Provided by:
openvswitch-switch_1.4.0-1ubuntu1_i386 
Open_vSwitch DATABASE
A database with this schema holds the configuration for one Open
vSwitch daemon. The top-level configuration for the daemon is the
Open_vSwitch table, which must have exactly one record. Records in
other tables are significant only when they can be reached directly or
indirectly from the Open_vSwitch table. Records that are not reachable
from the Open_vSwitch table are automatically deleted from the
database, except for records in a few distinguished ``root set''
tables.
Common Columns
Most tables contain two special columns, named other_config and
external_ids. These columns have the same form and purpose each place
that they appear, so we describe them here to save space later.
other_config: map of string-string pairs
Key-value pairs for configuring rarely used features.
Supported keys, along with the forms taken by their
values, are documented individually for each table.
A few tables do not have other_config columns because no
key-value pairs have yet been defined for them.
external_ids: map of string-string pairs
Key-value pairs for use by external frameworks that
integrate with Open vSwitch, rather than by Open vSwitch
itself. System integrators should either use the Open
vSwitch development mailing list to coordinate on common
key-value definitions, or choose key names that are
likely to be unique. In some cases, where key-value
pairs have been defined that are likely to be widely
useful, they are documented individually for each table.
TABLE SUMMARY
The following list summarizes the purpose of each of the tables in the
Open_vSwitch database. Each table is described in more detail on a
later page.
Table Purpose
Open_vSwitch
Open vSwitch configuration.
Bridge Bridge configuration.
Port Port configuration.
Interface One physical network device in a Port.
QoS Quality of Service configuration
Queue QoS output queue.
Mirror Port mirroring.
Controller
OpenFlow controller configuration.
Manager OVSDB management connection.
NetFlow NetFlow configuration.
SSL SSL configuration.
sFlow sFlow configuration.
Capability
Capability configuration.
Open_vSwitch TABLE
Configuration for an Open vSwitch daemon. There must be exactly one
record in the Open_vSwitch table.
Summary:
Configuration:
bridges set of Bridges
ssl optional SSL
external_ids : system-id optional string
external_ids : xs-system-uuid
optional string
Status:
next_cfg integer
cur_cfg integer
capabilities map of string-Capability pairs
Statistics:
other_config : enable-statistics
optional string, either true or false
statistics : cpu optional string, containing an integer,
at least 1
statistics : load_average
optional string
statistics : memory optional string
statistics : process_NAME
optional string
statistics : file_systems
optional string
Version Reporting:
ovs_version optional string
db_version optional string
system_type optional string
system_version optional string
Database Configuration:
manager_options set of Managers
Common Columns:
other_config map of string-string pairs
external_ids map of string-string pairs
Details:
Configuration:
bridges: set of Bridges
Set of bridges managed by the daemon.
ssl: optional SSL
SSL used globally by the daemon.
external_ids : system-id: optional string
A unique identifier for the Open vSwitch's physical host. The
form of the identifier depends on the type of the host. On a
Citrix XenServer, this will likely be the same as
external_ids:xs-system-uuid.
external_ids : xs-system-uuid: optional string
The Citrix XenServer universally unique identifier for the
physical host as displayed by xe host-list.
Status:
next_cfg: integer
Sequence number for client to increment. When a client modifies
any part of the database configuration and wishes to wait for
Open vSwitch to finish applying the changes, it may increment
this sequence number.
cur_cfg: integer
Sequence number that Open vSwitch sets to the current value of
next_cfg after it finishes applying a set of configuration
changes.
capabilities: map of string-Capability pairs
Describes functionality supported by the hardware and software
platform on which this Open vSwitch is based. Clients should
not modify this column. See the Capability description for
defined capability categories and the meaning of associated
Capability records.
Statistics:
The statistics column contains key-value pairs that report statistics
about a system running an Open vSwitch. These are updated periodically
(currently, every 5 seconds). Key-value pairs that cannot be
determined or that do not apply to a platform are omitted.
other_config : enable-statistics: optional string, either true or false
Statistics are disabled by default to avoid overhead in the
common case when statistics gathering is not useful. Set this
value to true to enable populating the statistics column or to
false to explicitly disable it.
statistics : cpu: optional string, containing an integer, at least 1
Number of CPU processors, threads, or cores currently online and
available to the operating system on which Open vSwitch is
running, as an integer. This may be less than the number
installed, if some are not online or if they are not available
to the operating system.
Open vSwitch userspace processes are not multithreaded, but the
Linux kernel-based datapath is.
statistics : load_average: optional string
A comma-separated list of three floating-point numbers,
representing the system load average over the last 1, 5, and 15
minutes, respectively.
statistics : memory: optional string
A comma-separated list of integers, each of which represents a
quantity of memory in kilobytes that describes the operating
system on which Open vSwitch is running. In respective order,
these values are:
1.
Total amount of RAM allocated to the OS.
2.
RAM allocated to the OS that is in use.
3.
RAM that can be flushed out to disk or otherwise discarded if
that space is needed for another purpose. This number is
necessarily less than or equal to the previous value.
4.
Total disk space allocated for swap.
5.
Swap space currently in use.
On Linux, all five values can be determined and are included.
On other operating systems, only the first two values can be
determined, so the list will only have two values.
statistics : process_NAME: optional string
One such key-value pair, with NAME replaced by a process name,
will exist for each running Open vSwitch daemon process, with
name replaced by the daemon's name (e.g. process_ovs-vswitchd).
The value is a comma-separated list of integers. The integers
represent the following, with memory measured in kilobytes and
durations in milliseconds:
1.
The process's virtual memory size.
2.
The process's resident set size.
3.
The amount of user and system CPU time consumed by the
process.
4.
The number of times that the process has crashed and been
automatically restarted by the monitor.
5.
The duration since the process was started.
6.
The duration for which the process has been running.
The interpretation of some of these values depends on whether
the process was started with the --monitor. If it was not, then
the crash count will always be 0 and the two durations will
always be the same. If --monitor was given, then the crash
count may be positive; if it is, the latter duration is the
amount of time since the most recent crash and restart.
There will be one key-value pair for each file in Open vSwitch's
``run directory'' (usually /var/run/openvswitch) whose name ends
in .pid, whose contents are a process ID, and which is locked by
a running process. The name is taken from the pidfile's name.
Currently Open vSwitch is only able to obtain all of the above
detail on Linux systems. On other systems, the same key-value
pairs will be present but the values will always be the empty
string.
statistics : file_systems: optional string
A space-separated list of information on local, writable file
systems. Each item in the list describes one file system and
consists in turn of a comma-separated list of the following:
1.
Mount point, e.g. / or /var/log. Any spaces or commas in the
mount point are replaced by underscores.
2.
Total size, in kilobytes, as an integer.
3.
Amount of storage in use, in kilobytes, as an integer.
This key-value pair is omitted if there are no local, writable
file systems or if Open vSwitch cannot obtain the needed
information.
Version Reporting:
These columns report the types and versions of the hardware and
software running Open vSwitch. We recommend in general that software
should test whether specific features are supported instead of relying
on version number checks. These values are primarily intended for
reporting to human administrators.
ovs_version: optional string
The Open vSwitch version number, e.g. 1.1.0. If Open vSwitch
was configured with a build number, then it is also included,
e.g. 1.1.0+build6579.
db_version: optional string
The database schema version number in the form
major.minor.tweak, e.g. 1.2.3. Whenever the database schema is
changed in a non-backward compatible way (e.g. deleting a column
or a table), major is incremented. When the database schema is
changed in a backward compatible way (e.g. adding a new column),
minor is incremented. When the database schema is changed
cosmetically (e.g. reindenting its syntax), tweak is
incremented.
The schema version is part of the database schema, so it can
also be retrieved by fetching the schema using the Open vSwitch
database protocol.
system_type: optional string
An identifier for the type of system on top of which Open
vSwitch runs, e.g. XenServer or KVM.
System integrators are responsible for choosing and setting an
appropriate value for this column.
system_version: optional string
The version of the system identified by system_type, e.g.
5.6.100-39265p on XenServer 5.6.100 build 39265.
System integrators are responsible for choosing and setting an
appropriate value for this column.
Database Configuration:
These columns primarily configure the Open vSwitch database
(ovsdb-server), not the Open vSwitch switch (ovs-vswitchd). The OVSDB
database also uses the ssl settings.
The Open vSwitch switch does read the database configuration to
determine remote IP addresses to which in-band control should apply.
manager_options: set of Managers
Database clients to which the Open vSwitch database server
should connect or to which it should listen, along with options
for how these connection should be configured. See the Manager
table for more information.
Common Columns:
The overall purpose of these columns is described under Common Columns
at the beginning of this document.
other_config: map of string-string pairs
external_ids: map of string-string pairs
Bridge TABLE
Configuration for a bridge within an Open_vSwitch.
A Bridge record represents an Ethernet switch with one or more
``ports,'' which are the Port records pointed to by the Bridge's ports
column.
Summary:
Core Features:
name string (must be unique within table)
ports set of Ports
mirrors set of Mirrors
netflow optional NetFlow
sflow optional sFlow
flood_vlans set of up to 4,096 integers, in range 0
to 4,095
OpenFlow Configuration:
controller set of Controllers
fail_mode optional string, either secure or
standalone
datapath_id optional string
other_config : datapath-id optional string
other_config : disable-in-band
optional string, either true or false
other_config : in-band-queue
optional string, containing an integer,
in range 0 to 4,294,967,295
Spanning Tree Configuration:
stp_enable boolean
other_config : stp-system-id
optional string
other_config : stp-priority
optional string, containing an integer,
in range 0 to 65,535
other_config : stp-hello-time
optional string, containing an integer,
in range 1 to 10
other_config : stp-max-age optional string, containing an integer,
in range 6 to 40
other_config : stp-forward-delay
optional string, containing an integer,
in range 4 to 30
Other Features:
datapath_type string
external_ids : bridge-id optional string
external_ids : xs-network-uuids
optional string
other_config : hwaddr optional string
other_config : flow-eviction-threshold
optional string, containing an integer,
at least 0
other_config : forward-bpdu
optional string, either true or false
Bridge Status:
status map of string-string pairs
status : stp_bridge_id optional string
status : stp_designated_root
optional string
status : stp_root_path_cost
optional string
Common Columns:
other_config map of string-string pairs
external_ids map of string-string pairs
Details:
Core Features:
name: string (must be unique within table)
Bridge identifier. Should be alphanumeric and no more than
about 8 bytes long. Must be unique among the names of ports,
interfaces, and bridges on a host.
ports: set of Ports
Ports included in the bridge.
mirrors: set of Mirrors
Port mirroring configuration.
netflow: optional NetFlow
NetFlow configuration.
sflow: optional sFlow
sFlow configuration.
flood_vlans: set of up to 4,096 integers, in range 0 to 4,095
VLAN IDs of VLANs on which MAC address learning should be
disabled, so that packets are flooded instead of being sent to
specific ports that are believed to contain packets' destination
MACs. This should ordinarily be used to disable MAC learning on
VLANs used for mirroring (RSPAN VLANs). It may also be useful
for debugging.
SLB bonding (see the bond_mode column in the Port table) is
incompatible with flood_vlans. Consider using another bonding
mode or a different type of mirror instead.
OpenFlow Configuration:
controller: set of Controllers
OpenFlow controller set. If unset, then no OpenFlow controllers
will be used.
fail_mode: optional string, either secure or standalone
When a controller is configured, it is, ordinarily, responsible
for setting up all flows on the switch. Thus, if the connection
to the controller fails, no new network connections can be set
up. If the connection to the controller stays down long enough,
no packets can pass through the switch at all. This setting
determines the switch's response to such a situation. It may be
set to one of the following:
standalone
If no message is received from the controller for three
times the inactivity probe interval (see
inactivity_probe), then Open vSwitch will take over
responsibility for setting up flows. In this mode, Open
vSwitch causes the bridge to act like an ordinary MAC-
learning switch. Open vSwitch will continue to retry
connecting to the controller in the background and, when
the connection succeeds, it will discontinue its
standalone behavior.
secure Open vSwitch will not set up flows on its own when the
controller connection fails or when no controllers are
defined. The bridge will continue to retry connecting to
any defined controllers forever.
If this value is unset, the default is implementation-specific.
When more than one controller is configured, fail_mode is
considered only when none of the configured controllers can be
contacted.
datapath_id: optional string
Reports the OpenFlow datapath ID in use. Exactly 16 hex digits.
(Setting this column has no useful effect. Set other-
config:datapath-id instead.)
other_config : datapath-id: optional string
Exactly 16 hex digits to set the OpenFlow datapath ID to a
specific value. May not be all-zero.
other_config : disable-in-band: optional string, either true or false
If set to true, disable in-band control on the bridge regardless
of controller and manager settings.
other_config : in-band-queue: optional string, containing an integer,
in range 0 to 4,294,967,295
A queue ID as a nonnegative integer. This sets the OpenFlow
queue ID that will be used by flows set up by in-band control on
this bridge. If unset, or if the port used by an in-band
control flow does not have QoS configured, or if the port does
not have a queue with the specified ID, the default queue is
used instead.
Spanning Tree Configuration:
The IEEE 802.1D Spanning Tree Protocol (STP) is a network protocol that
ensures loop-free topologies. It allows redundant links to be included
in the network to provide automatic backup paths if the active links
fails.
stp_enable: boolean
Enable spanning tree on the bridge. By default, STP is disabled
on bridges. Bond, internal, and mirror ports are not supported
and will not participate in the spanning tree.
other_config : stp-system-id: optional string
The bridge's STP identifier (the lower 48 bits of the bridge-id)
in the form xx:xx:xx:xx:xx:xx. By default, the identifier is
the MAC address of the bridge.
other_config : stp-priority: optional string, containing an integer, in
range 0 to 65,535
The bridge's relative priority value for determining the root
bridge (the upper 16 bits of the bridge-id). A bridge with the
lowest bridge-id is elected the root. By default, the priority
is 0x8000.
other_config : stp-hello-time: optional string, containing an integer,
in range 1 to 10
The interval between transmissions of hello messages by
designated ports, in seconds. By default the hello interval is
2 seconds.
other_config : stp-max-age: optional string, containing an integer, in
range 6 to 40
The maximum age of the information transmitted by the bridge
when it is the root bridge, in seconds. By default, the maximum
age is 20 seconds.
other_config : stp-forward-delay: optional string, containing an
integer, in range 4 to 30
The delay to wait between transitioning root and designated
ports to forwarding, in seconds. By default, the forwarding
delay is 15 seconds.
Other Features:
datapath_type: string
Name of datapath provider. The kernel datapath has type system.
The userspace datapath has type netdev.
external_ids : bridge-id: optional string
A unique identifier of the bridge. On Citrix XenServer this
will commonly be the same as external_ids:xs-network-uuids.
external_ids : xs-network-uuids: optional string
Semicolon-delimited set of universally unique identifier(s) for
the network with which this bridge is associated on a Citrix
XenServer host. The network identifiers are RFC 4122 UUIDs as
displayed by, e.g., xe network-list.
other_config : hwaddr: optional string
An Ethernet address in the form xx:xx:xx:xx:xx:xx to set the
hardware address of the local port and influence the datapath
ID.
other_config : flow-eviction-threshold: optional string, containing an
integer, at least 0
A number of flows as a nonnegative integer. This sets number of
flows at which eviction from the kernel flow table will be
triggered. If there are a large number of flows then increasing
this value to around the number of flows present can result in
reduced CPU usage and packet loss.
The default is 1000. Values below 100 will be rounded up to
100.
other_config : forward-bpdu: optional string, either true or false
Option to allow forwarding of BPDU frames when NORMAL action is
invoked. Frames with reserved Ethernet addresses (e.g. STP
BPDU) will be forwarded when this option is enabled and the
switch is not providing that functionality. If STP is enabled
on the port, STP BPDUs will never be forwarded. If the Open
vSwitch bridge is used to connect different Ethernet networks,
and if Open vSwitch node does not run STP, then this option
should be enabled. Default is disabled, set to true to enable.
Bridge Status:
Status information about bridges.
status: map of string-string pairs
Key-value pairs that report bridge status.
status : stp_bridge_id: optional string
The bridge-id (in hex) used in spanning tree advertisements.
Configuring the bridge-id is described in the stp-system-id and
stp-priority keys of the other_config section earlier.
status : stp_designated_root: optional string
The designated root (in hex) for this spanning tree.
status : stp_root_path_cost: optional string
The path cost of reaching the designated bridge. A lower number
is better.
Common Columns:
The overall purpose of these columns is described under Common Columns
at the beginning of this document.
other_config: map of string-string pairs
external_ids: map of string-string pairs
Port TABLE
A port within a Bridge.
Most commonly, a port has exactly one ``interface,'' pointed to by its
interfaces column. Such a port logically corresponds to a port on a
physical Ethernet switch. A port with more than one interface is a
``bonded port'' (see Bonding Configuration).
Some properties that one might think as belonging to a port are
actually part of the port's Interface members.
Summary:
name string (must be unique within table)
interfaces set of 1 or more Interfaces
VLAN Configuration:
vlan_mode optional string, one of access,
native-tagged, native-untagged, or trunk
tag optional integer, in range 0 to 4,095
trunks set of up to 4,096 integers, in range 0
to 4,095
other_config : priority-tags
optional string, either true or false
Bonding Configuration:
bond_mode optional string, one of active-backup,
balance-tcp, balance-slb, or stable
Link Failure Detection:
other_config : bond-detect-mode
optional string, either miimon or carrier
other_config : bond-miimon-interval
optional string, containing an integer
bond_updelay integer
bond_downdelay integer
LACP Configuration:
lacp optional string, one of active, passive,
or off
other_config : lacp-system-id
optional string
other_config : lacp-system-priority
optional string, containing an integer,
in range 1 to 65,535
other_config : lacp-time optional string
other_config : lacp-heartbeat
optional string, either true or false
other_config : bond-hash-basis
optional string, containing an integer
SLB Configuration:
other_config : bond-rebalance-interval
optional string, containing an integer,
in range 1,000 to 10,000
bond_fake_iface boolean
Spanning Tree Configuration:
other_config : stp-enable optional string, either true or false
other_config : stp-port-num
optional string, containing an integer,
in range 1 to 255
other_config : stp-port-priority
optional string, containing an integer,
in range 0 to 255
other_config : stp-path-cost
optional string, containing an integer,
in range 0 to 65,535
Other Features:
qos optional QoS
mac optional string
fake_bridge boolean
external_ids : fake-bridge-id-*
optional string
Port Status:
status map of string-string pairs
status : stp_port_id optional string
status : stp_state optional string, one of disabled,
forwarding, learning, listening, or
blocking
status : stp_sec_in_state optional string, containing an integer,
at least 0
status : stp_role optional string, one of designated,
alternate, or root
Port Statistics:
Statistics: STP transmit and receive counters:
statistics : stp_tx_count
optional integer
statistics : stp_rx_count
optional integer
statistics : stp_error_count
optional integer
Common Columns:
other_config map of string-string pairs
external_ids map of string-string pairs
Details:
name: string (must be unique within table)
Port name. Should be alphanumeric and no more than about 8
bytes long. May be the same as the interface name, for non-
bonded ports. Must otherwise be unique among the names of
ports, interfaces, and bridges on a host.
interfaces: set of 1 or more Interfaces
The port's interfaces. If there is more than one, this is a
bonded Port.
VLAN Configuration:
Bridge ports support the following types of VLAN configuration:
trunk A trunk port carries packets on one or more specified
VLANs specified in the trunks column (often, on every
VLAN). A packet that ingresses on a trunk port is in the
VLAN specified in its 802.1Q header, or VLAN 0 if the
packet has no 802.1Q header. A packet that egresses
through a trunk port will have an 802.1Q header if it has
a nonzero VLAN ID.
Any packet that ingresses on a trunk port tagged with a
VLAN that the port does not trunk is dropped.
access An access port carries packets on exactly one VLAN
specified in the tag column. Packets egressing on an
access port have no 802.1Q header.
Any packet with an 802.1Q header with a nonzero VLAN ID
that ingresses on an access port is dropped, regardless
of whether the VLAN ID in the header is the access port's
VLAN ID.
native-tagged
A native-tagged port resembles a trunk port, with the
exception that a packet without an 802.1Q header that
ingresses on a native-tagged port is in the ``native
VLAN'' (specified in the tag column).
native-untagged
A native-untagged port resembles a native-tagged port,
with the exception that a packet that egresses on a
native-untagged port in the native VLAN will not have an
802.1Q header.
A packet will only egress through bridge ports that carry the VLAN of
the packet, as described by the rules above.
vlan_mode: optional string, one of access, native-tagged,
native-untagged, or trunk
The VLAN mode of the port, as described above. When this column
is empty, a default mode is selected as follows:
o If tag contains a value, the port is an access port. The
trunks column should be empty.
o Otherwise, the port is a trunk port. The trunks column
value is honored if it is present.
tag: optional integer, in range 0 to 4,095
For an access port, the port's implicitly tagged VLAN. For a
native-tagged or native-untagged port, the port's native VLAN.
Must be empty if this is a trunk port.
trunks: set of up to 4,096 integers, in range 0 to 4,095
For a trunk, native-tagged, or native-untagged port, the 802.1Q
VLAN or VLANs that this port trunks; if it is empty, then the
port trunks all VLANs. Must be empty if this is an access port.
A native-tagged or native-untagged port always trunks its native
VLAN, regardless of whether trunks includes that VLAN.
other_config : priority-tags: optional string, either true or false
An 802.1Q header contains two important pieces of information: a
VLAN ID and a priority. A frame with a zero VLAN ID, called a
``priority-tagged'' frame, is supposed to be treated the same
way as a frame without an 802.1Q header at all (except for the
priority).
However, some network elements ignore any frame that has 802.1Q
header at all, even when the VLAN ID is zero. Therefore, by
default Open vSwitch does not output priority-tagged frames,
instead omitting the 802.1Q header entirely if the VLAN ID is
zero. Set this key to true to enable priority-tagged frames on
a port.
Regardless of this setting, Open vSwitch omits the 802.1Q header
on output if both the VLAN ID and priority would be zero.
All frames output to native-tagged ports have a nonzero VLAN ID,
so this setting is not meaningful on native-tagged ports.
Bonding Configuration:
A port that has more than one interface is a ``bonded port.'' Bonding
allows for load balancing and fail-over. Some kinds of bonding will
work with any kind of upstream switch:
balance-slb
Balances flows among slaves based on source MAC address
and output VLAN, with periodic rebalancing as traffic
patterns change.
active-backup
Assigns all flows to one slave, failing over to a backup
slave when the active slave is disabled.
The following modes require the upstream switch to support 802.3ad with
successful LACP negotiation. If LACP negotiation fails then
balance-slb style flow hashing is used as a fallback:
balance-tcp
Balances flows among slaves based on L2, L3, and L4
protocol information such as destination MAC address, IP
address, and TCP port.
stable Attempts to always assign a given flow to the same slave
consistently. In an effort to maintain stability, no
load balancing is done. Uses a similar hashing strategy
to balance-tcp, always taking into account L3 and L4
fields even if LACP negotiations are unsuccessful.
Slave selection decisions are made based on
other_config:bond-stable-id if set. Otherwise, OpenFlow
port number is used. Decisions are consistent across all
ovs-vswitchd instances with equivalent other_config:bond-
stable-id values.
These columns apply only to bonded ports. Their values are otherwise
ignored.
bond_mode: optional string, one of active-backup, balance-tcp,
balance-slb, or stable
The type of bonding used for a bonded port. Defaults to
balance-slb if unset.
Link Failure Detection:
An important part of link bonding is detecting that links are down so
that they may be disabled. These settings determine how Open vSwitch
detects link failure.
other_config : bond-detect-mode: optional string, either miimon or
carrier
The means used to detect link failures. Defaults to carrier
which uses each interface's carrier to detect failures. When
set to miimon, will check for failures by polling each
interface's MII.
other_config : bond-miimon-interval: optional string, containing an
integer
The interval, in milliseconds, between successive attempts to
poll each interface's MII. Relevant only when
other_config:bond-detect-mode is miimon.
bond_updelay: integer
The number of milliseconds for which carrier must stay up on an
interface before the interface is considered to be up. Specify
0 to enable the interface immediately.
This setting is honored only when at least one bonded interface
is already enabled. When no interfaces are enabled, then the
first bond interface to come up is enabled immediately.
bond_downdelay: integer
The number of milliseconds for which carrier must stay down on
an interface before the interface is considered to be down.
Specify 0 to disable the interface immediately.
LACP Configuration:
LACP, the Link Aggregation Control Protocol, is an IEEE standard that
allows switches to automatically detect that they are connected by
multiple links and aggregate across those links. These settings
control LACP behavior.
lacp: optional string, one of active, passive, or off
Configures LACP on this port. LACP allows directly connected
switches to negotiate which links may be bonded. LACP may be
enabled on non-bonded ports for the benefit of any switches they
may be connected to. active ports are allowed to initiate LACP
negotiations. passive ports are allowed to participate in LACP
negotiations initiated by a remote switch, but not allowed to
initiate such negotiations themselves. Defaults to off if
unset.
other_config : lacp-system-id: optional string
The LACP system ID of this Port. The system ID of a LACP bond
is used to identify itself to its partners. Must be a nonzero
MAC address.
other_config : lacp-system-priority: optional string, containing an
integer, in range 1 to 65,535
The LACP system priority of this Port. In LACP negotiations,
link status decisions are made by the system with the
numerically lower priority.
other_config : lacp-time: optional string
The LACP timing which should be used on this Port. Possible
values are fast, slow and a positive number of milliseconds. By
default slow is used. When configured to be fast LACP
heartbeats are requested at a rate of once per second causing
connectivity problems to be detected more quickly. In slow
mode, heartbeats are requested at a rate of once every 30
seconds.
Users may manually set a heartbeat transmission rate to increase
the fault detection speed further. When manually set, OVS
expects the partner switch to be configured with the same
transmission rate. Manually setting lacp-time to something
other than fast or slow is not supported by the LACP
specification.
other_config : lacp-heartbeat: optional string, either true or false
Treat LACP like a simple heartbeat protocol for link state
monitoring. Most features of the LACP protocol are disabled
when this mode is in use. The default if not specified is
false.
other_config : bond-hash-basis: optional string, containing an integer
An integer hashed along with flows when choosing output slaves.
When changed, all flows will be assigned different hash values
possibly causing slave selection decisions to change.
SLB Configuration:
These settings control behavior when a bond is in balance-slb mode,
regardless of whether the bond was intentionally configured in SLB mode
or it fell back to SLB mode because LACP negotiation failed.
other_config : bond-rebalance-interval: optional string, containing an
integer, in range 1,000 to 10,000
For an SLB bonded port, the number of milliseconds between
successive attempts to rebalance the bond, that is, to move
source MACs and their flows from one interface on the bond to
another in an attempt to keep usage of each interface roughly
equal.
bond_fake_iface: boolean
For a bonded port, whether to create a fake internal interface
with the name of the port. Use only for compatibility with
legacy software that requires this.
Spanning Tree Configuration:
other_config : stp-enable: optional string, either true or false
If spanning tree is enabled on the bridge, member ports are
enabled by default (with the exception of bond, internal, and
mirror ports which do not work with STP). If this column's
value is false spanning tree is disabled on the port.
other_config : stp-port-num: optional string, containing an integer, in
range 1 to 255
The port number used for the lower 8 bits of the port-id. By
default, the numbers will be assigned automatically. If any
port's number is manually configured on a bridge, then they must
all be.
other_config : stp-port-priority: optional string, containing an
integer, in range 0 to 255
The port's relative priority value for determining the root port
(the upper 8 bits of the port-id). A port with a lower port-id
will be chosen as the root port. By default, the priority is
0x80.
other_config : stp-path-cost: optional string, containing an integer,
in range 0 to 65,535
Spanning tree path cost for the port. A lower number indicates
a faster link. By default, the cost is based on the maximum
speed of the link.
Other Features:
qos: optional QoS
Quality of Service configuration for this port.
mac: optional string
The MAC address to use for this port for the purpose of choosing
the bridge's MAC address. This column does not necessarily
reflect the port's actual MAC address, nor will setting it
change the port's actual MAC address.
fake_bridge: boolean
Does this port represent a sub-bridge for its tagged VLAN within
the Bridge? See ovs-vsctl(8) for more information.
external_ids : fake-bridge-id-*: optional string
External IDs for a fake bridge (see the fake_bridge column) are
defined by prefixing a Bridge external_ids key with
fake-bridge-, e.g. fake-bridge-xs-network-uuids.
Port Status:
Status information about ports attached to bridges.
status: map of string-string pairs
Key-value pairs that report port status.
status : stp_port_id: optional string
The port-id (in hex) used in spanning tree advertisements for
this port. Configuring the port-id is described in the
stp-port-num and stp-port-priority keys of the other_config
section earlier.
status : stp_state: optional string, one of disabled, forwarding,
learning, listening, or blocking
STP state of the port.
status : stp_sec_in_state: optional string, containing an integer, at
least 0
The amount of time (in seconds) port has been in the current STP
state.
status : stp_role: optional string, one of designated, alternate, or
root
STP role of the port.
Port Statistics:
Key-value pairs that report port statistics.
Statistics: STP transmit and receive counters:
statistics : stp_tx_count: optional integer
Number of STP BPDUs sent on this port by the spanning tree
library.
statistics : stp_rx_count: optional integer
Number of STP BPDUs received on this port and accepted by the
spanning tree library.
statistics : stp_error_count: optional integer
Number of bad STP BPDUs received on this port. Bad BPDUs
include runt packets and those with an unexpected protocol ID.
Common Columns:
The overall purpose of these columns is described under Common Columns
at the beginning of this document.
other_config: map of string-string pairs
external_ids: map of string-string pairs
Interface TABLE
An interface within a Port.
Summary:
Core Features:
name string (must be unique within table)
mac optional string
ofport optional integer
System-Specific Details:
type string
Tunnel Options:
options : remote_ip optional string
options : local_ip optional string
options : in_key optional string
options : out_key optional string
options : key optional string
options : tos optional string
options : ttl optional string
options : df_inherit optional string, either true or false
options : df_default optional string, either true or false
options : pmtud optional string, either true or false
Tunnel Options: gre only:
options : header_cache optional string, either true or false
Tunnel Options: gre and ipsec_gre only:
options : csum optional string, either true or false
Tunnel Options: ipsec_gre only:
options : peer_cert optional string
options : certificate optional string
options : private_key optional string
options : psk optional string
Patch Options:
options : peer optional string
Interface Status:
admin_state optional string, either down or up
link_state optional string, either down or up
link_resets optional integer
link_speed optional integer
duplex optional string, either full or half
mtu optional integer
lacp_current optional boolean
status map of string-string pairs
status : driver_name optional string
status : driver_version optional string
status : firmware_version optional string
status : source_ip optional string
status : tunnel_egress_iface
optional string
status : tunnel_egress_iface_carrier
optional string, either down or up
Statistics:
Statistics: Successful transmit and receive counters:
statistics : rx_packets optional integer
statistics : rx_bytes optional integer
statistics : tx_packets optional integer
statistics : tx_bytes optional integer
Statistics: Receive errors:
statistics : rx_dropped optional integer
statistics : rx_frame_err
optional integer
statistics : rx_over_err optional integer
statistics : rx_crc_err optional integer
statistics : rx_errors optional integer
Statistics: Transmit errors:
statistics : tx_dropped optional integer
statistics : collisions optional integer
statistics : tx_errors optional integer
Ingress Policing:
ingress_policing_rate integer, at least 0
ingress_policing_burst integer, at least 0
Connectivity Fault Management:
cfm_mpid optional integer
cfm_fault optional boolean
cfm_remote_mpids set of integers
other_config : cfm_interval
optional string, containing an integer
other_config : cfm_extended
optional string, either true or false
other_config : cfm_opstate optional string, either down or up
other_config : cfm_ccm_vlan
optional string, containing an integer,
in range 1 to 4,095
Bonding Configuration:
other_config : bond-stable-id
optional string, containing an integer,
at least 1
other_config : lacp-port-id
optional string, containing an integer,
in range 1 to 65,535
other_config : lacp-port-priority
optional string, containing an integer,
in range 1 to 65,535
other_config : lacp-aggregation-key
optional string, containing an integer,
in range 1 to 65,535
Virtual Machine Identifiers:
external_ids : attached-mac
optional string
external_ids : iface-id optional string
external_ids : xs-vif-uuid optional string
external_ids : xs-network-uuid
optional string
external_ids : xs-vm-uuid optional string
VLAN Splinters:
other_config : enable-vlan-splinters
optional string, either true or false
Common Columns:
other_config map of string-string pairs
external_ids map of string-string pairs
Details:
Core Features:
name: string (must be unique within table)
Interface name. Should be alphanumeric and no more than about 8
bytes long. May be the same as the port name, for non-bonded
ports. Must otherwise be unique among the names of ports,
interfaces, and bridges on a host.
mac: optional string
Ethernet address to set for this interface. If unset then the
default MAC address is used:
o For the local interface, the default is the lowest-
numbered MAC address among the other bridge ports, either
the value of the mac in its Port record, if set, or its
actual MAC (for bonded ports, the MAC of its slave whose
name is first in alphabetical order). Internal ports and
bridge ports that are used as port mirroring destinations
(see the Mirror table) are ignored.
o For other internal interfaces, the default MAC is
randomly generated.
o External interfaces typically have a MAC address
associated with their hardware.
Some interfaces may not have a software-controllable MAC
address.
ofport: optional integer
OpenFlow port number for this interface. Unlike most columns,
this column's value should be set only by Open vSwitch itself.
Other clients should set this column to an empty set (the
default) when creating an Interface.
Open vSwitch populates this column when the port number becomes
known. If the interface is successfully added, ofport will be
set to a number between 1 and 65535 (generally either in the
range 1 to 65279, inclusive, or 65534, the port number for the
OpenFlow ``local port''). If the interface cannot be added then
Open vSwitch sets this column to -1.
System-Specific Details:
type: string
The interface type, one of:
system An ordinary network device, e.g. eth0 on Linux.
Sometimes referred to as ``external interfaces'' since
they are generally connected to hardware external to that
on which the Open vSwitch is running. The empty string
is a synonym for system.
internal
A simulated network device that sends and receives
traffic. An internal interface whose name is the same as
its bridge's name is called the ``local interface.'' It
does not make sense to bond an internal interface, so the
terms ``port'' and ``interface'' are often used
imprecisely for internal interfaces.
tap A TUN/TAP device managed by Open vSwitch.
gre An Ethernet over RFC 2890 Generic Routing Encapsulation
over IPv4 tunnel. See Tunnel Options for information on
configuring GRE tunnels.
ipsec_gre
An Ethernet over RFC 2890 Generic Routing Encapsulation
over IPv4 IPsec tunnel.
capwap An Ethernet tunnel over the UDP transport portion of
CAPWAP (RFC 5415). This allows interoperability with
certain switches that do not support GRE. Only the
tunneling component of the protocol is implemented. UDP
ports 58881 and 58882 are used as the source and
destination ports respectively. CAPWAP is currently
supported only with the Linux kernel datapath with kernel
version 2.6.26 or later.
patch A pair of virtual devices that act as a patch cable.
null An ignored interface.
Tunnel Options:
These options apply to interfaces with type of gre, ipsec_gre, and
capwap.
Each tunnel must be uniquely identified by the combination of type,
options:remote_ip, options:local_ip, and options:in_key. If two ports
are defined that are the same except one has an optional identifier and
the other does not, the more specific one is matched first.
options:in_key is considered more specific than options:local_ip if a
port defines one and another port defines the other.
options : remote_ip: optional string
Required. The tunnel endpoint. Unicast and multicast endpoints
are both supported.
When a multicast endpoint is specified, a routing table lookup
occurs only when the tunnel is created. Following a routing
change, delete and then re-create the tunnel to force a new
routing table lookup.
options : local_ip: optional string
Optional. The destination IP that received packets must match.
Default is to match all addresses. Must be omitted when
options:remote_ip is a multicast address.
options : in_key: optional string
Optional. The key that received packets must contain, one of:
o 0. The tunnel receives packets with no key or with a key
of 0. This is equivalent to specifying no options:in_key
at all.
o A positive 32-bit (for GRE) or 64-bit (for CAPWAP)
number. The tunnel receives only packets with the
specified key.
o The word flow. The tunnel accepts packets with any key.
The key will be placed in the tun_id field for matching
in the flow table. The ovs-ofctl manual page contains
additional information about matching fields in OpenFlow
flows.
options : out_key: optional string
Optional. The key to be set on outgoing packets, one of:
o 0. Packets sent through the tunnel will have no key.
This is equivalent to specifying no options:out_key at
all.
o A positive 32-bit (for GRE) or 64-bit (for CAPWAP)
number. Packets sent through the tunnel will have the
specified key.
o The word flow. Packets sent through the tunnel will have
the key set using the set_tunnel Nicira OpenFlow vendor
extension (0 is used in the absence of an action). The
ovs-ofctl manual page contains additional information
about the Nicira OpenFlow vendor extensions.
options : key: optional string
Optional. Shorthand to set in_key and out_key at the same time.
options : tos: optional string
Optional. The value of the ToS bits to be set on the
encapsulating packet. It may also be the word inherit, in which
case the ToS will be copied from the inner packet if it is IPv4
or IPv6 (otherwise it will be 0). The ECN fields are always
inherited. Default is 0.
options : ttl: optional string
Optional. The TTL to be set on the encapsulating packet. It
may also be the word inherit, in which case the TTL will be
copied from the inner packet if it is IPv4 or IPv6 (otherwise it
will be the system default, typically 64). Default is the
system default TTL.
options : df_inherit: optional string, either true or false
Optional. If enabled, the Don't Fragment bit will be copied
from the inner IP headers (those of the encapsulated traffic) to
the outer (tunnel) headers. Default is disabled; set to true to
enable.
options : df_default: optional string, either true or false
Optional. If enabled, the Don't Fragment bit will be set by
default on tunnel headers if the df_inherit option is not set,
or if the encapsulated packet is not IP. Default is enabled;
set to false to disable.
options : pmtud: optional string, either true or false
Optional. Enable tunnel path MTU discovery. If enabled ``ICMP
Destination Unreachable - Fragmentation Needed'' messages will
be generated for IPv4 packets with the DF bit set and IPv6
packets above the minimum MTU if the packet size exceeds the
path MTU minus the size of the tunnel headers. Note that this
option causes behavior that is typically reserved for routers
and therefore is not entirely in compliance with the IEEE 802.1D
specification for bridges. Default is enabled; set to false to
disable.
Tunnel Options: gre only:
Only gre interfaces support these options.
options : header_cache: optional string, either true or false
Enable caching of tunnel headers and the output path. This can
lead to a significant performance increase without changing
behavior. In general it should not be necessary to adjust this
setting. However, the caching can bypass certain components of
the IP stack (such as iptables) and it may be useful to disable
it if these features are required or as a debugging measure.
Default is enabled, set to false to disable.
Tunnel Options: gre and ipsec_gre only:
Only gre and ipsec_gre interfaces support these options.
options : csum: optional string, either true or false
Optional. Compute GRE checksums on outgoing packets. Default
is disabled, set to true to enable. Checksums present on
incoming packets will be validated regardless of this setting.
GRE checksums impose a significant performance penalty because
they cover the entire packet. The encapsulated L3, L4, and L7
packet contents typically have their own checksums, so this
additional checksum only adds value for the GRE and encapsulated
L2 headers.
This option is supported for ipsec_gre, but not useful because
GRE checksums are weaker than, and redundant with, IPsec payload
authentication.
Tunnel Options: ipsec_gre only:
Only ipsec_gre interfaces support these options.
options : peer_cert: optional string
Required for certificate authentication. A string containing
the peer's certificate in PEM format. Additionally the host's
certificate must be specified with the certificate option.
options : certificate: optional string
Required for certificate authentication. The name of a PEM file
containing a certificate that will be presented to the peer
during authentication.
options : private_key: optional string
Optional for certificate authentication. The name of a PEM file
containing the private key associated with certificate. If
certificate contains the private key, this option may be
omitted.
options : psk: optional string
Required for pre-shared key authentication. Specifies a pre-
shared key for authentication that must be identical on both
sides of the tunnel.
Patch Options:
Only patch interfaces support these options.
options : peer: optional string
The name of the Interface for the other side of the patch. The
named Interface's own peer option must specify this Interface's
name. That is, the two patch interfaces must have reversed name
and peer values.
Interface Status:
Status information about interfaces attached to bridges, updated every
5 seconds. Not all interfaces have all of these properties; virtual
interfaces don't have a link speed, for example. Non-applicable
columns will have empty values.
admin_state: optional string, either down or up
The administrative state of the physical network link.
link_state: optional string, either down or up
The observed state of the physical network link. This is
ordinarily the link's carrier status. If the interface's Port
is a bond configured for miimon monitoring, it is instead the
network link's miimon status.
link_resets: optional integer
The number of times Open vSwitch has observed the link_state of
this Interface change.
link_speed: optional integer
The negotiated speed of the physical network link. Valid values
are positive integers greater than 0.
duplex: optional string, either full or half
The duplex mode of the physical network link.
mtu: optional integer
The MTU (maximum transmission unit); i.e. the largest amount of
data that can fit into a single Ethernet frame. The standard
Ethernet MTU is 1500 bytes. Some physical media and many kinds
of virtual interfaces can be configured with higher MTUs.
This column will be empty for an interface that does not have an
MTU as, for example, some kinds of tunnels do not.
lacp_current: optional boolean
Boolean value indicating LACP status for this interface. If
true, this interface has current LACP information about its LACP
partner. This information may be used to monitor the health of
interfaces in a LACP enabled port. This column will be empty if
LACP is not enabled.
status: map of string-string pairs
Key-value pairs that report port status. Supported status
values are type-dependent; some interfaces may not have a valid
status:driver_name, for example.
status : driver_name: optional string
The name of the device driver controlling the network adapter.
status : driver_version: optional string
The version string of the device driver controlling the network
adapter.
status : firmware_version: optional string
The version string of the network adapter's firmware, if
available.
status : source_ip: optional string
The source IP address used for an IPv4 tunnel end-point, such as
gre or capwap.
status : tunnel_egress_iface: optional string
Egress interface for tunnels. Currently only relevant for GRE
and CAPWAP tunnels. On Linux systems, this column will show the
name of the interface which is responsible for routing traffic
destined for the configured options:remote_ip. This could be an
internal interface such as a bridge port.
status : tunnel_egress_iface_carrier: optional string, either down or
up
Whether carrier is detected on status:tunnel_egress_iface.
Statistics:
Key-value pairs that report interface statistics. The current
implementation updates these counters periodically. Future
implementations may update them when an interface is created, when they
are queried (e.g. using an OVSDB select operation), and just before an
interface is deleted due to virtual interface hot-unplug or VM
shutdown, and perhaps at other times, but not on any regular periodic
basis.
These are the same statistics reported by OpenFlow in its struct
ofp_port_stats structure. If an interface does not support a given
statistic, then that pair is omitted.
Statistics: Successful transmit and receive counters:
statistics : rx_packets: optional integer
Number of received packets.
statistics : rx_bytes: optional integer
Number of received bytes.
statistics : tx_packets: optional integer
Number of transmitted packets.
statistics : tx_bytes: optional integer
Number of transmitted bytes.
Statistics: Receive errors:
statistics : rx_dropped: optional integer
Number of packets dropped by RX.
statistics : rx_frame_err: optional integer
Number of frame alignment errors.
statistics : rx_over_err: optional integer
Number of packets with RX overrun.
statistics : rx_crc_err: optional integer
Number of CRC errors.
statistics : rx_errors: optional integer
Total number of receive errors, greater than or equal to the sum
of the above.
Statistics: Transmit errors:
statistics : tx_dropped: optional integer
Number of packets dropped by TX.
statistics : collisions: optional integer
Number of collisions.
statistics : tx_errors: optional integer
Total number of transmit errors, greater than or equal to the
sum of the above.
Ingress Policing:
These settings control ingress policing for packets received on this
interface. On a physical interface, this limits the rate at which
traffic is allowed into the system from the outside; on a virtual
interface (one connected to a virtual machine), this limits the rate at
which the VM is able to transmit.
Policing is a simple form of quality-of-service that simply drops
packets received in excess of the configured rate. Due to its
simplicity, policing is usually less accurate and less effective than
egress QoS (which is configured using the QoS and Queue tables).
Policing is currently implemented only on Linux. The Linux
implementation uses a simple ``token bucket'' approach:
o The size of the bucket corresponds to
ingress_policing_burst. Initially the bucket is full.
o Whenever a packet is received, its size (converted to
tokens) is compared to the number of tokens currently in
the bucket. If the required number of tokens are
available, they are removed and the packet is forwarded.
Otherwise, the packet is dropped.
o Whenever it is not full, the bucket is refilled with
tokens at the rate specified by ingress_policing_rate.
Policing interacts badly with some network protocols, and especially
with fragmented IP packets. Suppose that there is enough network
activity to keep the bucket nearly empty all the time. Then this token
bucket algorithm will forward a single packet every so often, with the
period depending on packet size and on the configured rate. All of the
fragments of an IP packets are normally transmitted back-to-back, as a
group. In such a situation, therefore, only one of these fragments
will be forwarded and the rest will be dropped. IP does not provide
any way for the intended recipient to ask for only the remaining
fragments. In such a case there are two likely possibilities for what
will happen next: either all of the fragments will eventually be
retransmitted (as TCP will do), in which case the same problem will
recur, or the sender will not realize that its packet has been dropped
and data will simply be lost (as some UDP-based protocols will do).
Either way, it is possible that no forward progress will ever occur.
ingress_policing_rate: integer, at least 0
Maximum rate for data received on this interface, in kbps. Data
received faster than this rate is dropped. Set to 0 (the
default) to disable policing.
ingress_policing_burst: integer, at least 0
Maximum burst size for data received on this interface, in kb.
The default burst size if set to 0 is 1000 kb. This value has
no effect if ingress_policing_rate is 0.
Specifying a larger burst size lets the algorithm be more
forgiving, which is important for protocols like TCP that react
severely to dropped packets. The burst size should be at least
the size of the interface's MTU. Specifying a value that is
numerically at least as large as 10% of ingress_policing_rate
helps TCP come closer to achieving the full rate.
Connectivity Fault Management:
802.1ag Connectivity Fault Management (CFM) allows a group of
Maintenance Points (MPs) called a Maintenance Association (MA) to
detect connectivity problems with each other. MPs within a MA should
have complete and exclusive interconnectivity. This is verified by
occasionally broadcasting Continuity Check Messages (CCMs) at a
configurable transmission interval.
According to the 802.1ag specification, each Maintenance Point should
be configured out-of-band with a list of Remote Maintenance Points it
should have connectivity to. Open vSwitch differs from the
specification in this area. It simply assumes the link is faulted if
no Remote Maintenance Points are reachable, and considers it not
faulted otherwise.
cfm_mpid: optional integer
A Maintenance Point ID (MPID) uniquely identifies each endpoint
within a Maintenance Association. The MPID is used to identify
this endpoint to other Maintenance Points in the MA. Each end
of a link being monitored should have a different MPID. Must be
configured to enable CFM on this Interface.
cfm_fault: optional boolean
Indicates a connectivity fault triggered by an inability to
receive heartbeats from any remote endpoint. When a fault is
triggered on Interfaces participating in bonds, they will be
disabled.
Faults can be triggered for several reasons. Most importantly
they are triggered when no CCMs are received for a period of 3.5
times the transmission interval. Faults are also triggered when
any CCMs indicate that a Remote Maintenance Point is not
receiving CCMs but able to send them. Finally, a fault is
triggered if a CCM is received which indicates unexpected
configuration. Notably, this case arises when a CCM is received
which advertises the local MPID.
cfm_remote_mpids: set of integers
When CFM is properly configured, Open vSwitch will occasionally
receive CCM broadcasts. These broadcasts contain the MPID of
the sending Maintenance Point. The list of MPIDs from which
this Interface is receiving broadcasts from is regularly
collected and written to this column.
other_config : cfm_interval: optional string, containing an integer
The interval, in milliseconds, between transmissions of CFM
heartbeats. Three missed heartbeat receptions indicate a
connectivity fault. Defaults to 1000.
other_config : cfm_extended: optional string, either true or false
When true, the CFM module operates in extended mode. This causes
it to use a nonstandard destination address to avoid conflicting
with compliant implementations which may be running concurrently
on the network. Furthermore, extended mode increases the
accuracy of the cfm_interval configuration parameter by breaking
wire compatibility with 802.1ag compliant implementations.
Defaults to false.
other_config : cfm_opstate: optional string, either down or up
When down, the CFM module marks all CCMs it generates as
operationally down without triggering a fault. This allows
remote maintenance points to choose not to forward traffic to
the Interface on which this CFM module is running. Currently,
in Open vSwitch, the opdown bit of CCMs affects Interfaces
participating in bonds, and the bundle OpenFlow action. This
setting is ignored when CFM is not in extended mode. Defaults
to up.
other_config : cfm_ccm_vlan: optional string, containing an integer, in
range 1 to 4,095
When set, the CFM module will apply a VLAN tag to all CCMs it
generates with the given value.
Bonding Configuration:
other_config : bond-stable-id: optional string, containing an integer,
at least 1
Used in stable bond mode to make slave selection decisions.
Allocating other_config:bond-stable-id values consistently
across interfaces participating in a bond will guarantee
consistent slave selection decisions across ovs-vswitchd
instances when using stable bonding mode.
other_config : lacp-port-id: optional string, containing an integer, in
range 1 to 65,535
The LACP port ID of this Interface. Port IDs are used in LACP
negotiations to identify individual ports participating in a
bond.
other_config : lacp-port-priority: optional string, containing an
integer, in range 1 to 65,535
The LACP port priority of this Interface. In LACP negotiations
Interfaces with numerically lower priorities are preferred for
aggregation.
other_config : lacp-aggregation-key: optional string, containing an
integer, in range 1 to 65,535
The LACP aggregation key of this Interface. Interfaces with
different aggregation keys may not be active within a given Port
at the same time.
Virtual Machine Identifiers:
These key-value pairs specifically apply to an interface that
represents a virtual Ethernet interface connected to a virtual machine.
These key-value pairs should not be present for other types of
interfaces. Keys whose names end in -uuid have values that uniquely
identify the entity in question. For a Citrix XenServer hypervisor,
these values are UUIDs in RFC 4122 format. Other hypervisors may use
other formats.
external_ids : attached-mac: optional string
The MAC address programmed into the ``virtual hardware'' for
this interface, in the form xx:xx:xx:xx:xx:xx. For Citrix
XenServer, this is the value of the MAC field in the VIF record
for this interface.
external_ids : iface-id: optional string
A system-unique identifier for the interface. On XenServer,
this will commonly be the same as external_ids:xs-vif-uuid.
external_ids : xs-vif-uuid: optional string
The virtual interface associated with this interface.
external_ids : xs-network-uuid: optional string
The virtual network to which this interface is attached.
external_ids : xs-vm-uuid: optional string
The VM to which this interface belongs.
VLAN Splinters:
The ``VLAN splinters'' feature increases Open vSwitch compatibility
with buggy network drivers in old versions of Linux that do not
properly support VLANs when VLAN devices are not used, at some cost in
memory and performance.
When VLAN splinters are enabled on a particular interface, Open vSwitch
creates a VLAN device for each in-use VLAN. For sending traffic tagged
with a VLAN on the interface, it substitutes the VLAN device. Traffic
received on the VLAN device is treated as if it had been received on
the interface on the particular VLAN.
VLAN splinters consider a VLAN to be in use if:
o The VLAN is the tag value in any Port record.
o The VLAN is listed within the trunks column of the Port
record of an interface on which VLAN splinters are
enabled. An empty trunks does not influence the in-use
VLANs: creating 4,096 VLAN devices is impractical because
it will exceed the current 1,024 port per datapath limit.
o An OpenFlow flow within any bridge matches the VLAN.
The same set of in-use VLANs applies to every interface on which VLAN
splinters are enabled. That is, the set is not chosen separately for
each interface but selected once as the union of all in-use VLANs based
on the rules above.
It does not make sense to enable VLAN splinters on an interface for an
access port, or on an interface that is not a physical port.
VLAN splinters are deprecated. When broken device drivers are no
longer in widespread use, we will delete this feature.
other_config : enable-vlan-splinters: optional string, either true or
false
Set to true to enable VLAN splinters on this interface.
Defaults to false.
VLAN splinters increase kernel and userspace memory overhead, so
do not use them unless they are needed.
Common Columns:
The overall purpose of these columns is described under Common Columns
at the beginning of this document.
other_config: map of string-string pairs
external_ids: map of string-string pairs
QoS TABLE
Quality of Service (QoS) configuration for each Port that references
it.
Summary:
type string
queues map of integer-Queue pairs, key in range
0 to 4,294,967,295
Configuration for linux-htb and linux-hfsc:
other_config : max-rate optional string, containing an integer
Common Columns:
other_config map of string-string pairs
external_ids map of string-string pairs
Details:
type: string
The type of QoS to implement. The capabilities column in the
Open_vSwitch table identifies the types that a switch actually
supports. The currently defined types are listed below:
linux-htb
Linux ``hierarchy token bucket'' classifier. See tc-
htb(8) (also at http://linux.die.net/man/8/tc-htb) and
the HTB manual
(http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm) for
information on how this classifier works and how to
configure it.
linux-hfsc
Linux "Hierarchical Fair Service Curve" classifier. See
http://linux-ip.net/articles/hfsc.en/ for information on
how this classifier works.
queues: map of integer-Queue pairs, key in range 0 to 4,294,967,295
A map from queue numbers to Queue records. The supported range
of queue numbers depend on type. The queue numbers are the same
as the queue_id used in OpenFlow in struct ofp_action_enqueue
and other structures. Queue 0 is used by OpenFlow output
actions that do not specify a specific queue.
Configuration for linux-htb and linux-hfsc:
The linux-htb and linux-hfsc classes support the following key-value
pair:
other_config : max-rate: optional string, containing an integer
Maximum rate shared by all queued traffic, in bit/s. Optional.
If not specified, for physical interfaces, the default is the
link rate. For other interfaces or if the link rate cannot be
determined, the default is currently 100 Mbps.
Common Columns:
The overall purpose of these columns is described under Common Columns
at the beginning of this document.
other_config: map of string-string pairs
external_ids: map of string-string pairs
Queue TABLE
A configuration for a port output queue, used in configuring Quality of
Service (QoS) features. May be referenced by queues column in QoS
table.
Summary:
dscp optional integer, in range 0 to 63
Configuration for min-rate QoS:
other_config : min-rate optional string, containing an integer,
at least 12,000
Configuration for linux-htb QoS:
other_config : min-rate optional string, containing an integer,
at least 1
other_config : max-rate optional string, containing an integer,
at least 1
other_config : burst optional string, containing an integer,
at least 1
other_config : priority optional string, containing an integer,
in range 0 to 4,294,967,295
Configuration for linux-hfsc QoS:
other_config : min-rate optional string, containing an integer,
at least 1
other_config : max-rate optional string, containing an integer,
at least 1
Common Columns:
other_config map of string-string pairs
external_ids map of string-string pairs
Details:
dscp: optional integer, in range 0 to 63
If set, Open vSwitch will mark all traffic egressing this Queue
with the given DSCP bits. Traffic egressing the default Queue
is only marked if it was explicitly selected as the Queue at the
time the packet was output. If unset, the DSCP bits of traffic
egressing this Queue will remain unchanged.
Configuration for min-rate QoS:
These key-value pairs are defined for QoS type of min-rate.
other_config : min-rate: optional string, containing an integer, at
least 12,000
Minimum guaranteed bandwidth, in bit/s. Required. The floor
value is 1500 bytes/s (12,000 bit/s).
Configuration for linux-htb QoS:
These key-value pairs are defined for QoS type of linux-htb.
other_config : min-rate: optional string, containing an integer, at
least 1
Minimum guaranteed bandwidth, in bit/s.
other_config : max-rate: optional string, containing an integer, at
least 1
Maximum allowed bandwidth, in bit/s. Optional. If specified,
the queue's rate will not be allowed to exceed the specified
value, even if excess bandwidth is available. If unspecified,
defaults to no limit.
other_config : burst: optional string, containing an integer, at least
1
Burst size, in bits. This is the maximum amount of ``credits''
that a queue can accumulate while it is idle. Optional.
Details of the linux-htb implementation require a minimum burst
size, so a too-small burst will be silently ignored.
other_config : priority: optional string, containing an integer, in
range 0 to 4,294,967,295
A queue with a smaller priority will receive all the excess
bandwidth that it can use before a queue with a larger value
receives any. Specific priority values are unimportant; only
relative ordering matters. Defaults to 0 if unspecified.
Configuration for linux-hfsc QoS:
These key-value pairs are defined for QoS type of linux-hfsc.
other_config : min-rate: optional string, containing an integer, at
least 1
Minimum guaranteed bandwidth, in bit/s.
other_config : max-rate: optional string, containing an integer, at
least 1
Maximum allowed bandwidth, in bit/s. Optional. If specified,
the queue's rate will not be allowed to exceed the specified
value, even if excess bandwidth is available. If unspecified,
defaults to no limit.
Common Columns:
The overall purpose of these columns is described under Common Columns
at the beginning of this document.
other_config: map of string-string pairs
external_ids: map of string-string pairs
Mirror TABLE
A port mirror within a Bridge.
A port mirror configures a bridge to send selected frames to special
``mirrored'' ports, in addition to their normal destinations.
Mirroring traffic may also be referred to as SPAN or RSPAN, depending
on how the mirrored traffic is sent.
Summary:
name string
Selecting Packets for Mirroring:
select_all boolean
select_dst_port set of weak reference to Ports
select_src_port set of weak reference to Ports
select_vlan set of up to 4,096 integers, in range 0
to 4,095
Mirroring Destination Configuration:
output_port optional weak reference to Port
output_vlan optional integer, in range 1 to 4,095
Statistics: Mirror counters:
statistics : tx_packets optional integer
statistics : tx_bytes optional integer
Common Columns:
external_ids map of string-string pairs
Details:
name: string
Arbitrary identifier for the Mirror.
Selecting Packets for Mirroring:
To be selected for mirroring, a given packet must enter or leave the
bridge through a selected port and it must also be in one of the
selected VLANs.
select_all: boolean
If true, every packet arriving or departing on any port is
selected for mirroring.
select_dst_port: set of weak reference to Ports
Ports on which departing packets are selected for mirroring.
select_src_port: set of weak reference to Ports
Ports on which arriving packets are selected for mirroring.
select_vlan: set of up to 4,096 integers, in range 0 to 4,095
VLANs on which packets are selected for mirroring. An empty set
selects packets on all VLANs.
Mirroring Destination Configuration:
These columns are mutually exclusive. Exactly one of them must be
nonempty.
output_port: optional weak reference to Port
Output port for selected packets, if nonempty.
Specifying a port for mirror output reserves that port
exclusively for mirroring. No frames other than those selected
for mirroring via this column will be forwarded to the port, and
any frames received on the port will be discarded.
The output port may be any kind of port supported by Open
vSwitch. It may be, for example, a physical port (sometimes
called SPAN) or a GRE tunnel.
output_vlan: optional integer, in range 1 to 4,095
Output VLAN for selected packets, if nonempty.
The frames will be sent out all ports that trunk output_vlan, as
well as any ports with implicit VLAN output_vlan. When a
mirrored frame is sent out a trunk port, the frame's VLAN tag
will be set to output_vlan, replacing any existing tag; when it
is sent out an implicit VLAN port, the frame will not be tagged.
This type of mirroring is sometimes called RSPAN.
The following destination MAC addresses will not be mirrored to
a VLAN to avoid confusing switches that interpret the protocols
that they represent:
01:80:c2:00:00:00
IEEE 802.1D Spanning Tree Protocol (STP).
01:80:c2:00:00:01
IEEE Pause frame.
01:80:c2:00:00:0x
Other reserved protocols.
01:00:0c:cc:cc:cc
Cisco Discovery Protocol (CDP), VLAN Trunking Protocol
(VTP), Dynamic Trunking Protocol (DTP), Port Aggregation
Protocol (PAgP), and others.
01:00:0c:cc:cc:cd
Cisco Shared Spanning Tree Protocol PVSTP+.
01:00:0c:cd:cd:cd
Cisco STP Uplink Fast.
01:00:0c:00:00:00
Cisco Inter Switch Link.
Please note: Mirroring to a VLAN can disrupt a network that
contains unmanaged switches. Consider an unmanaged physical
switch with two ports: port 1, connected to an end host, and
port 2, connected to an Open vSwitch configured to mirror
received packets into VLAN 123 on port 2. Suppose that the end
host sends a packet on port 1 that the physical switch forwards
to port 2. The Open vSwitch forwards this packet to its
destination and then reflects it back on port 2 in VLAN 123.
This reflected packet causes the unmanaged physical switch to
replace the MAC learning table entry, which correctly pointed to
port 1, with one that incorrectly points to port 2. Afterward,
the physical switch will direct packets destined for the end
host to the Open vSwitch on port 2, instead of to the end host
on port 1, disrupting connectivity. If mirroring to a VLAN is
desired in this scenario, then the physical switch must be
replaced by one that learns Ethernet addresses on a per-VLAN
basis. In addition, learning should be disabled on the VLAN
containing mirrored traffic. If this is not done then
intermediate switches will learn the MAC address of each end
host from the mirrored traffic. If packets being sent to that
end host are also mirrored, then they will be dropped since the
switch will attempt to send them out the input port. Disabling
learning for the VLAN will cause the switch to correctly send
the packet out all ports configured for that VLAN. If Open
vSwitch is being used as an intermediate switch, learning can be
disabled by adding the mirrored VLAN to flood_vlans in the
appropriate Bridge table or tables.
Mirroring to a GRE tunnel has fewer caveats than mirroring to a
VLAN and should generally be preferred.
Statistics: Mirror counters:
Key-value pairs that report mirror statistics.
statistics : tx_packets: optional integer
Number of packets transmitted through this mirror.
statistics : tx_bytes: optional integer
Number of bytes transmitted through this mirror.
Common Columns:
The overall purpose of these columns is described under Common Columns
at the beginning of this document.
external_ids: map of string-string pairs
Controller TABLE
An OpenFlow controller.
Open vSwitch supports two kinds of OpenFlow controllers:
Primary controllers
This is the kind of controller envisioned by the OpenFlow
1.0 specification. Usually, a primary controller
implements a network policy by taking charge of the
switch's flow table.
Open vSwitch initiates and maintains persistent
connections to primary controllers, retrying the
connection each time it fails or drops. The fail_mode
column in the Bridge table applies to primary
controllers.
Open vSwitch permits a bridge to have any number of
primary controllers. When multiple controllers are
configured, Open vSwitch connects to all of them
simultaneously. Because OpenFlow 1.0 does not specify
how multiple controllers coordinate in interacting with a
single switch, more than one primary controller should be
specified only if the controllers are themselves designed
to coordinate with each other. (The Nicira-defined
NXT_ROLE OpenFlow vendor extension may be useful for
this.)
Service controllers
These kinds of OpenFlow controller connections are
intended for occasional support and maintenance use, e.g.
with ovs-ofctl. Usually a service controller connects
only briefly to inspect or modify some of a switch's
state.
Open vSwitch listens for incoming connections from
service controllers. The service controllers initiate
and, if necessary, maintain the connections from their
end. The fail_mode column in the Bridge table does not
apply to service controllers.
Open vSwitch supports configuring any number of service
controllers.
The target determines the type of controller.
Summary:
Core Features:
target string
connection_mode optional string, either in-band or
out-of-band
Controller Failure Detection and Handling:
max_backoff optional integer, at least 1,000
inactivity_probe optional integer
OpenFlow Rate Limiting:
controller_rate_limit optional integer, at least 100
controller_burst_limit optional integer, at least 25
Additional In-Band Configuration:
local_ip optional string
local_netmask optional string
local_gateway optional string
Controller Status:
is_connected boolean
role optional string, one of slave, other, or
master
status : last_error optional string
status : state optional string, one of ACTIVE, VOID,
CONNECTING, IDLE, or BACKOFF
status : sec_since_connect optional string, containing an integer,
at least 0
status : sec_since_disconnect
optional string, containing an integer,
at least 1
Common Columns:
external_ids map of string-string pairs
Details:
Core Features:
target: string
Connection method for controller.
The following connection methods are currently supported for
primary controllers:
ssl:ip[:port]
The specified SSL port (default: 6633) on the host at the
given ip, which must be expressed as an IP address (not a
DNS name). The ssl column in the Open_vSwitch table must
point to a valid SSL configuration when this form is
used.
SSL support is an optional feature that is not always
built as part of Open vSwitch.
tcp:ip[:port]
The specified TCP port (default: 6633) on the host at the
given ip, which must be expressed as an IP address (not a
DNS name).
The following connection methods are currently supported for
service controllers:
pssl:[port][:ip]
Listens for SSL connections on the specified TCP port
(default: 6633). If ip, which must be expressed as an IP
address (not a DNS name), is specified, then connections
are restricted to the specified local IP address.
The ssl column in the Open_vSwitch table must point to a
valid SSL configuration when this form is used.
SSL support is an optional feature that is not always
built as part of Open vSwitch.
ptcp:[port][:ip]
Listens for connections on the specified TCP port
(default: 6633). If ip, which must be expressed as an IP
address (not a DNS name), is specified, then connections
are restricted to the specified local IP address.
When multiple controllers are configured for a single bridge,
the target values must be unique. Duplicate target values yield
unspecified results.
connection_mode: optional string, either in-band or out-of-band
If it is specified, this setting must be one of the following
strings that describes how Open vSwitch contacts this OpenFlow
controller over the network:
in-band
In this mode, this controller's OpenFlow traffic travels
over the bridge associated with the controller. With
this setting, Open vSwitch allows traffic to and from the
controller regardless of the contents of the OpenFlow
flow table. (Otherwise, Open vSwitch would never be able
to connect to the controller, because it did not have a
flow to enable it.) This is the most common connection
mode because it is not necessary to maintain two
independent networks.
out-of-band
In this mode, OpenFlow traffic uses a control network
separate from the bridge associated with this controller,
that is, the bridge does not use any of its own network
devices to communicate with the controller. The control
network must be configured separately, before or after
ovs-vswitchd is started.
If not specified, the default is implementation-specific.
Controller Failure Detection and Handling:
max_backoff: optional integer, at least 1,000
Maximum number of milliseconds to wait between connection
attempts. Default is implementation-specific.
inactivity_probe: optional integer
Maximum number of milliseconds of idle time on connection to
controller before sending an inactivity probe message. If Open
vSwitch does not communicate with the controller for the
specified number of seconds, it will send a probe. If a
response is not received for the same additional amount of time,
Open vSwitch assumes the connection has been broken and attempts
to reconnect. Default is implementation-specific. A value of 0
disables inactivity probes.
OpenFlow Rate Limiting:
controller_rate_limit: optional integer, at least 100
The maximum rate at which packets in unknown flows will be
forwarded to the OpenFlow controller, in packets per second.
This feature prevents a single bridge from overwhelming the
controller. If not specified, the default is implementation-
specific.
In addition, when a high rate triggers rate-limiting, Open
vSwitch queues controller packets for each port and transmits
them to the controller at the configured rate. The number of
queued packets is limited by the controller_burst_limit value.
The packet queue is shared fairly among the ports on a bridge.
Open vSwitch maintains two such packet rate-limiters per bridge.
One of these applies to packets sent up to the controller
because they do not correspond to any flow. The other applies
to packets sent up to the controller by request through flow
actions. When both rate-limiters are filled with packets, the
actual rate that packets are sent to the controller is up to
twice the specified rate.
controller_burst_limit: optional integer, at least 25
In conjunction with controller_rate_limit, the maximum number of
unused packet credits that the bridge will allow to accumulate,
in packets. If not specified, the default is implementation-
specific.
Additional In-Band Configuration:
These values are considered only in in-band control mode (see
connection_mode).
When multiple controllers are configured on a single bridge, there
should be only one set of unique values in these columns. If different
values are set for these columns in different controllers, the effect
is unspecified.
local_ip: optional string
The IP address to configure on the local port, e.g.
192.168.0.123. If this value is unset, then local_netmask and
local_gateway are ignored.
local_netmask: optional string
The IP netmask to configure on the local port, e.g.
255.255.255.0. If local_ip is set but this value is unset, then
the default is chosen based on whether the IP address is class
A, B, or C.
local_gateway: optional string
The IP address of the gateway to configure on the local port, as
a string, e.g. 192.168.0.1. Leave this column unset if this
network has no gateway.
Controller Status:
is_connected: boolean
true if currently connected to this controller, false otherwise.
role: optional string, one of slave, other, or master
The level of authority this controller has on the associated
bridge. Possible values are:
other Allows the controller access to all OpenFlow features.
master Equivalent to other, except that there may be at most one
master controller at a time. When a controller
configures itself as master, any existing master is
demoted to the slaverole.
slave Allows the controller read-only access to OpenFlow
features. Attempts to modify the flow table will be
rejected with an error. Slave controllers do not receive
OFPT_PACKET_IN or OFPT_FLOW_REMOVED messages, but they do
receive OFPT_PORT_STATUS messages.
status : last_error: optional string
A human-readable description of the last error on the connection
to the controller; i.e. strerror(errno). This key will exist
only if an error has occurred.
status : state: optional string, one of ACTIVE, VOID, CONNECTING, IDLE,
or BACKOFF
The state of the connection to the controller:
VOID Connection is disabled.
BACKOFF
Attempting to reconnect at an increasing period.
CONNECTING
Attempting to connect.
ACTIVE Connected, remote host responsive.
IDLE Connection is idle. Waiting for response to keep-alive.
These values may change in the future. They are provided only
for human consumption.
status : sec_since_connect: optional string, containing an integer, at
least 0
The amount of time since this controller last successfully
connected to the switch (in seconds). Value is empty if
controller has never successfully connected.
status : sec_since_disconnect: optional string, containing an integer,
at least 1
The amount of time since this controller last disconnected from
the switch (in seconds). Value is empty if controller has never
disconnected.
Common Columns:
The overall purpose of these columns is described under Common Columns
at the beginning of this document.
external_ids: map of string-string pairs
Manager TABLE
Configuration for a database connection to an Open vSwitch database
(OVSDB) client.
This table primarily configures the Open vSwitch database
(ovsdb-server), not the Open vSwitch switch (ovs-vswitchd). The switch
does read the table to determine what connections should be treated as
in-band.
The Open vSwitch database server can initiate and maintain active
connections to remote clients. It can also listen for database
connections.
Summary:
Core Features:
target string (must be unique within table)
connection_mode optional string, either in-band or
out-of-band
Client Failure Detection and Handling:
max_backoff optional integer, at least 1,000
inactivity_probe optional integer
Status:
is_connected boolean
status : last_error optional string
status : state optional string, one of ACTIVE, VOID,
CONNECTING, IDLE, or BACKOFF
status : sec_since_connect optional string, containing an integer,
at least 0
status : sec_since_disconnect
optional string, containing an integer,
at least 0
status : locks_held optional string
status : locks_waiting optional string
status : locks_lost optional string
status : n_connections optional string, containing an integer,
at least 2
Common Columns:
external_ids map of string-string pairs
Details:
Core Features:
target: string (must be unique within table)
Connection method for managers.
The following connection methods are currently supported:
ssl:ip[:port]
The specified SSL port (default: 6632) on the host at the
given ip, which must be expressed as an IP address (not a
DNS name). The ssl column in the Open_vSwitch table must
point to a valid SSL configuration when this form is
used.
SSL support is an optional feature that is not always
built as part of Open vSwitch.
tcp:ip[:port]
The specified TCP port (default: 6632) on the host at the
given ip, which must be expressed as an IP address (not a
DNS name).
pssl:[port][:ip]
Listens for SSL connections on the specified TCP port
(default: 6632). If ip, which must be expressed as an IP
address (not a DNS name), is specified, then connections
are restricted to the specified local IP address.
The ssl column in the Open_vSwitch table must point to a
valid SSL configuration when this form is used.
SSL support is an optional feature that is not always
built as part of Open vSwitch.
ptcp:[port][:ip]
Listens for connections on the specified TCP port
(default: 6632). If ip, which must be expressed as an IP
address (not a DNS name), is specified, then connections
are restricted to the specified local IP address.
When multiple managers are configured, the target values must be
unique. Duplicate target values yield unspecified results.
connection_mode: optional string, either in-band or out-of-band
If it is specified, this setting must be one of the following
strings that describes how Open vSwitch contacts this OVSDB
client over the network:
in-band
In this mode, this connection's traffic travels over a
bridge managed by Open vSwitch. With this setting, Open
vSwitch allows traffic to and from the client regardless
of the contents of the OpenFlow flow table. (Otherwise,
Open vSwitch would never be able to connect to the
client, because it did not have a flow to enable it.)
This is the most common connection mode because it is not
necessary to maintain two independent networks.
out-of-band
In this mode, the client's traffic uses a control network
separate from that managed by Open vSwitch, that is, Open
vSwitch does not use any of its own network devices to
communicate with the client. The control network must be
configured separately, before or after ovs-vswitchd is
started.
If not specified, the default is implementation-specific.
Client Failure Detection and Handling:
max_backoff: optional integer, at least 1,000
Maximum number of milliseconds to wait between connection
attempts. Default is implementation-specific.
inactivity_probe: optional integer
Maximum number of milliseconds of idle time on connection to the
client before sending an inactivity probe message. If Open
vSwitch does not communicate with the client for the specified
number of seconds, it will send a probe. If a response is not
received for the same additional amount of time, Open vSwitch
assumes the connection has been broken and attempts to
reconnect. Default is implementation-specific. A value of 0
disables inactivity probes.
Status:
is_connected: boolean
true if currently connected to this manager, false otherwise.
status : last_error: optional string
A human-readable description of the last error on the connection
to the manager; i.e. strerror(errno). This key will exist only
if an error has occurred.
status : state: optional string, one of ACTIVE, VOID, CONNECTING, IDLE,
or BACKOFF
The state of the connection to the manager:
VOID Connection is disabled.
BACKOFF
Attempting to reconnect at an increasing period.
CONNECTING
Attempting to connect.
ACTIVE Connected, remote host responsive.
IDLE Connection is idle. Waiting for response to keep-alive.
These values may change in the future. They are provided only
for human consumption.
status : sec_since_connect: optional string, containing an integer, at
least 0
The amount of time since this manager last successfully
connected to the database (in seconds). Value is empty if
manager has never successfully connected.
status : sec_since_disconnect: optional string, containing an integer,
at least 0
The amount of time since this manager last disconnected from the
database (in seconds). Value is empty if manager has never
disconnected.
status : locks_held: optional string
Space-separated list of the names of OVSDB locks that the
connection holds. Omitted if the connection does not hold any
locks.
status : locks_waiting: optional string
Space-separated list of the names of OVSDB locks that the
connection is currently waiting to acquire. Omitted if the
connection is not waiting for any locks.
status : locks_lost: optional string
Space-separated list of the names of OVSDB locks that the
connection has had stolen by another OVSDB client. Omitted if
no locks have been stolen from this connection.
status : n_connections: optional string, containing an integer, at
least 2
When target specifies a connection method that listens for
inbound connections (e.g. ptcp: or pssl:) and more than one
connection is actually active, the value is the number of active
connections. Otherwise, this key-value pair is omitted.
When multiple connections are active, status columns and key-
value pairs (other than this one) report the status of one
arbitrarily chosen connection.
Common Columns:
The overall purpose of these columns is described under Common Columns
at the beginning of this document.
external_ids: map of string-string pairs
NetFlow TABLE
A NetFlow target. NetFlow is a protocol that exports a number of
details about terminating IP flows, such as the principals involved and
duration.
Summary:
targets set of 1 or more strings
engine_id optional integer, in range 0 to 255
engine_type optional integer, in range 0 to 255
active_timeout integer, at least -1
add_id_to_interface boolean
Common Columns:
external_ids map of string-string pairs
Details:
targets: set of 1 or more strings
NetFlow targets in the form ip:port. The ip must be specified
numerically, not as a DNS name.
engine_id: optional integer, in range 0 to 255
Engine ID to use in NetFlow messages. Defaults to datapath
index if not specified.
engine_type: optional integer, in range 0 to 255
Engine type to use in NetFlow messages. Defaults to datapath
index if not specified.
active_timeout: integer, at least -1
The interval at which NetFlow records are sent for flows that
are still active, in seconds. A value of 0 requests the default
timeout (currently 600 seconds); a value of -1 disables active
timeouts.
add_id_to_interface: boolean
If this column's value is false, the ingress and egress
interface fields of NetFlow flow records are derived from
OpenFlow port numbers. When it is true, the 7 most significant
bits of these fields will be replaced by the least significant 7
bits of the engine id. This is useful because many NetFlow
collectors do not expect multiple switches to be sending
messages from the same host, so they do not store the engine
information which could be used to disambiguate the traffic.
When this option is enabled, a maximum of 508 ports are
supported.
Common Columns:
The overall purpose of these columns is described under Common Columns
at the beginning of this document.
external_ids: map of string-string pairs
SSL TABLE
SSL configuration for an Open_vSwitch.
Summary:
private_key string
certificate string
ca_cert string
bootstrap_ca_cert boolean
Common Columns:
external_ids map of string-string pairs
Details:
private_key: string
Name of a PEM file containing the private key used as the
switch's identity for SSL connections to the controller.
certificate: string
Name of a PEM file containing a certificate, signed by the
certificate authority (CA) used by the controller and manager,
that certifies the switch's private key, identifying a
trustworthy switch.
ca_cert: string
Name of a PEM file containing the CA certificate used to verify
that the switch is connected to a trustworthy controller.
bootstrap_ca_cert: boolean
If set to true, then Open vSwitch will attempt to obtain the CA
certificate from the controller on its first SSL connection and
save it to the named PEM file. If it is successful, it will
immediately drop the connection and reconnect, and from then on
all SSL connections must be authenticated by a certificate
signed by the CA certificate thus obtained. This option exposes
the SSL connection to a man-in-the-middle attack obtaining the
initial CA certificate. It may still be useful for
bootstrapping.
Common Columns:
The overall purpose of these columns is described under Common Columns
at the beginning of this document.
external_ids: map of string-string pairs
sFlow TABLE
An sFlow(R) target. sFlow is a protocol for remote monitoring of
switches.
Summary:
agent optional string
header optional integer
polling optional integer
sampling optional integer
targets set of 1 or more strings
Common Columns:
external_ids map of string-string pairs
Details:
agent: optional string
Name of the network device whose IP address should be reported
as the ``agent address'' to collectors. If not specified, the
IP address defaults to the local_ip in the collector's
Controller. If an agent IP address cannot be determined either
way, sFlow is disabled.
header: optional integer
Number of bytes of a sampled packet to send to the collector.
If not specified, the default is 128 bytes.
polling: optional integer
Polling rate in seconds to send port statistics to the
collector. If not specified, defaults to 30 seconds.
sampling: optional integer
Rate at which packets should be sampled and sent to the
collector. If not specified, defaults to 400, which means one
out of 400 packets, on average, will be sent to the collector.
targets: set of 1 or more strings
sFlow targets in the form ip:port.
Common Columns:
The overall purpose of these columns is described under Common Columns
at the beginning of this document.
external_ids: map of string-string pairs
Capability TABLE
Records in this table describe functionality supported by the hardware
and software platform on which this Open vSwitch is based. Clients
should not modify this table.
A record in this table is meaningful only if it is referenced by the
capabilities column in the Open_vSwitch table. The key used to
reference it, called the record's ``category,'' determines the meanings
of the details column. The following general forms of categories are
currently defined:
qos-type
type is supported as the value for type in the QoS table.
Summary:
details map of string-string pairs
Details:
details: map of string-string pairs
Key-value pairs that describe capabilities. The meaning of the
pairs depends on the category key that the capabilities column
in the Open_vSwitch table uses to reference this record, as
described above.
The presence of a record for category qos-type indicates that
the switch supports type as the value of the type column in the
QoS table. The following key-value pairs are defined to further
describe QoS capabilities:
n-queues
Number of supported queues, as a positive integer. Keys
in the queues column for QoS records whose type value
equals type must range between 0 and this value minus
one, inclusive.