, the value is the  number  of  active
261              connections. Otherwise, this key-value pair is omitted.
262
263              When  multiple  connections  are active, status columns and key-
264              value pairs (other than this one) report the status of one arbi‐
265              trarily chosen connection.
266
267     Connection Parameters:
268
269       Additional  configuration  for a connection between the manager and the
270       database server.
271
272       other_config : dscp: optional string, containing an integer
273              The Differentiated Service Code Point (DSCP) is specified  using
274              6 bits in the Type of Service (TOS) field in the IP header. DSCP
275              provides a mechanism to classify the network traffic and provide
276              Quality  of  Service (QoS) on IP networks. The DSCP value speci‐
277              fied here is used when establishing the connection  between  the
278              manager and the database server. If no value is specified, a de‐
279              fault value of 48 is chosen. Valid DSCP values must  be  in  the
280              range 0 to 63.
281

Physical_Switch TABLE

283       A physical switch that implements a VTEP.
284
285   Summary:
286       ports                         set of Physical_Ports
287       tunnels                       set of Tunnels
288       Network Status:
289         management_ips              set of strings
290         tunnel_ips                  set of strings
291       Identification:
292         name                        string (must be unique within table)
293         description                 string
294       Error Notification:
295         switch_fault_status : mac_table_exhaustion
296                                     none
297         switch_fault_status : tunnel_exhaustion
298                                     none
299         switch_fault_status : lr_switch_bindings_fault
300                                     none
301         switch_fault_status : lr_static_routes_fault
302                                     none
303         switch_fault_status : lr_creation_fault
304                                     none
305         switch_fault_status : lr_support_fault
306                                     none
307         switch_fault_status : unspecified_fault
308                                     none
309         switch_fault_status : unsupported_source_node_replication
310                                     none
311       Common Column:
312         other_config                map of string-string pairs
313
314   Details:
315       ports: set of Physical_Ports
316              The physical ports within the switch.
317
318       tunnels: set of Tunnels
319              Tunnels created by this switch as instructed by the NVC.
320
321     Network Status:
322
323       management_ips: set of strings
324              IPv4  or IPv6 addresses at which the switch may be contacted for
325              management purposes.
326
327       tunnel_ips: set of strings
328              IPv4 or IPv6 addresses on which the switch may originate or ter‐
329              minate tunnels.
330
331              This  column  is  intended  to  allow a Manager to determine the
332              Physical_Switch that terminates  the  tunnel  represented  by  a
333              Physical_Locator.
334
335     Identification:
336
337       name: string (must be unique within table)
338              Symbolic name for the switch, such as its hostname.
339
340       description: string
341              An extended description for the switch, such as its switch login
342              banner.
343
344     Error Notification:
345
346       An entry in this column indicates to the NVC that this switch  has  en‐
347       countered a fault. The switch must clear this column when the fault has
348       been cleared.
349
350       switch_fault_status : mac_table_exhaustion: none
351              Indicates that the switch has been unable to process MAC entries
352              requested by the NVC due to lack of table resources.
353
354       switch_fault_status : tunnel_exhaustion: none
355              Indicates  that the switch has been unable to create tunnels re‐
356              quested by the NVC due to lack of resources.
357
358       switch_fault_status : lr_switch_bindings_fault: none
359              Indicates that the switch has been unable to create the  logical
360              router  interfaces  requested by the NVC due to conflicting con‐
361              figurations or a lack of hardware resources.
362
363       switch_fault_status : lr_static_routes_fault: none
364              Indicates that the switch has been unable to create  the  static
365              routes requested by the NVC due to conflicting configurations or
366              a lack of hardware resources.
367
368       switch_fault_status : lr_creation_fault: none
369              Indicates that the switch has been unable to create the  logical
370              router requested by the NVC due to conflicting configurations or
371              a lack of hardware resources.
372
373       switch_fault_status : lr_support_fault: none
374              Indicates that the switch does not support logical routing.
375
376       switch_fault_status : unspecified_fault: none
377              Indicates that an error has occurred in the switch but  that  no
378              more specific information is available.
379
380       switch_fault_status : unsupported_source_node_replication: none
381              Indicates that the requested source node replication mode cannot
382              be supported by the physical switch; this specifically means  in
383              this  context  that  the physical switch lacks the capability to
384              support source node replication mode. This error occurs  when  a
385              controller  attempts to set source node replication mode for one
386              of the logical switches that the physical switch is keeping con‐
387              text  for. An NVC that observes this error should take appropri‐
388              ate action (for example reverting the logical switch to  service
389              node  replication mode). It is recommended that an NVC be proac‐
390              tive and test for support of source node replication by using  a
391              test  logical switch on vtep physical switch nodes and then try‐
392              ing to change the replication mode to source node on this  logi‐
393              cal  switch, checking for error. The NVC could remember this ca‐
394              pability per vtep physical switch. Using mixed replication modes
395              on  a  given  logical  switch  is  not recommended. Service node
396              replication mode is considered a basic requirement since it only
397              requires  sending  a packet to a single transport node, hence it
398              is not expected that a switch should report  that  service  node
399              mode cannot be supported.
400
401     Common Column:
402
403       The  overall purpose of this column is described under Common Column at
404       the beginning of this document.
405
406       other_config: map of string-string pairs
407

Tunnel TABLE

409       A tunnel created by a Physical_Switch.
410
411   Summary:
412       local                         Physical_Locator
413       remote                        Physical_Locator
414       Bidirectional Forwarding Detection (BFD):
415         BFD Local Configuration:
416            bfd_config_local : bfd_dst_mac
417                                     optional string
418            bfd_config_local : bfd_dst_ip
419                                     optional string
420         BFD Remote Configuration:
421            bfd_config_remote : bfd_dst_mac
422                                     optional string
423            bfd_config_remote : bfd_dst_ip
424                                     optional string
425         BFD Parameters:
426            bfd_params : enable      optional string, either true or false
427            bfd_params : min_rx      optional string, containing  an  integer,
428                                     at least 1
429            bfd_params : min_tx      optional  string,  containing an integer,
430                                     at least 1
431            bfd_params : decay_min_rx
432                                     optional string, containing an integer
433            bfd_params : forwarding_if_rx
434                                     optional string, either true or false
435            bfd_params : cpath_down  optional string, either true or false
436            bfd_params : check_tnl_key
437                                     optional string, either true or false
438         BFD Status:
439            bfd_status : enabled     optional string, either true or false
440            bfd_status : state       optional string, one of admin_down, down,
441                                     init, or up
442            bfd_status : forwarding  optional string, either true or false
443            bfd_status : diagnostic  optional string
444            bfd_status : remote_state
445                                     optional string, one of admin_down, down,
446                                     init, or up
447            bfd_status : remote_diagnostic
448                                     optional string
449            bfd_status : info        optional string
450
451   Details:
452       local: Physical_Locator
453              Tunnel end-point local to the physical switch.
454
455       remote: Physical_Locator
456              Tunnel end-point remote to the physical switch.
457
458     Bidirectional Forwarding Detection (BFD):
459
460       BFD, defined in RFC 5880, allows point to point detection of connectiv‐
461       ity  failures by occasional transmission of BFD control messages. VTEPs
462       are expected to implement BFD.
463
464       BFD operates by regularly transmitting BFD control messages at  a  rate
465       negotiated independently in each direction. Each endpoint specifies the
466       rate at which it expects to receive control messages, and the  rate  at
467       which it’s willing to transmit them. An endpoint which fails to receive
468       BFD control messages for a period of three times the expected reception
469       rate  will signal a connectivity fault. In the case of a unidirectional
470       connectivity issue, the system not receiving BFD control messages  will
471       signal the problem to its peer in the messages it transmits.
472
473       A hardware VTEP is expected to use BFD to determine reachability of de‐
474       vices at the end of the tunnels with which it exchanges data. This  can
475       enable  the  VTEP  to  choose a functioning service node among a set of
476       service nodes providing high availability. It also enables the  NVC  to
477       report the health status of tunnels.
478
479       In  many  cases the BFD peer of a hardware VTEP will be an Open vSwitch
480       instance. The Open vSwitch implementation of BFD aims to comply  faith‐
481       fully  with  the  requirements put forth in RFC 5880. Open vSwitch does
482       not implement the optional Authentication or ``Echo Mode’’ features.
483
484     BFD Local Configuration:
485
486       The HSC writes the key-value pairs in the  bfd_config_local  column  to
487       specify  the  local  configurations to be used for BFD sessions on this
488       tunnel.
489
490       bfd_config_local : bfd_dst_mac: optional string
491              Set to an Ethernet address in the form xx:xx:xx:xx:xx:xx to  set
492              the  MAC  expected  as destination for received BFD packets. The
493              default is 00:23:20:00:00:01.
494
495       bfd_config_local : bfd_dst_ip: optional string
496              Set to an IPv4 address to set the IP address that is expected as
497              destination   for   received   BFD   packets.   The  default  is
498              169.254.1.0.
499
500     BFD Remote Configuration:
501
502       The bfd_config_remote column is the remote counterpart of the  bfd_con‐
503       fig_local column. The NVC writes the key-value pairs in this column.
504
505       bfd_config_remote : bfd_dst_mac: optional string
506              Set  to an Ethernet address in the form xx:xx:xx:xx:xx:xx to set
507              the destination MAC to be used for transmitted BFD packets.  The
508              default is 00:23:20:00:00:01.
509
510       bfd_config_remote : bfd_dst_ip: optional string
511              Set to an IPv4 address to set the IP address used as destination
512              for transmitted BFD packets. The default is 169.254.1.1.
513
514     BFD Parameters:
515
516       The NVC sets up key-value pairs in the bfd_params column to enable  and
517       configure BFD.
518
519       bfd_params : enable: optional string, either true or false
520              True  to  enable  BFD on this Tunnel. If not specified, BFD will
521              not be enabled by default.
522
523       bfd_params : min_rx: optional string, containing an integer, at least 1
524              The shortest interval, in milliseconds, at which this  BFD  ses‐
525              sion offers to receive BFD control messages. The remote endpoint
526              may choose to send messages at a slower rate. Defaults to 1000.
527
528       bfd_params : min_tx: optional string, containing an integer, at least 1
529              The shortest interval, in milliseconds, at which this  BFD  ses‐
530              sion  is willing to transmit BFD control messages. Messages will
531              actually be transmitted at a slower rate if the remote  endpoint
532              is  not  willing to receive as quickly as specified. Defaults to
533              100.
534
535       bfd_params : decay_min_rx: optional string, containing an integer
536              An alternate receive interval, in  milliseconds,  that  must  be
537              greater  than  or equal to bfd_params:min_rx. The implementation
538              should switch from bfd_params:min_rx to  bfd_params:decay_min_rx
539              when there is no obvious incoming data traffic at the tunnel, to
540              reduce the CPU and bandwidth cost of monitoring an idle  tunnel.
541              This  feature may be disabled by setting a value of 0. This fea‐
542              ture    is    reset    whenever    bfd_params:decay_min_rx    or
543              bfd_params:min_rx changes.
544
545       bfd_params : forwarding_if_rx: optional string, either true or false
546              When  true,  traffic  received on the Tunnel is used to indicate
547              the capability of packet I/O.  BFD  control  packets  are  still
548              transmitted  and  received. At least one BFD control packet must
549              be received every 100 * bfd_params:min_rx amount of time. Other‐
550              wise,  even  if  traffic  is received, the bfd_params:forwarding
551              will be false.
552
553       bfd_params : cpath_down: optional string, either true or false
554              Set to true to notify the remote endpoint  that  traffic  should
555              not  be  forwarded  to  this system for some reason other than a
556              connectivity failure on the interface being monitored. The typi‐
557              cal  underlying  reason  is ``concatenated path down,’’ that is,
558              that connectivity beyond the local system is down.  Defaults  to
559              false.
560
561       bfd_params : check_tnl_key: optional string, either true or false
562              Set to true to make BFD accept only control messages with a tun‐
563              nel key of zero. By default, BFD accepts control  messages  with
564              any tunnel key.
565
566     BFD Status:
567
568       The  VTEP  sets  key-value pairs in the bfd_status column to report the
569       status  of  BFD  on  this  tunnel.  When  BFD  is  not  enabled,   with
570       bfd_params:enable, the HSC clears all key-value pairs from bfd_status.
571
572       bfd_status : enabled: optional string, either true or false
573              Set  to  true  if the BFD session has been successfully enabled.
574              Set to false if the VTEP cannot support BFD or has  insufficient
575              resources to enable BFD on this tunnel. The NVC will disable the
576              BFD monitoring on the other side of the tunnel once  this  value
577              is set to false.
578
579       bfd_status  : state: optional string, one of admin_down, down, init, or
580       up
581              Reports the state of the BFD session. The BFD session  is  fully
582              healthy and negotiated if UP.
583
584       bfd_status : forwarding: optional string, either true or false
585              Reports whether the BFD session believes this Tunnel may be used
586              to forward traffic. Typically this means the  local  session  is
587              signaling  UP,  and  the remote system isn’t signaling a problem
588              such as concatenated path down.
589
590       bfd_status : diagnostic: optional string
591              A diagnostic code specifying the local system’s reason  for  the
592              last  change in session state. The error messages are defined in
593              section 4.1 of [RFC 5880].
594
595       bfd_status : remote_state: optional string, one  of  admin_down,  down,
596       init, or up
597              Reports the state of the remote endpoint’s BFD session.
598
599       bfd_status : remote_diagnostic: optional string
600              A  diagnostic code specifying the remote system’s reason for the
601              last change in session state. The error messages are defined  in
602              section 4.1 of [RFC 5880].
603
604       bfd_status : info: optional string
605              A short message providing further information about the BFD sta‐
606              tus (possibly including reasons why BFD could not be enabled).
607

Physical_Port TABLE

609       A port within a Physical_Switch.
610
611   Summary:
612       vlan_bindings                 map of integer-Logical_Switch pairs,  key
613                                     in range 0 to 4,095
614       acl_bindings                  map  of integer-ACL pairs, key in range 0
615                                     to 4,095
616       vlan_stats                    map   of    integer-Logical_Binding_Stats
617                                     pairs, key in range 0 to 4,095
618       Identification:
619         name                        string
620         description                 string
621       Error Notification:
622         port_fault_status : invalid_vlan_map
623                                     none
624         port_fault_status : invalid_ACL_binding
625                                     none
626         port_fault_status : unspecified_fault
627                                     none
628       Common Column:
629         other_config                map of string-string pairs
630
631   Details:
632       vlan_bindings:  map  of integer-Logical_Switch pairs, key in range 0 to
633       4,095
634              Identifies how VLANs on the physical port are bound  to  logical
635              switches.  If,  for  example,  the map contains a (VLAN, logical
636              switch) pair, a packet that arrives on the port in the  VLAN  is
637              considered  to  belong  to the paired logical switch. A value of
638              zero in the VLAN field means that untagged traffic on the physi‐
639              cal port is mapped to the logical switch.
640
641       acl_bindings: map of integer-ACL pairs, key in range 0 to 4,095
642              Attach  Access  Control  Lists  (ACLs) to the physical port. The
643              column consists of a map of VLAN tags to ACLs. If the  value  of
644              the VLAN tag in the map is 0, this means that the ACL is associ‐
645              ated with the entire physical port. Non-zero  values  mean  that
646              the  ACL is to be applied only on packets carrying that VLAN tag
647              value. Switches will not necessarily  support  matching  on  the
648              VLAN  tag  for all ACLs, and unsupported ACL bindings will cause
649              errors to be reported. The binding of an ACL to a specific  VLAN
650              and the binding of an ACL to the entire physical port should not
651              be combined on a single physical port. That is, a  mix  of  zero
652              and non-zero keys in the map is not recommended.
653
654       vlan_stats:  map of integer-Logical_Binding_Stats pairs, key in range 0
655       to 4,095
656              Statistics for VLANs bound to logical switches on  the  physical
657              port.  An  implementation  that  fully  supports such statistics
658              would populate this column with a mapping for every VLAN that is
659              bound  in vlan_bindings. An implementation that does not support
660              such statistics or only partially supports them would not  popu‐
661              late this column or partially populate it, respectively. A value
662              of zero in the VLAN field refers  to  untagged  traffic  on  the
663              physical port.
664
665     Identification:
666
667       name: string
668              Symbolic name for the port. The name ought to be unique within a
669              given Physical_Switch, but the database is not  capable  of  en‐
670              forcing this.
671
672       description: string
673              An extended description for the port.
674
675     Error Notification:
676
677       An entry in this column indicates to the NVC that the physical port has
678       encountered a fault. The switch must clear this column when  the  error
679       has been cleared.
680
681       port_fault_status : invalid_vlan_map: none
682              Indicates that a VLAN-to-logical-switch mapping requested by the
683              controller could not be instantiated by the switch because of  a
684              conflict with local configuration.
685
686       port_fault_status : invalid_ACL_binding: none
687              Indicates  that an error has occurred in associating an ACL with
688              a port.
689
690       port_fault_status : unspecified_fault: none
691              Indicates that an error has occurred on the  port  but  that  no
692              more specific information is available.
693
694     Common Column:
695
696       The  overall purpose of this column is described under Common Column at
697       the beginning of this document.
698
699       other_config: map of string-string pairs
700

Logical_Binding_Stats TABLE

702       Reports statistics for the Logical_Switch with which a VLAN on a Physi‐
703       cal_Port is associated.
704
705   Summary:
706       Statistics:
707         packets_from_local          integer
708         bytes_from_local            integer
709         packets_to_local            integer
710         bytes_to_local              integer
711
712   Details:
713     Statistics:
714
715       These statistics count only packets to which the binding applies.
716
717       packets_from_local: integer
718              Number of packets sent by the Physical_Switch.
719
720       bytes_from_local: integer
721              Number of bytes in packets sent by the Physical_Switch.
722
723       packets_to_local: integer
724              Number of packets received by the Physical_Switch.
725
726       bytes_to_local: integer
727              Number of bytes in packets received by the Physical_Switch.
728

Logical_Switch TABLE

730       A  logical  Ethernet switch, whose implementation may span physical and
731       virtual media, possibly crossing L3  domains  via  tunnels;  a  logical
732       layer-2 domain; an Ethernet broadcast domain.
733
734   Summary:
735       Per Logical-Switch Tunnel Key:
736         tunnel_key                  optional integer
737       Replication Mode:
738         replication_mode            optional  string,  either service_node or
739                                     source_node
740       Identification:
741         name                        string (must be unique within table)
742         description                 string
743       Common Column:
744         other_config                map of string-string pairs
745
746   Details:
747     Per Logical-Switch Tunnel Key:
748
749       Tunnel protocols tend to have a field that allows the tunnel to be par‐
750       titioned  into  sub-tunnels:  VXLAN  has a VNI, GRE and STT have a key,
751       CAPWAP has a WSI, and so on. We call these generically ``tunnel keys.’’
752       Given that one needs to use a tunnel key at all, there are at least two
753       reasonable ways to assign their values:
754
755              •      Per Logical_Switch+Physical_Locator pair. That  is,  each
756                     logical  switch may be assigned a different tunnel key on
757                     every Physical_Locator. This model is  especially  flexi‐
758                     ble.
759
760                     In  this  model, Physical_Locator carries the tunnel key.
761                     Therefore, one Physical_Locator  record  will  exist  for
762                     each logical switch carried at a given IP destination.
763
764              •      Per Logical_Switch. That is, every tunnel associated with
765                     a particular logical switch carries the same tunnel  key,
766                     regardless of the Physical_Locator to which the tunnel is
767                     addressed. This model may ease switch implementation  be‐
768                     cause it imposes fewer requirements on the hardware data‐
769                     path.
770
771                     In this model, Logical_Switch  carries  the  tunnel  key.
772                     Therefore,  one  Physical_Locator  record  will exist for
773                     each IP destination.
774
775       tunnel_key: optional integer
776              This column is used only in the tunnel  key  per  Logical_Switch
777              model  (see above), because only in that model is there a tunnel
778              key associated with a logical switch.
779
780              For vxlan_over_ipv4 encapsulation, when the tunnel key per Logi‐
781              cal_Switch  model  is  in use, this column is the VXLAN VNI that
782              identifies a logical switch. It  must  be  in  the  range  0  to
783              16,777,215.
784
785     Replication Mode:
786
787       For handling L2 broadcast, multicast and unknown unicast traffic, pack‐
788       ets can be sent to all members of a  logical  switch  referenced  by  a
789       physical  switch.  There  are different modes to replicate the packets.
790       The default mode of replication is to send the  traffic  to  a  service
791       node,  which can be a hypervisor, server or appliance, and let the ser‐
792       vice node handle replication to other transport nodes  (hypervisors  or
793       other  VTEP physical switches). This mode is called service node repli‐
794       cation. An alternate mode of replication, called source  node  replica‐
795       tion involves the source node sending to all other transport nodes. Hy‐
796       pervisors are always responsible for doing their  own  replication  for
797       locally  attached  VMs  in both modes. Service node replication mode is
798       the default and considered a basic requirement because it only requires
799       sending the packet to a single transport node.
800
801       replication_mode: optional string, either service_node or source_node
802              This  optional  column  defines  the  replication mode per Logi‐
803              cal_Switch.  There  are  2  valid   values,   service_node   and
804              source_node.  If the column is not set, the replication mode de‐
805              faults to service_node.
806
807     Identification:
808
809       name: string (must be unique within table)
810              Symbolic name for the logical switch.
811
812       description: string
813              An extended description for the  logical  switch,  such  as  its
814              switch login banner.
815
816     Common Column:
817
818       The  overall purpose of this column is described under Common Column at
819       the beginning of this document.
820
821       other_config: map of string-string pairs
822

Ucast_Macs_Local TABLE

824       Mapping of unicast MAC addresses to tunnels (physical  locators).  This
825       table is written by the HSC, so it contains the MAC addresses that have
826       been learned on physical ports by a VTEP.
827
828   Summary:
829       MAC                           string
830       logical_switch                Logical_Switch
831       locator                       Physical_Locator
832       ipaddr                        string
833
834   Details:
835       MAC: string
836              A MAC address that has been learned by the VTEP.
837
838       logical_switch: Logical_Switch
839              The Logical switch to which this mapping applies.
840
841       locator: Physical_Locator
842              The physical locator to be used to reach this  MAC  address.  In
843              this  table,  the  physical locator will be one of the tunnel IP
844              addresses of the appropriate VTEP.
845
846       ipaddr: string
847              The IP address to which this MAC corresponds. Optional field for
848              the purpose of ARP supression.
849

Ucast_Macs_Remote TABLE

851       Mapping  of  unicast MAC addresses to tunnels (physical locators). This
852       table is written by the NVC, so it contains the MAC addresses that  the
853       NVC  has  learned.  These  include  VM MAC addresses, in which case the
854       physical locators will be hypervisor IP addresses. The  NVC  will  also
855       report  MACs  that  it  has  learned from other HSCs in the network, in
856       which case the physical locators will be tunnel  IP  addresses  of  the
857       corresponding VTEPs.
858
859   Summary:
860       MAC                           string
861       logical_switch                Logical_Switch
862       locator                       Physical_Locator
863       ipaddr                        string
864
865   Details:
866       MAC: string
867              A MAC address that has been learned by the NVC.
868
869       logical_switch: Logical_Switch
870              The Logical switch to which this mapping applies.
871
872       locator: Physical_Locator
873              The  physical  locator  to be used to reach this MAC address. In
874              this table, the physical locator will be either a hypervisor  IP
875              address or a tunnel IP addresses of another VTEP.
876
877       ipaddr: string
878              The IP address to which this MAC corresponds. Optional field for
879              the purpose of ARP supression.

Mcast_Macs_Local TABLE

881       Mapping of multicast MAC addresses to tunnels (physical locators). This
882       table is written by the HSC, so it contains the MAC addresses that have
883       been learned on physical ports by a VTEP. These may be learned by  IGMP
884       snooping,  for example. This table also specifies how to handle unknown
885       unicast and broadcast packets.
886
887   Summary:
888       MAC                           string
889       logical_switch                Logical_Switch
890       locator_set                   Physical_Locator_Set
891       ipaddr                        string
892
893   Details:
894       MAC: string
895              A MAC address that has been learned by the VTEP.
896
897              The keyword unknown-dst is used  as  a  special  ``Ethernet  ad‐
898              dress’’ that indicates the locations to which packets in a logi‐
899              cal switch whose destination addresses do not  otherwise  appear
900              in  Ucast_Macs_Local (for unicast addresses) or Mcast_Macs_Local
901              (for multicast addresses) should be sent.
902
903       logical_switch: Logical_Switch
904              The Logical switch to which this mapping applies.
905
906       locator_set: Physical_Locator_Set
907              The physical locator set to be used to reach this  MAC  address.
908              In  this  table, the physical locator set will be contain one or
909              more tunnel IP addresses of the appropriate VTEP(s).
910
911       ipaddr: string
912              The IP address to which this MAC corresponds. Optional field for
913              the purpose of ARP supression.
914

Mcast_Macs_Remote TABLE

916       Mapping of multicast MAC addresses to tunnels (physical locators). This
917       table is written by the NVC, so it contains the MAC addresses that  the
918       NVC  has  learned. This table also specifies how to handle unknown uni‐
919       cast and broadcast packets.
920
921       Multicast packet replication may be handled by a service node, in which
922       case  the  physical  locators will be IP addresses of service nodes. If
923       the VTEP supports replication onto multiple tunnels, using source  node
924       replication,  then this may be used to replicate directly onto VTEP-hy‐
925       pervisor or VTEP-VTEP tunnels.
926
927   Summary:
928       MAC                           string
929       logical_switch                Logical_Switch
930       locator_set                   Physical_Locator_Set
931       ipaddr                        string
932
933   Details:
934       MAC: string
935              A MAC address that has been learned by the NVC.
936
937              The keyword unknown-dst is used  as  a  special  ``Ethernet  ad‐
938              dress’’ that indicates the locations to which packets in a logi‐
939              cal switch whose destination addresses do not  otherwise  appear
940              in  Ucast_Macs_Remote  (for unicast addresses) or Mcast_Macs_Re‐
941              mote (for multicast addresses) should be sent.
942
943       logical_switch: Logical_Switch
944              The Logical switch to which this mapping applies.
945
946       locator_set: Physical_Locator_Set
947              The physical locator set to be used to reach this  MAC  address.
948              In  this table, the physical locator set will be either a set of
949              service nodes when service node replication is used or  the  set
950              of transport nodes (defined as hypervisors or VTEPs) participat‐
951              ing in the associated logical switch, when source node  replica‐
952              tion  is  used.  When service node replication is used, the VTEP
953              should send packets to one member of the  locator  set  that  is
954              known  to be healthy and reachable, which could be determined by
955              BFD. When source node replication is used, the VTEP should  send
956              packets to all members of the locator set.
957
958       ipaddr: string
959              The IP address to which this MAC corresponds. Optional field for
960              the purpose of ARP supression.

Logical_Router TABLE

962       A logical router, or VRF. A logical router may be connected to  one  or
963       more  logical switches. Subnet addresses and interface addresses may be
964       configured on the interfaces.
965
966   Summary:
967       switch_binding                map of string-Logical_Switch pairs
968       static_routes                 map of string-string pairs
969       acl_binding                   map of string-ACL pairs
970       Identification:
971         name                        string (must be unique within table)
972         description                 string
973       Error Notification:
974         LR_fault_status : invalid_ACL_binding
975                                     none
976         LR_fault_status : unspecified_fault
977                                     none
978       Common Column:
979         other_config                map of string-string pairs
980
981   Details:
982       switch_binding: map of string-Logical_Switch pairs
983              Maps from an IPv4 or IPv6 address prefix in CIDR notation  to  a
984              logical switch. Multiple prefixes may map to the same switch. By
985              writing a 32-bit (or 128-bit for v6) address with  a  /N  prefix
986              length,  both the router’s interface address and the subnet pre‐
987              fix can be configured. For example, 192.68.1.1/24 creates a  /24
988              subnet  for the logical switch attached to the interface and as‐
989              signs the address 192.68.1.1 to the router interface.
990
991       static_routes: map of string-string pairs
992              One or more static routes, mapping IP prefixes to  next  hop  IP
993              addresses.
994
995       acl_binding: map of string-ACL pairs
996              Maps  ACLs  to  logical router interfaces. The router interfaces
997              are indicated using IP address notation, and must  be  the  same
998              interfaces created in the switch_binding column. For example, an
999              ACL could be associated with the logical router  interface  with
1000              an address of 192.68.1.1 as defined in the example above.
1001
1002     Identification:
1003
1004       name: string (must be unique within table)
1005              Symbolic name for the logical router.
1006
1007       description: string
1008              An extended description for the logical router.
1009
1010     Error Notification:
1011
1012       An  entry  in this column indicates to the NVC that the HSC has encoun‐
1013       tered a fault in configuring state related to the logical router.
1014
1015       LR_fault_status : invalid_ACL_binding: none
1016              Indicates that an error has occurred in associating an ACL  with
1017              a logical router port.
1018
1019       LR_fault_status : unspecified_fault: none
1020              Indicates  that an error has occurred in configuring the logical
1021              router but that no more specific information is available.
1022
1023     Common Column:
1024
1025       The overall purpose of this column is described under Common Column  at
1026       the beginning of this document.
1027
1028       other_config: map of string-string pairs
1029

Arp_Sources_Local TABLE

1031       MAC  address  to be used when a VTEP issues ARP requests on behalf of a
1032       logical router.
1033
1034       A distributed logical router is implemented by a  set  of  VTEPs  (both
1035       hardware  VTEPs  and  vswitches). In order for a given VTEP to populate
1036       the local ARP cache for a logical router, it issues ARP requests with a
1037       source  MAC  address  that is unique to the VTEP. A single per-VTEP MAC
1038       can be re-used across all logical networks.  This  table  contains  the
1039       MACs  that are used by the VTEPs of a given HSC. The table provides the
1040       mapping from MAC to physical locator for each VTEP so that  replies  to
1041       the  ARP requests can be sent back to the correct VTEP using the appro‐
1042       priate physical locator.
1043
1044   Summary:
1045       src_mac                       string
1046       locator                       Physical_Locator
1047
1048   Details:
1049       src_mac: string
1050              The source MAC to be used by a given VTEP.
1051
1052       locator: Physical_Locator
1053              The Physical_Locator to use for replies  to  ARP  requests  from
1054              this MAC address.
1055

Arp_Sources_Remote TABLE

1057       MAC address to be used when a remote VTEP issues ARP requests on behalf
1058       of a logical router.
1059
1060       This table is the remote  counterpart  of  Arp_sources_local.  The  NVC
1061       writes  this  table  to notify the HSC of the MACs that will be used by
1062       remote VTEPs when they issue ARP requests on behalf  of  a  distributed
1063       logical router.
1064
1065   Summary:
1066       src_mac                       string
1067       locator                       Physical_Locator
1068
1069   Details:
1070       src_mac: string
1071              The source MAC to be used by a given VTEP.
1072
1073       locator: Physical_Locator
1074              The  Physical_Locator  to  use  for replies to ARP requests from
1075              this MAC address.
1076

Physical_Locator_Set TABLE

1078       A set of one or more Physical_Locators.
1079
1080       This table exists only because OVSDB does not have a way to express the
1081       type ``map from string to one or more Physical_Locator records.’’
1082
1083   Summary:
1084       locators                      immutable set of 1 or more Physical_Loca‐
1085                                     tors
1086
1087   Details:
1088       locators: immutable set of 1 or more Physical_Locators
1089

Physical_Locator TABLE

1091       Identifies an endpoint to which logical switch traffic may be  encapsu‐
1092       lated and forwarded.
1093
1094       The  vxlan_over_ipv4  encapsulation,  the only encapsulation defined so
1095       far, can use either tunnel key model described in  the  ``Per  Logical-
1096       Switch  Tunnel Key’’ section in the Logical_Switch table. When the tun‐
1097       nel key per Logical_Switch model is in use, the  tunnel_key  column  in
1098       the Logical_Switch table is filled with a VNI and the tunnel_key column
1099       in this table is empty; in the key-per-tunnel model,  the  opposite  is
1100       true. The former model is older, and thus likely to be more widely sup‐
1101       ported. See the ``Per Logical-Switch Tunnel Key’’ section in the  Logi‐
1102       cal_Switch table for further discussion of the model.
1103
1104   Summary:
1105       encapsulation_type            immutable string, must be vxlan_over_ipv4
1106       dst_ip                        immutable string
1107       tunnel_key                    optional integer
1108
1109   Details:
1110       encapsulation_type: immutable string, must be vxlan_over_ipv4
1111              The type of tunneling encapsulation.
1112
1113       dst_ip: immutable string
1114              For vxlan_over_ipv4 encapsulation, the IPv4 address of the VXLAN
1115              tunnel endpoint.
1116
1117              We expect that this column could be used for IPv4  or  IPv6  ad‐
1118              dresses in encapsulations to be introduced later.
1119
1120       tunnel_key: optional integer
1121              This   column   is  used  only  in  the  tunnel  key  per  Logi‐
1122              cal_Switch+Physical_Locator model (see above).
1123
1124              For vxlan_over_ipv4 encapsulation, when the Logical_Switch+Phys‐
1125              ical_Locator  model  is in use, this column is the VXLAN VNI. It
1126              must be in the range 0 to 16,777,215.
1127

ACL_entry TABLE

1129       Describes the individual entries that comprise an Access Control List.
1130
1131       Each entry in the table is a single rule to  match  on  certain  header
1132       fields.  While  there  are a large number of fields that can be matched
1133       on, most hardware cannot match on arbitrary combinations of fields.  It
1134       is common to match on either L2 fields (described below in the L2 group
1135       of columns) or L3/L4 fields (the L3/L4 group of columns) but not  both.
1136       The  hardware  switch  controller  may log an error if an ACL entry re‐
1137       quires it to match on an incompatible mixture of fields.
1138
1139   Summary:
1140       sequence                      integer
1141       L2 fields:
1142         source_mac                  optional string
1143         dest_mac                    optional string
1144         ethertype                   optional string
1145       L3/L4 fields:
1146         source_ip                   optional string
1147         source_mask                 optional string
1148         dest_ip                     optional string
1149         dest_mask                   optional string
1150         protocol                    optional integer
1151         source_port_min             optional integer
1152         source_port_max             optional integer
1153         dest_port_min               optional integer
1154         dest_port_max               optional integer
1155         tcp_flags                   optional integer
1156         tcp_flags_mask              optional integer
1157         icmp_type                   optional integer
1158         icmp_code                   optional integer
1159       direction                     string, either egress or ingress
1160       action                        string, either deny or permit
1161       Error Notification:
1162         acle_fault_status : invalid_acl_entry
1163                                     none
1164         acle_fault_status : unspecified_fault
1165                                     none
1166
1167   Details:
1168       sequence: integer
1169              The sequence number for the ACL entry for the purpose of  order‐
1170              ing entries in an ACL. Lower numbered entries are matched before
1171              higher numbered entries.
1172
1173     L2 fields:
1174
1175       source_mac: optional string
1176              Source MAC address, in the form xx:xx:xx:xx:xx:xx
1177
1178       dest_mac: optional string
1179              Destination MAC address, in the form xx:xx:xx:xx:xx:xx
1180
1181       ethertype: optional string
1182              Ethertype in hexadecimal, in the form 0xAAAA
1183
1184     L3/L4 fields:
1185
1186       source_ip: optional string
1187              Source IP address, in the form xx.xx.xx.xx for IPv4 or appropri‐
1188              ate colon-separated hexadecimal notation for IPv6.
1189
1190       source_mask: optional string
1191              Mask that determines which bits of source_ip to match on, in the
1192              form xx.xx.xx.xx for IPv4 or appropriate  colon-separated  hexa‐
1193              decimal notation for IPv6.
1194
1195       dest_ip: optional string
1196              Destination  IP address, in the form xx.xx.xx.xx for IPv4 or ap‐
1197              propriate colon-separated hexadecimal notation for IPv6.
1198
1199       dest_mask: optional string
1200              Mask that determines which bits of dest_ip to match on,  in  the
1201              form  xx.xx.xx.xx  for IPv4 or appropriate colon-separated hexa‐
1202              decimal notation for IPv6.
1203
1204       protocol: optional integer
1205              Protocol number in the  IPv4  header,  or  value  of  the  "next
1206              header" field in the IPv6 header.
1207
1208       source_port_min: optional integer
1209              Lower  end  of the range of source port values. The value speci‐
1210              fied is included in the range.
1211
1212       source_port_max: optional integer
1213              Upper end of the range of source port values. The  value  speci‐
1214              fied is included in the range.
1215
1216       dest_port_min: optional integer
1217              Lower  end  of  the  range of destination port values. The value
1218              specified is included in the range.
1219
1220       dest_port_max: optional integer
1221              Upper end of the range of destination  port  values.  The  value
1222              specified is included in the range.
1223
1224       tcp_flags: optional integer
1225              Integer  representing the value of TCP flags to match. For exam‐
1226              ple, the SYN flag is the second least significant bit in the TCP
1227              flags.  Hence  a  value  of 2 would indicate that the "SYN" flag
1228              should be set (assuming an appropriate mask).
1229
1230       tcp_flags_mask: optional integer
1231              Integer representing the mask to apply when matching TCP  flags.
1232              For example, a value of 2 would imply that the "SYN" flag should
1233              be matched and all other flags ignored.
1234
1235       icmp_type: optional integer
1236              ICMP type to be matched.
1237
1238       icmp_code: optional integer
1239              ICMP code to be matched.
1240
1241       direction: string, either egress or ingress
1242              Direction of traffic to match  on  the  specified  port,  either
1243              "ingress"  (toward  the  logical  switch  or router) or "egress"
1244              (leaving the logical switch or router).
1245
1246       action: string, either deny or permit
1247              Action to take for this rule, either "permit" or "deny".
1248
1249     Error Notification:
1250
1251       An entry in this column indicates to the NVC that the ACL could not  be
1252       configured as requested. The switch must clear this column when the er‐
1253       ror has been cleared.
1254
1255       acle_fault_status : invalid_acl_entry: none
1256              Indicates that an ACL entry requested by  the  controller  could
1257              not  be  instantiated by the switch, e.g. because it requires an
1258              unsupported combination of fields to be matched.
1259
1260       acle_fault_status : unspecified_fault: none
1261              Indicates that an error has occurred in configuring the ACL  en‐
1262              try but no more specific information is available.
1263

ACL TABLE

1265       Access  Control List table. Each ACL is constructed as a set of entries
1266       from the ACL_entry table. Packets that are not matched by any entry  in
1267       the ACL are allowed by default.
1268
1269   Summary:
1270       acl_entries                   set of 1 or more ACL_entrys
1271       acl_name                      string (must be unique within table)
1272       Error Notification:
1273         acl_fault_status : invalid_acl
1274                                     none
1275         acl_fault_status : resource_shortage
1276                                     none
1277         acl_fault_status : unspecified_fault
1278                                     none
1279
1280   Details:
1281       acl_entries: set of 1 or more ACL_entrys
1282              A set of references to entries in the ACL_entry table.
1283
1284       acl_name: string (must be unique within table)
1285              A  human  readable  name for the ACL, which may (for example) be
1286              displayed on the switch CLI.
1287
1288     Error Notification:
1289
1290       An entry in this column indicates to the NVC that the ACL could not  be
1291       configured as requested. The switch must clear this column when the er‐
1292       ror has been cleared.
1293
1294       acl_fault_status : invalid_acl: none
1295              Indicates that an ACL requested by the controller could  not  be
1296              instantiated  by the switch, e.g., because it requires an unsup‐
1297              ported combination of fields to be matched.
1298
1299       acl_fault_status : resource_shortage: none
1300              Indicates that an ACL requested by the controller could  not  be
1301              instantiated  by the switch due to a shortage of resources (e.g.
1302              TCAM space).
1303
1304       acl_fault_status : unspecified_fault: none
1305              Indicates that an error has occurred in configuring the ACL  but
1306              no more specific information is available.
1307
1308
1309
1310Open vSwitch 2.17.0             DB Schema 1.7.0                        vtep(5)
Impressum