Provided by: openvswitch-switch_2.0.2-0ubuntu0.14.04.3_amd64 
NAME
Open_vSwitch - Open_vSwitch database schema
A database with this schema holds the configuration for one Open vSwitch daemon. The top-
level configuration for the daemon is the Open_vSwitch table, which must have exactly one
record. Records in other tables are significant only when they can be reached directly or
indirectly from the Open_vSwitch table. Records that are not reachable from the
Open_vSwitch table are automatically deleted from the database, except for records in a
few distinguished ``root set’’ tables.
Common Columns
Most tables contain two special columns, named other_config and external_ids. These
columns have the same form and purpose each place that they appear, so we describe them
here to save space later.
other_config: map of string-string pairs
Key-value pairs for configuring rarely used features. Supported keys, along
with the forms taken by their values, are documented individually for each
table.
A few tables do not have other_config columns because no key-value pairs
have yet been defined for them.
external_ids: map of string-string pairs
Key-value pairs for use by external frameworks that integrate with Open
vSwitch, rather than by Open vSwitch itself. System integrators should
either use the Open vSwitch development mailing list to coordinate on common
key-value definitions, or choose key names that are likely to be unique. In
some cases, where key-value pairs have been defined that are likely to be
widely useful, they are documented individually for each table.
TABLE SUMMARY
The following list summarizes the purpose of each of the tables in the Open_vSwitch
database. Each table is described in more detail on a later page.
Table Purpose
Open_vSwitch
Open vSwitch configuration.
Bridge Bridge configuration.
Port Port configuration.
Interface One physical network device in a Port.
Flow_Table
OpenFlow table configuration
QoS Quality of Service configuration
Queue QoS output queue.
Mirror Port mirroring.
Controller
OpenFlow controller configuration.
Manager OVSDB management connection.
NetFlow NetFlow configuration.
SSL SSL configuration.
sFlow sFlow configuration.
IPFIX IPFIX configuration.
Flow_Sample_Collector_Set
Flow_Sample_Collector_Set configuration.
Open_vSwitch TABLE
Configuration for an Open vSwitch daemon. There must be exactly one record in the
Open_vSwitch table.
Summary:
Configuration:
bridges set of Bridges
ssl optional SSL
external_ids : system-id optional string
external_ids : xs-system-uuid
optional string
other_config : flow-restore-wait
optional string, either true or false
other_config : flow-eviction-threshold
optional string, containing an integer, at least 0
other_config : force-miss-model
optional string
other_config : n-handler-threads
optional string, containing an integer, at least 1
Status:
next_cfg integer
cur_cfg integer
Statistics:
other_config : enable-statistics
optional string, either true or false
statistics : cpu optional string, containing an integer, at least 1
statistics : load_average
optional string
statistics : memory optional string
statistics : process_NAME
optional string
statistics : file_systems
optional string
Version Reporting:
ovs_version optional string
db_version optional string
system_type optional string
system_version optional string
Database Configuration:
manager_options set of Managers
Common Columns:
other_config map of string-string pairs
external_ids map of string-string pairs
Details:
Configuration:
bridges: set of Bridges
Set of bridges managed by the daemon.
ssl: optional SSL
SSL used globally by the daemon.
external_ids : system-id: optional string
A unique identifier for the Open vSwitch’s physical host. The form of the
identifier depends on the type of the host. On a Citrix XenServer, this will
likely be the same as external_ids:xs-system-uuid.
external_ids : xs-system-uuid: optional string
The Citrix XenServer universally unique identifier for the physical host as
displayed by xe host-list.
other_config : flow-restore-wait: optional string, either true or false
When ovs-vswitchd starts up, it has an empty flow table and therefore it handles
all arriving packets in its default fashion according to its configuration, by
dropping them or sending them to an OpenFlow controller or switching them as a
standalone switch. This behavior is ordinarily desirable. However, if
ovs-vswitchd is restarting as part of a ``hot-upgrade,’’ then this leads to a
relatively long period during which packets are mishandled.
This option allows for improvement. When ovs-vswitchd starts with this value set
as true, it will neither flush or expire previously set datapath flows nor will it
send and receive any packets to or from the datapath. When this value is later set
to false, ovs-vswitchd will start receiving packets from the datapath and re-setup
the flows.
Thus, with this option, the procedure for a hot-upgrade of ovs-vswitchd becomes
roughly the following:
1.
Stop ovs-vswitchd.
2.
Set other_config:flow-restore-wait to true.
3.
Start ovs-vswitchd.
4.
Use ovs-ofctl (or some other program, such as an OpenFlow controller) to restore
the OpenFlow flow table to the desired state.
5.
Set other_config:flow-restore-wait to false (or remove it entirely from the
database).
The ovs-ctl’s ``restart’’ and ``force-reload-kmod’’ functions use the above config
option during hot upgrades.
other_config : flow-eviction-threshold: optional string, containing an integer, at least 0
A number of flows as a nonnegative integer. This sets number of flows at which
eviction from the datapath flow table will be triggered. If there are a large
number of flows then increasing this value to around the number of flows present
can result in reduced CPU usage and packet loss.
The default is 2500. Values below 100 will be rounded up to 100.
other_config : force-miss-model: optional string
Specifies userspace behaviour for handling flow misses. This takes precedence over
flow-eviction-threshold.
auto Handle automatically based on the flow-eviction-threshold and the flow setup
governer (default, recommended).
with-facets
Always create facets. Expensive kernel flow creation and statistics tracking
is always performed, even on flows with only a small number of packets.
without-facets
Always handle without facets. Forces flow misses to be handled in userspace.
May cause an increase in CPU usage and packet loss on high throughput.
other_config : n-handler-threads: optional string, containing an integer, at least 1
Specifies the number of threads for software datapaths to use for handling new
flows. The default is two less than the number of online CPU cores (but at least
1).
This configuration is per datapath. If you have more than one software datapath
(e.g. some system bridges and some netdev bridges), then the total number of
threads is n-handler-threads times the number of software datapaths.
Status:
next_cfg: integer
Sequence number for client to increment. When a client modifies any part of the
database configuration and wishes to wait for Open vSwitch to finish applying the
changes, it may increment this sequence number.
cur_cfg: integer
Sequence number that Open vSwitch sets to the current value of next_cfg after it
finishes applying a set of configuration changes.
Statistics:
The statistics column contains key-value pairs that report statistics about a system
running an Open vSwitch. These are updated periodically (currently, every 5 seconds).
Key-value pairs that cannot be determined or that do not apply to a platform are omitted.
other_config : enable-statistics: optional string, either true or false
Statistics are disabled by default to avoid overhead in the common case when
statistics gathering is not useful. Set this value to true to enable populating
the statistics column or to false to explicitly disable it.
statistics : cpu: optional string, containing an integer, at least 1
Number of CPU processors, threads, or cores currently online and available to the
operating system on which Open vSwitch is running, as an integer. This may be less
than the number installed, if some are not online or if they are not available to
the operating system.
Open vSwitch userspace processes are not multithreaded, but the Linux kernel-based
datapath is.
statistics : load_average: optional string
A comma-separated list of three floating-point numbers, representing the system
load average over the last 1, 5, and 15 minutes, respectively.
statistics : memory: optional string
A comma-separated list of integers, each of which represents a quantity of memory
in kilobytes that describes the operating system on which Open vSwitch is running.
In respective order, these values are:
1.
Total amount of RAM allocated to the OS.
2.
RAM allocated to the OS that is in use.
3.
RAM that can be flushed out to disk or otherwise discarded if that space is
needed for another purpose. This number is necessarily less than or equal to the
previous value.
4.
Total disk space allocated for swap.
5.
Swap space currently in use.
On Linux, all five values can be determined and are included. On other operating
systems, only the first two values can be determined, so the list will only have
two values.
statistics : process_NAME: optional string
One such key-value pair, with NAME replaced by a process name, will exist for each
running Open vSwitch daemon process, with name replaced by the daemon’s name (e.g.
process_ovs-vswitchd). The value is a comma-separated list of integers. The
integers represent the following, with memory measured in kilobytes and durations
in milliseconds:
1.
The process’s virtual memory size.
2.
The process’s resident set size.
3.
The amount of user and system CPU time consumed by the process.
4.
The number of times that the process has crashed and been automatically restarted
by the monitor.
5.
The duration since the process was started.
6.
The duration for which the process has been running.
The interpretation of some of these values depends on whether the process was
started with the --monitor. If it was not, then the crash count will always be 0
and the two durations will always be the same. If --monitor was given, then the
crash count may be positive; if it is, the latter duration is the amount of time
since the most recent crash and restart.
There will be one key-value pair for each file in Open vSwitch’s ``run directory’’
(usually /var/run/openvswitch) whose name ends in .pid, whose contents are a
process ID, and which is locked by a running process. The name is taken from the
pidfile’s name.
Currently Open vSwitch is only able to obtain all of the above detail on Linux
systems. On other systems, the same key-value pairs will be present but the values
will always be the empty string.
statistics : file_systems: optional string
A space-separated list of information on local, writable file systems. Each item
in the list describes one file system and consists in turn of a comma-separated
list of the following:
1.
Mount point, e.g. / or /var/log. Any spaces or commas in the mount point are
replaced by underscores.
2.
Total size, in kilobytes, as an integer.
3.
Amount of storage in use, in kilobytes, as an integer.
This key-value pair is omitted if there are no local, writable file systems or if
Open vSwitch cannot obtain the needed information.
Version Reporting:
These columns report the types and versions of the hardware and software running Open
vSwitch. We recommend in general that software should test whether specific features are
supported instead of relying on version number checks. These values are primarily
intended for reporting to human administrators.
ovs_version: optional string
The Open vSwitch version number, e.g. 1.1.0.
db_version: optional string
The database schema version number in the form major.minor.tweak, e.g. 1.2.3.
Whenever the database schema is changed in a non-backward compatible way (e.g.
deleting a column or a table), major is incremented. When the database schema is
changed in a backward compatible way (e.g. adding a new column), minor is
incremented. When the database schema is changed cosmetically (e.g. reindenting
its syntax), tweak is incremented.
The schema version is part of the database schema, so it can also be retrieved by
fetching the schema using the Open vSwitch database protocol.
system_type: optional string
An identifier for the type of system on top of which Open vSwitch runs, e.g.
XenServer or KVM.
System integrators are responsible for choosing and setting an appropriate value
for this column.
system_version: optional string
The version of the system identified by system_type, e.g. 5.6.100-39265p on
XenServer 5.6.100 build 39265.
System integrators are responsible for choosing and setting an appropriate value
for this column.
Database Configuration:
These columns primarily configure the Open vSwitch database (ovsdb-server), not the Open
vSwitch switch (ovs-vswitchd). The OVSDB database also uses the ssl settings.
The Open vSwitch switch does read the database configuration to determine remote IP
addresses to which in-band control should apply.
manager_options: set of Managers
Database clients to which the Open vSwitch database server should connect or to
which it should listen, along with options for how these connection should be
configured. See the Manager table for more information.
Common Columns:
The overall purpose of these columns is described under Common Columns at the beginning of
this document.
other_config: map of string-string pairs
external_ids: map of string-string pairs
Bridge TABLE
Configuration for a bridge within an Open_vSwitch.
A Bridge record represents an Ethernet switch with one or more ``ports,’’ which are the
Port records pointed to by the Bridge’s ports column.
Summary:
Core Features:
name string (must be unique within table)
ports set of Ports
mirrors set of Mirrors
netflow optional NetFlow
sflow optional sFlow
ipfix optional IPFIX
flood_vlans set of up to 4,096 integers, in range 0 to 4,095
OpenFlow Configuration:
controller set of Controllers
flow_tables map of integer-Flow_Table pairs, key in range 0 to 254
fail_mode optional string, either secure or standalone
datapath_id optional string
other_config : datapath-id optional string
other_config : dp-desc optional string
other_config : disable-in-band
optional string, either true or false
other_config : in-band-queue
optional string, containing an integer, in range 0 to
4,294,967,295
protocols set of strings, one of OpenFlow11, OpenFlow10, OpenFlow13,
or OpenFlow12
Spanning Tree Configuration:
stp_enable boolean
other_config : stp-system-id
optional string
other_config : stp-priority
optional string, containing an integer, in range 0 to 65,535
other_config : stp-hello-time
optional string, containing an integer, in range 1 to 10
other_config : stp-max-age optional string, containing an integer, in range 6 to 40
other_config : stp-forward-delay
optional string, containing an integer, in range 4 to 30
Other Features:
datapath_type string
external_ids : bridge-id optional string
external_ids : xs-network-uuids
optional string
other_config : hwaddr optional string
other_config : forward-bpdu
optional string, either true or false
other_config : mac-aging-time
optional string, containing an integer, at least 1
other_config : mac-table-size
optional string, containing an integer, at least 1
Bridge Status:
status map of string-string pairs
status : stp_bridge_id optional string
status : stp_designated_root
optional string
status : stp_root_path_cost
optional string
Common Columns:
other_config map of string-string pairs
external_ids map of string-string pairs
Details:
Core Features:
name: string (must be unique within table)
Bridge identifier. Should be alphanumeric and no more than about 8 bytes long.
Must be unique among the names of ports, interfaces, and bridges on a host.
ports: set of Ports
Ports included in the bridge.
mirrors: set of Mirrors
Port mirroring configuration.
netflow: optional NetFlow
NetFlow configuration.
sflow: optional sFlow
sFlow(R) configuration.
ipfix: optional IPFIX
IPFIX configuration.
flood_vlans: set of up to 4,096 integers, in range 0 to 4,095
VLAN IDs of VLANs on which MAC address learning should be disabled, so that packets
are flooded instead of being sent to specific ports that are believed to contain
packets’ destination MACs. This should ordinarily be used to disable MAC learning
on VLANs used for mirroring (RSPAN VLANs). It may also be useful for debugging.
SLB bonding (see the bond_mode column in the Port table) is incompatible with
flood_vlans. Consider using another bonding mode or a different type of mirror
instead.
OpenFlow Configuration:
controller: set of Controllers
OpenFlow controller set. If unset, then no OpenFlow controllers will be used.
If there are primary controllers, removing all of them clears the flow table. If
there are no primary controllers, adding one also clears the flow table. Other
changes to the set of controllers, such as adding or removing a service controller,
adding another primary controller to supplement an existing primary controller, or
removing only one of two primary controllers, have no effect on the flow table.
flow_tables: map of integer-Flow_Table pairs, key in range 0 to 254
Configuration for OpenFlow tables. Each pair maps from an OpenFlow table ID to
configuration for that table.
fail_mode: optional string, either secure or standalone
When a controller is configured, it is, ordinarily, responsible for setting up all
flows on the switch. Thus, if the connection to the controller fails, no new
network connections can be set up. If the connection to the controller stays down
long enough, no packets can pass through the switch at all. This setting
determines the switch’s response to such a situation. It may be set to one of the
following:
standalone
If no message is received from the controller for three times the inactivity
probe interval (see inactivity_probe), then Open vSwitch will take over
responsibility for setting up flows. In this mode, Open vSwitch causes the
bridge to act like an ordinary MAC-learning switch. Open vSwitch will
continue to retry connecting to the controller in the background and, when
the connection succeeds, it will discontinue its standalone behavior.
secure Open vSwitch will not set up flows on its own when the controller connection
fails or when no controllers are defined. The bridge will continue to retry
connecting to any defined controllers forever.
The default is standalone if the value is unset, but future versions of Open
vSwitch may change the default.
The standalone mode can create forwarding loops on a bridge that has more than one
uplink port unless STP is enabled. To avoid loops on such a bridge, configure
secure mode or enable STP (see stp_enable).
When more than one controller is configured, fail_mode is considered only when none
of the configured controllers can be contacted.
Changing fail_mode when no primary controllers are configured clears the flow
table.
datapath_id: optional string
Reports the OpenFlow datapath ID in use. Exactly 16 hex digits. (Setting this
column has no useful effect. Set other-config:datapath-id instead.)
other_config : datapath-id: optional string
Exactly 16 hex digits to set the OpenFlow datapath ID to a specific value. May not
be all-zero.
other_config : dp-desc: optional string
Human readable description of datapath. It it a maximum 256 byte-long free-form
string to describe the datapath for debugging purposes, e.g. switch3 in room 3120.
other_config : disable-in-band: optional string, either true or false
If set to true, disable in-band control on the bridge regardless of controller and
manager settings.
other_config : in-band-queue: optional string, containing an integer, in range 0 to
4,294,967,295
A queue ID as a nonnegative integer. This sets the OpenFlow queue ID that will be
used by flows set up by in-band control on this bridge. If unset, or if the port
used by an in-band control flow does not have QoS configured, or if the port does
not have a queue with the specified ID, the default queue is used instead.
protocols: set of strings, one of OpenFlow11, OpenFlow10, OpenFlow13, or OpenFlow12
List of OpenFlow protocols that may be used when negotiating a connection with a
controller. A default value of OpenFlow10 will be used if this column is empty.
Spanning Tree Configuration:
The IEEE 802.1D Spanning Tree Protocol (STP) is a network protocol that ensures loop-free
topologies. It allows redundant links to be included in the network to provide automatic
backup paths if the active links fails.
stp_enable: boolean
Enable spanning tree on the bridge. By default, STP is disabled on bridges. Bond,
internal, and mirror ports are not supported and will not participate in the
spanning tree.
other_config : stp-system-id: optional string
The bridge’s STP identifier (the lower 48 bits of the bridge-id) in the form
xx:xx:xx:xx:xx:xx. By default, the identifier is the MAC address of the bridge.
other_config : stp-priority: optional string, containing an integer, in range 0 to 65,535
The bridge’s relative priority value for determining the root bridge (the upper 16
bits of the bridge-id). A bridge with the lowest bridge-id is elected the root.
By default, the priority is 0x8000.
other_config : stp-hello-time: optional string, containing an integer, in range 1 to 10
The interval between transmissions of hello messages by designated ports, in
seconds. By default the hello interval is 2 seconds.
other_config : stp-max-age: optional string, containing an integer, in range 6 to 40
The maximum age of the information transmitted by the bridge when it is the root
bridge, in seconds. By default, the maximum age is 20 seconds.
other_config : stp-forward-delay: optional string, containing an integer, in range 4 to 30
The delay to wait between transitioning root and designated ports to forwarding, in
seconds. By default, the forwarding delay is 15 seconds.
Other Features:
datapath_type: string
Name of datapath provider. The kernel datapath has type system. The userspace
datapath has type netdev.
external_ids : bridge-id: optional string
A unique identifier of the bridge. On Citrix XenServer this will commonly be the
same as external_ids:xs-network-uuids.
external_ids : xs-network-uuids: optional string
Semicolon-delimited set of universally unique identifier(s) for the network with
which this bridge is associated on a Citrix XenServer host. The network
identifiers are RFC 4122 UUIDs as displayed by, e.g., xe network-list.
other_config : hwaddr: optional string
An Ethernet address in the form xx:xx:xx:xx:xx:xx to set the hardware address of
the local port and influence the datapath ID.
other_config : forward-bpdu: optional string, either true or false
Option to allow forwarding of BPDU frames when NORMAL action is invoked. Frames
with reserved Ethernet addresses (e.g. STP BPDU) will be forwarded when this option
is enabled and the switch is not providing that functionality. If STP is enabled
on the port, STP BPDUs will never be forwarded. If the Open vSwitch bridge is used
to connect different Ethernet networks, and if Open vSwitch node does not run STP,
then this option should be enabled. Default is disabled, set to true to enable.
The following destination MAC addresss will not be forwarded when this option is
enabled.
01:80:c2:00:00:00
IEEE 802.1D Spanning Tree Protocol (STP).
01:80:c2:00:00:01
IEEE Pause frame.
01:80:c2:00:00:0x
Other reserved protocols.
00:e0:2b:00:00:00
Extreme Discovery Protocol (EDP).
00:e0:2b:00:00:04 and 00:e0:2b:00:00:06
Ethernet Automatic Protection Switching (EAPS).
01:00:0c:cc:cc:cc
Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP), Dynamic
Trunking Protocol (DTP), Port Aggregation Protocol (PAgP), and others.
01:00:0c:cc:cc:cd
Cisco Shared Spanning Tree Protocol PVSTP+.
01:00:0c:cd:cd:cd
Cisco STP Uplink Fast.
01:00:0c:00:00:00
Cisco Inter Switch Link.
01:00:0c:cc:cc:cx
Cisco CFM.
other_config : mac-aging-time: optional string, containing an integer, at least 1
The maximum number of seconds to retain a MAC learning entry for which no packets
have been seen. The default is currently 300 seconds (5 minutes). The value, if
specified, is forced into a reasonable range, currently 15 to 3600 seconds.
A short MAC aging time allows a network to more quickly detect that a host is no
longer connected to a switch port. However, it also makes it more likely that
packets will be flooded unnecessarily, when they are addressed to a connected host
that rarely transmits packets. To reduce the incidence of unnecessary flooding,
use a MAC aging time longer than the maximum interval at which a host will
ordinarily transmit packets.
other_config : mac-table-size: optional string, containing an integer, at least 1
The maximum number of MAC addresses to learn. The default is currently 2048. The
value, if specified, is forced into a reasonable range, currently 10 to 1,000,000.
Bridge Status:
Status information about bridges.
status: map of string-string pairs
Key-value pairs that report bridge status.
status : stp_bridge_id: optional string
The bridge-id (in hex) used in spanning tree advertisements. Configuring the
bridge-id is described in the stp-system-id and stp-priority keys of the
other_config section earlier.
status : stp_designated_root: optional string
The designated root (in hex) for this spanning tree.
status : stp_root_path_cost: optional string
The path cost of reaching the designated bridge. A lower number is better.
Common Columns:
The overall purpose of these columns is described under Common Columns at the beginning of
this document.
other_config: map of string-string pairs
external_ids: map of string-string pairs
Port TABLE
A port within a Bridge.
Most commonly, a port has exactly one ``interface,’’ pointed to by its interfaces column.
Such a port logically corresponds to a port on a physical Ethernet switch. A port with
more than one interface is a ``bonded port’’ (see Bonding Configuration).
Some properties that one might think as belonging to a port are actually part of the
port’s Interface members.
Summary:
name string (must be unique within table)
interfaces set of 1 or more Interfaces
VLAN Configuration:
vlan_mode optional string, one of access, native-tagged,
native-untagged, or trunk
tag optional integer, in range 0 to 4,095
trunks set of up to 4,096 integers, in range 0 to 4,095
other_config : priority-tags
optional string, either true or false
Bonding Configuration:
bond_mode optional string, one of active-backup, balance-tcp, or
balance-slb
other_config : bond-hash-basis
optional string, containing an integer
Link Failure Detection:
other_config : bond-detect-mode
optional string, either miimon or carrier
other_config : bond-miimon-interval
optional string, containing an integer
bond_updelay integer
bond_downdelay integer
LACP Configuration:
lacp optional string, one of active, passive, or off
other_config : lacp-system-id
optional string
other_config : lacp-system-priority
optional string, containing an integer, in range 1 to 65,535
other_config : lacp-time optional string, either slow or fast
Rebalancing Configuration:
other_config : bond-rebalance-interval
optional string, containing an integer, in range 0 to 10,000
bond_fake_iface boolean
Spanning Tree Configuration:
other_config : stp-enable optional string, either true or false
other_config : stp-port-num
optional string, containing an integer, in range 1 to 255
other_config : stp-port-priority
optional string, containing an integer, in range 0 to 255
other_config : stp-path-cost
optional string, containing an integer, in range 0 to 65,535
Other Features:
qos optional QoS
mac optional string
fake_bridge boolean
external_ids : fake-bridge-id-*
optional string
Port Status:
status map of string-string pairs
status : stp_port_id optional string
status : stp_state optional string, one of disabled, forwarding, learning,
listening, or blocking
status : stp_sec_in_state optional string, containing an integer, at least 0
status : stp_role optional string, one of designated, alternate, or root
Port Statistics:
Statistics: STP transmit and receive counters:
statistics : stp_tx_count
optional integer
statistics : stp_rx_count
optional integer
statistics : stp_error_count
optional integer
Common Columns:
other_config map of string-string pairs
external_ids map of string-string pairs
Details:
name: string (must be unique within table)
Port name. Should be alphanumeric and no more than about 8 bytes long. May be the
same as the interface name, for non-bonded ports. Must otherwise be unique among
the names of ports, interfaces, and bridges on a host.
interfaces: set of 1 or more Interfaces
The port’s interfaces. If there is more than one, this is a bonded Port.
VLAN Configuration:
Bridge ports support the following types of VLAN configuration:
trunk A trunk port carries packets on one or more specified VLANs specified in the
trunks column (often, on every VLAN). A packet that ingresses on a trunk
port is in the VLAN specified in its 802.1Q header, or VLAN 0 if the packet
has no 802.1Q header. A packet that egresses through a trunk port will have
an 802.1Q header if it has a nonzero VLAN ID.
Any packet that ingresses on a trunk port tagged with a VLAN that the port
does not trunk is dropped.
access An access port carries packets on exactly one VLAN specified in the tag
column. Packets egressing on an access port have no 802.1Q header.
Any packet with an 802.1Q header with a nonzero VLAN ID that ingresses on an
access port is dropped, regardless of whether the VLAN ID in the header is
the access port’s VLAN ID.
native-tagged
A native-tagged port resembles a trunk port, with the exception that a
packet without an 802.1Q header that ingresses on a native-tagged port is in
the ``native VLAN’’ (specified in the tag column).
native-untagged
A native-untagged port resembles a native-tagged port, with the exception
that a packet that egresses on a native-untagged port in the native VLAN
will not have an 802.1Q header.
A packet will only egress through bridge ports that carry the VLAN of the packet, as
described by the rules above.
vlan_mode: optional string, one of access, native-tagged, native-untagged, or trunk
The VLAN mode of the port, as described above. When this column is empty, a
default mode is selected as follows:
• If tag contains a value, the port is an access port. The trunks column
should be empty.
• Otherwise, the port is a trunk port. The trunks column value is honored if
it is present.
tag: optional integer, in range 0 to 4,095
For an access port, the port’s implicitly tagged VLAN. For a native-tagged or
native-untagged port, the port’s native VLAN. Must be empty if this is a trunk
port.
trunks: set of up to 4,096 integers, in range 0 to 4,095
For a trunk, native-tagged, or native-untagged port, the 802.1Q VLAN or VLANs that
this port trunks; if it is empty, then the port trunks all VLANs. Must be empty if
this is an access port.
A native-tagged or native-untagged port always trunks its native VLAN, regardless
of whether trunks includes that VLAN.
other_config : priority-tags: optional string, either true or false
An 802.1Q header contains two important pieces of information: a VLAN ID and a
priority. A frame with a zero VLAN ID, called a ``priority-tagged’’ frame, is
supposed to be treated the same way as a frame without an 802.1Q header at all
(except for the priority).
However, some network elements ignore any frame that has 802.1Q header at all, even
when the VLAN ID is zero. Therefore, by default Open vSwitch does not output
priority-tagged frames, instead omitting the 802.1Q header entirely if the VLAN ID
is zero. Set this key to true to enable priority-tagged frames on a port.
Regardless of this setting, Open vSwitch omits the 802.1Q header on output if both
the VLAN ID and priority would be zero.
All frames output to native-tagged ports have a nonzero VLAN ID, so this setting is
not meaningful on native-tagged ports.
Bonding Configuration:
A port that has more than one interface is a ``bonded port.’’ Bonding allows for load
balancing and fail-over.
The following types of bonding will work with any kind of upstream switch. On the
upstream switch, do not configure the interfaces as a bond:
balance-slb
Balances flows among slaves based on source MAC address and output VLAN,
with periodic rebalancing as traffic patterns change.
active-backup
Assigns all flows to one slave, failing over to a backup slave when the
active slave is disabled. This is the only bonding mode in which interfaces
may be plugged into different upstream switches.
The following modes require the upstream switch to support 802.3ad with successful LACP
negotiation:
balance-tcp
Balances flows among slaves based on L2, L3, and L4 protocol information
such as destination MAC address, IP address, and TCP port.
These columns apply only to bonded ports. Their values are otherwise ignored.
bond_mode: optional string, one of active-backup, balance-tcp, or balance-slb
The type of bonding used for a bonded port. Defaults to active-backup if unset.
other_config : bond-hash-basis: optional string, containing an integer
An integer hashed along with flows when choosing output slaves in load balanced
bonds. When changed, all flows will be assigned different hash values possibly
causing slave selection decisions to change. Does not affect bonding modes which
do not employ load balancing such as active-backup.
Link Failure Detection:
An important part of link bonding is detecting that links are down so that they may be
disabled. These settings determine how Open vSwitch detects link failure.
other_config : bond-detect-mode: optional string, either miimon or carrier
The means used to detect link failures. Defaults to carrier which uses each
interface’s carrier to detect failures. When set to miimon, will check for
failures by polling each interface’s MII.
other_config : bond-miimon-interval: optional string, containing an integer
The interval, in milliseconds, between successive attempts to poll each interface’s
MII. Relevant only when other_config:bond-detect-mode is miimon.
bond_updelay: integer
The number of milliseconds for which the link must stay up on an interface before
the interface is considered to be up. Specify 0 to enable the interface
immediately.
This setting is honored only when at least one bonded interface is already enabled.
When no interfaces are enabled, then the first bond interface to come up is enabled
immediately.
bond_downdelay: integer
The number of milliseconds for which the link must stay down on an interface before
the interface is considered to be down. Specify 0 to disable the interface
immediately.
LACP Configuration:
LACP, the Link Aggregation Control Protocol, is an IEEE standard that allows switches to
automatically detect that they are connected by multiple links and aggregate across those
links. These settings control LACP behavior.
lacp: optional string, one of active, passive, or off
Configures LACP on this port. LACP allows directly connected switches to negotiate
which links may be bonded. LACP may be enabled on non-bonded ports for the benefit
of any switches they may be connected to. active ports are allowed to initiate
LACP negotiations. passive ports are allowed to participate in LACP negotiations
initiated by a remote switch, but not allowed to initiate such negotiations
themselves. If LACP is enabled on a port whose partner switch does not support
LACP, the bond will be disabled. Defaults to off if unset.
other_config : lacp-system-id: optional string
The LACP system ID of this Port. The system ID of a LACP bond is used to identify
itself to its partners. Must be a nonzero MAC address. Defaults to the bridge
Ethernet address if unset.
other_config : lacp-system-priority: optional string, containing an integer, in range 1 to
65,535
The LACP system priority of this Port. In LACP negotiations, link status decisions
are made by the system with the numerically lower priority.
other_config : lacp-time: optional string, either slow or fast
The LACP timing which should be used on this Port. By default slow is used. When
configured to be fast LACP heartbeats are requested at a rate of once per second
causing connectivity problems to be detected more quickly. In slow mode,
heartbeats are requested at a rate of once every 30 seconds.
Rebalancing Configuration:
These settings control behavior when a bond is in balance-slb or balance-tcp mode.
other_config : bond-rebalance-interval: optional string, containing an integer, in range 0
to 10,000
For a load balanced bonded port, the number of milliseconds between successive
attempts to rebalance the bond, that is, to move flows from one interface on the
bond to another in an attempt to keep usage of each interface roughly equal. If
zero, load balancing is disabled on the bond (link failure still cause flows to
move). If less than 1000ms, the rebalance interval will be 1000ms.
bond_fake_iface: boolean
For a bonded port, whether to create a fake internal interface with the name of the
port. Use only for compatibility with legacy software that requires this.
Spanning Tree Configuration:
other_config : stp-enable: optional string, either true or false
If spanning tree is enabled on the bridge, member ports are enabled by default
(with the exception of bond, internal, and mirror ports which do not work with
STP). If this column’s value is false spanning tree is disabled on the port.
other_config : stp-port-num: optional string, containing an integer, in range 1 to 255
The port number used for the lower 8 bits of the port-id. By default, the numbers
will be assigned automatically. If any port’s number is manually configured on a
bridge, then they must all be.
other_config : stp-port-priority: optional string, containing an integer, in range 0 to
255
The port’s relative priority value for determining the root port (the upper 8 bits
of the port-id). A port with a lower port-id will be chosen as the root port. By
default, the priority is 0x80.
other_config : stp-path-cost: optional string, containing an integer, in range 0 to 65,535
Spanning tree path cost for the port. A lower number indicates a faster link. By
default, the cost is based on the maximum speed of the link.
Other Features:
qos: optional QoS
Quality of Service configuration for this port.
mac: optional string
The MAC address to use for this port for the purpose of choosing the bridge’s MAC
address. This column does not necessarily reflect the port’s actual MAC address,
nor will setting it change the port’s actual MAC address.
fake_bridge: boolean
Does this port represent a sub-bridge for its tagged VLAN within the Bridge? See
ovs-vsctl(8) for more information.
external_ids : fake-bridge-id-*: optional string
External IDs for a fake bridge (see the fake_bridge column) are defined by
prefixing a Bridge external_ids key with fake-bridge-, e.g.
fake-bridge-xs-network-uuids.
Port Status:
Status information about ports attached to bridges.
status: map of string-string pairs
Key-value pairs that report port status.
status : stp_port_id: optional string
The port-id (in hex) used in spanning tree advertisements for this port.
Configuring the port-id is described in the stp-port-num and stp-port-priority keys
of the other_config section earlier.
status : stp_state: optional string, one of disabled, forwarding, learning, listening, or
blocking
STP state of the port.
status : stp_sec_in_state: optional string, containing an integer, at least 0
The amount of time (in seconds) port has been in the current STP state.
status : stp_role: optional string, one of designated, alternate, or root
STP role of the port.
Port Statistics:
Key-value pairs that report port statistics.
Statistics: STP transmit and receive counters:
statistics : stp_tx_count: optional integer
Number of STP BPDUs sent on this port by the spanning tree library.
statistics : stp_rx_count: optional integer
Number of STP BPDUs received on this port and accepted by the spanning tree
library.
statistics : stp_error_count: optional integer
Number of bad STP BPDUs received on this port. Bad BPDUs include runt packets and
those with an unexpected protocol ID.
Common Columns:
The overall purpose of these columns is described under Common Columns at the beginning of
this document.
other_config: map of string-string pairs
external_ids: map of string-string pairs
Interface TABLE
An interface within a Port.
Summary:
Core Features:
name string (must be unique within table)
ifindex optional integer, in range 0 to 4,294,967,295
mac_in_use optional string
mac optional string
ofport optional integer
ofport_request optional integer, in range 1 to 65,279
System-Specific Details:
type string
Tunnel Options:
options : remote_ip optional string
options : local_ip optional string
options : in_key optional string
options : out_key optional string
options : key optional string
options : tos optional string
options : ttl optional string
options : df_default optional string, either true or false
Tunnel Options: gre and ipsec_gre only:
options : csum optional string, either true or false
Tunnel Options: ipsec_gre only:
options : peer_cert optional string
options : certificate optional string
options : private_key optional string
options : psk optional string
Patch Options:
options : peer optional string
Interface Status:
admin_state optional string, either down or up
link_state optional string, either down or up
link_resets optional integer
link_speed optional integer
duplex optional string, either full or half
mtu optional integer
lacp_current optional boolean
status map of string-string pairs
status : driver_name optional string
status : driver_version optional string
status : firmware_version optional string
status : source_ip optional string
status : tunnel_egress_iface
optional string
status : tunnel_egress_iface_carrier
optional string, either down or up
Statistics:
Statistics: Successful transmit and receive counters:
statistics : rx_packets optional integer
statistics : rx_bytes optional integer
statistics : tx_packets optional integer
statistics : tx_bytes optional integer
Statistics: Receive errors:
statistics : rx_dropped optional integer
statistics : rx_frame_err
optional integer
statistics : rx_over_err optional integer
statistics : rx_crc_err optional integer
statistics : rx_errors optional integer
Statistics: Transmit errors:
statistics : tx_dropped optional integer
statistics : collisions optional integer
statistics : tx_errors optional integer
Ingress Policing:
ingress_policing_rate integer, at least 0
ingress_policing_burst integer, at least 0
Bidirectional Forwarding Detection (BFD):
bfd : enable optional string
bfd : min_rx optional string, containing an integer, at least 1
bfd : min_tx optional string, containing an integer, at least 1
bfd : decay_min_rx optional string, containing an integer
bfd : forwarding_if_rx optional string, either true or false
bfd : cpath_down optional string, either true or false
bfd : check_tnl_key optional string, either true or false
bfd : bfd_dst_mac optional string
bfd_status : state optional string, one of down, init, up, or admin_down
bfd_status : forwarding optional string, either true or false
bfd_status : diagnostic optional string
bfd_status : remote_state optional string, one of down, init, up, or admin_down
bfd_status : remote_diagnostic
optional string
Connectivity Fault Management:
cfm_mpid optional integer
cfm_fault optional boolean
cfm_fault_status : recv none
cfm_fault_status : rdi none
cfm_fault_status : maid none
cfm_fault_status : loopback
none
cfm_fault_status : overflow
none
cfm_fault_status : override
none
cfm_fault_status : interval
none
cfm_remote_opstate optional string, either down or up
cfm_health optional integer, in range 0 to 100
cfm_remote_mpids set of integers
other_config : cfm_interval
optional string, containing an integer
other_config : cfm_extended
optional string, either true or false
other_config : cfm_demand optional string, either true or false
other_config : cfm_opstate optional string, either down or up
other_config : cfm_ccm_vlan
optional string, containing an integer, in range 1 to 4,095
other_config : cfm_ccm_pcp optional string, containing an integer, in range 1 to 7
Bonding Configuration:
other_config : lacp-port-id
optional string, containing an integer, in range 1 to 65,535
other_config : lacp-port-priority
optional string, containing an integer, in range 1 to 65,535
other_config : lacp-aggregation-key
optional string, containing an integer, in range 1 to 65,535
Virtual Machine Identifiers:
external_ids : attached-mac
optional string
external_ids : iface-id optional string
external_ids : iface-status
optional string, either active or inactive
external_ids : xs-vif-uuid optional string
external_ids : xs-network-uuid
optional string
external_ids : vm-id optional string
external_ids : xs-vm-uuid optional string
VLAN Splinters:
other_config : enable-vlan-splinters
optional string, either true or false
Common Columns:
other_config map of string-string pairs
external_ids map of string-string pairs
Details:
Core Features:
name: string (must be unique within table)
Interface name. Should be alphanumeric and no more than about 8 bytes long. May
be the same as the port name, for non-bonded ports. Must otherwise be unique among
the names of ports, interfaces, and bridges on a host.
ifindex: optional integer, in range 0 to 4,294,967,295
A positive interface index as defined for SNMP MIB-II in RFCs 1213 and 2863, if the
interface has one, otherwise 0. The ifindex is useful for seamless integration
with protocols such as SNMP and sFlow.
mac_in_use: optional string
The MAC address in use by this interface.
mac: optional string
Ethernet address to set for this interface. If unset then the default MAC address
is used:
• For the local interface, the default is the lowest-numbered MAC address
among the other bridge ports, either the value of the mac in its Port
record, if set, or its actual MAC (for bonded ports, the MAC of its slave
whose name is first in alphabetical order). Internal ports and bridge ports
that are used as port mirroring destinations (see the Mirror table) are
ignored.
• For other internal interfaces, the default MAC is randomly generated.
• External interfaces typically have a MAC address associated with their
hardware.
Some interfaces may not have a software-controllable MAC address.
ofport: optional integer
OpenFlow port number for this interface. Unlike most columns, this column’s value
should be set only by Open vSwitch itself. Other clients should set this column to
an empty set (the default) when creating an Interface.
Open vSwitch populates this column when the port number becomes known. If the
interface is successfully added, ofport will be set to a number between 1 and 65535
(generally either in the range 1 to 65279, inclusive, or 65534, the port number for
the OpenFlow ``local port’’). If the interface cannot be added then Open vSwitch
sets this column to -1.
When ofport_request is not set, Open vSwitch picks an appropriate value for this
column and then tries to keep the value constant across restarts.
ofport_request: optional integer, in range 1 to 65,279
Requested OpenFlow port number for this interface. The port number must be between
1 and 65279, inclusive. Some datapaths cannot satisfy all requests for particular
port numbers. When this column is empty or the request cannot be fulfilled, the
system will choose a free port. The ofport column reports the assigned OpenFlow
port number.
The port number must be requested in the same transaction that creates the port.
System-Specific Details:
type: string
The interface type, one of:
system An ordinary network device, e.g. eth0 on Linux. Sometimes referred to as
``external interfaces’’ since they are generally connected to hardware
external to that on which the Open vSwitch is running. The empty string is
a synonym for system.
internal
A simulated network device that sends and receives traffic. An internal
interface whose name is the same as its bridge’s name is called the ``local
interface.’’ It does not make sense to bond an internal interface, so the
terms ``port’’ and ``interface’’ are often used imprecisely for internal
interfaces.
tap A TUN/TAP device managed by Open vSwitch.
gre An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4 tunnel.
ipsec_gre
An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4 IPsec
tunnel.
gre64 It is same as GRE, but it allows 64 bit key. To store higher 32-bits of key,
it uses GRE protocol sequence number field. This is non standard use of GRE
protocol since OVS does not increment sequence number for every packet at
time of encap as expected by standard GRE implementation. See Tunnel Options
for information on configuring GRE tunnels.
ipsec_gre64
Same as IPSEC_GRE except 64 bit key.
vxlan An Ethernet tunnel over the experimental, UDP-based VXLAN protocol described
at http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-03.
Open vSwitch uses UDP destination port 4789. The source port used for VXLAN
traffic varies on a per-flow basis and is in the ephemeral port range.
lisp A layer 3 tunnel over the experimental, UDP-based Locator/ID Separation
Protocol (RFC 6830).
patch A pair of virtual devices that act as a patch cable.
null An ignored interface. Deprecated and slated for removal in February 2013.
Tunnel Options:
These options apply to interfaces with type of gre, ipsec_gre, gre64, ipsec_gre64, vxlan,
and lisp.
Each tunnel must be uniquely identified by the combination of type, options:remote_ip,
options:local_ip, and options:in_key. If two ports are defined that are the same except
one has an optional identifier and the other does not, the more specific one is matched
first. options:in_key is considered more specific than options:local_ip if a port defines
one and another port defines the other.
options : remote_ip: optional string
Required. The remote tunnel endpoint, one of:
• An IPv4 address (not a DNS name), e.g. 192.168.0.123. Only unicast
endpoints are supported.
• The word flow. The tunnel accepts packets from any remote tunnel endpoint.
To process only packets from a specific remote tunnel endpoint, the flow
entries may match on the tun_src field. When sending packets to a
remote_ip=flow tunnel, the flow actions must explicitly set the tun_dst
field to the IP address of the desired remote tunnel endpoint, e.g. with a
set_field action.
The remote tunnel endpoint for any packet received from a tunnel is available in
the tun_src field for matching in the flow table.
options : local_ip: optional string
Optional. The tunnel destination IP that received packets must match. Default is
to match all addresses. If specified, may be one of:
• An IPv4 address (not a DNS name), e.g. 192.168.12.3.
• The word flow. The tunnel accepts packets sent to any of the local IP
addresses of the system running OVS. To process only packets sent to a
specific IP address, the flow entries may match on the tun_dst field. When
sending packets to a local_ip=flow tunnel, the flow actions may explicitly
set the tun_src field to the desired IP address, e.g. with a set_field
action. However, while routing the tunneled packet out, the local system
may override the specified address with the local IP address configured for
the outgoing system interface.
This option is valid only for tunnels also configured with the
remote_ip=flow option.
The tunnel destination IP address for any packet received from a tunnel is
available in the tun_dst field for matching in the flow table.
options : in_key: optional string
Optional. The key that received packets must contain, one of:
• 0. The tunnel receives packets with no key or with a key of 0. This is
equivalent to specifying no options:in_key at all.
• A positive 24-bit (for VXLAN and LISP), 32-bit (for GRE) or 64-bit (for
GRE64) number. The tunnel receives only packets with the specified key.
• The word flow. The tunnel accepts packets with any key. The key will be
placed in the tun_id field for matching in the flow table. The ovs-ofctl
manual page contains additional information about matching fields in
OpenFlow flows.
options : out_key: optional string
Optional. The key to be set on outgoing packets, one of:
• 0. Packets sent through the tunnel will have no key. This is equivalent to
specifying no options:out_key at all.
• A positive 24-bit (for VXLAN and LISP), 32-bit (for GRE) or 64-bit (for
GRE64) number. Packets sent through the tunnel will have the specified key.
• The word flow. Packets sent through the tunnel will have the key set using
the set_tunnel Nicira OpenFlow vendor extension (0 is used in the absence of
an action). The ovs-ofctl manual page contains additional information about
the Nicira OpenFlow vendor extensions.
options : key: optional string
Optional. Shorthand to set in_key and out_key at the same time.
options : tos: optional string
Optional. The value of the ToS bits to be set on the encapsulating packet. ToS is
interpreted as DSCP and ECN bits, ECN part must be zero. It may also be the word
inherit, in which case the ToS will be copied from the inner packet if it is IPv4
or IPv6 (otherwise it will be 0). The ECN fields are always inherited. Default is
0.
options : ttl: optional string
Optional. The TTL to be set on the encapsulating packet. It may also be the word
inherit, in which case the TTL will be copied from the inner packet if it is IPv4
or IPv6 (otherwise it will be the system default, typically 64). Default is the
system default TTL.
options : df_default: optional string, either true or false
Optional. If enabled, the Don’t Fragment bit will be set on tunnel outer headers
to allow path MTU discovery. Default is enabled; set to false to disable.
Tunnel Options: gre and ipsec_gre only:
Only gre and ipsec_gre interfaces support these options.
options : csum: optional string, either true or false
Optional. Compute GRE checksums on outgoing packets. Default is disabled, set to
true to enable. Checksums present on incoming packets will be validated regardless
of this setting.
GRE checksums impose a significant performance penalty because they cover the
entire packet. The encapsulated L3, L4, and L7 packet contents typically have
their own checksums, so this additional checksum only adds value for the GRE and
encapsulated L2 headers.
This option is supported for ipsec_gre, but not useful because GRE checksums are
weaker than, and redundant with, IPsec payload authentication.
Tunnel Options: ipsec_gre only:
Only ipsec_gre interfaces support these options.
options : peer_cert: optional string
Required for certificate authentication. A string containing the peer’s
certificate in PEM format. Additionally the host’s certificate must be specified
with the certificate option.
options : certificate: optional string
Required for certificate authentication. The name of a PEM file containing a
certificate that will be presented to the peer during authentication.
options : private_key: optional string
Optional for certificate authentication. The name of a PEM file containing the
private key associated with certificate. If certificate contains the private key,
this option may be omitted.
options : psk: optional string
Required for pre-shared key authentication. Specifies a pre-shared key for
authentication that must be identical on both sides of the tunnel.
Patch Options:
Only patch interfaces support these options.
options : peer: optional string
The name of the Interface for the other side of the patch. The named Interface’s
own peer option must specify this Interface’s name. That is, the two patch
interfaces must have reversed name and peer values.
Interface Status:
Status information about interfaces attached to bridges, updated every 5 seconds. Not all
interfaces have all of these properties; virtual interfaces don’t have a link speed, for
example. Non-applicable columns will have empty values.
admin_state: optional string, either down or up
The administrative state of the physical network link.
link_state: optional string, either down or up
The observed state of the physical network link. This is ordinarily the link’s
carrier status. If the interface’s Port is a bond configured for miimon
monitoring, it is instead the network link’s miimon status.
link_resets: optional integer
The number of times Open vSwitch has observed the link_state of this Interface
change.
link_speed: optional integer
The negotiated speed of the physical network link. Valid values are positive
integers greater than 0.
duplex: optional string, either full or half
The duplex mode of the physical network link.
mtu: optional integer
The MTU (maximum transmission unit); i.e. the largest amount of data that can fit
into a single Ethernet frame. The standard Ethernet MTU is 1500 bytes. Some
physical media and many kinds of virtual interfaces can be configured with higher
MTUs.
This column will be empty for an interface that does not have an MTU as, for
example, some kinds of tunnels do not.
lacp_current: optional boolean
Boolean value indicating LACP status for this interface. If true, this interface
has current LACP information about its LACP partner. This information may be used
to monitor the health of interfaces in a LACP enabled port. This column will be
empty if LACP is not enabled.
status: map of string-string pairs
Key-value pairs that report port status. Supported status values are type-
dependent; some interfaces may not have a valid status:driver_name, for example.
status : driver_name: optional string
The name of the device driver controlling the network adapter.
status : driver_version: optional string
The version string of the device driver controlling the network adapter.
status : firmware_version: optional string
The version string of the network adapter’s firmware, if available.
status : source_ip: optional string
The source IP address used for an IPv4 tunnel end-point, such as gre.
status : tunnel_egress_iface: optional string
Egress interface for tunnels. Currently only relevant for GRE tunnels On Linux
systems, this column will show the name of the interface which is responsible for
routing traffic destined for the configured options:remote_ip. This could be an
internal interface such as a bridge port.
status : tunnel_egress_iface_carrier: optional string, either down or up
Whether carrier is detected on status:tunnel_egress_iface.
Statistics:
Key-value pairs that report interface statistics. The current implementation updates
these counters periodically. Future implementations may update them when an interface is
created, when they are queried (e.g. using an OVSDB select operation), and just before an
interface is deleted due to virtual interface hot-unplug or VM shutdown, and perhaps at
other times, but not on any regular periodic basis.
These are the same statistics reported by OpenFlow in its struct ofp_port_stats structure.
If an interface does not support a given statistic, then that pair is omitted.
Statistics: Successful transmit and receive counters:
statistics : rx_packets: optional integer
Number of received packets.
statistics : rx_bytes: optional integer
Number of received bytes.
statistics : tx_packets: optional integer
Number of transmitted packets.
statistics : tx_bytes: optional integer
Number of transmitted bytes.
Statistics: Receive errors:
statistics : rx_dropped: optional integer
Number of packets dropped by RX.
statistics : rx_frame_err: optional integer
Number of frame alignment errors.
statistics : rx_over_err: optional integer
Number of packets with RX overrun.
statistics : rx_crc_err: optional integer
Number of CRC errors.
statistics : rx_errors: optional integer
Total number of receive errors, greater than or equal to the sum of the above.
Statistics: Transmit errors:
statistics : tx_dropped: optional integer
Number of packets dropped by TX.
statistics : collisions: optional integer
Number of collisions.
statistics : tx_errors: optional integer
Total number of transmit errors, greater than or equal to the sum of the above.
Ingress Policing:
These settings control ingress policing for packets received on this interface. On a
physical interface, this limits the rate at which traffic is allowed into the system from
the outside; on a virtual interface (one connected to a virtual machine), this limits the
rate at which the VM is able to transmit.
Policing is a simple form of quality-of-service that simply drops packets received in
excess of the configured rate. Due to its simplicity, policing is usually less accurate
and less effective than egress QoS (which is configured using the QoS and Queue tables).
Policing is currently implemented only on Linux. The Linux implementation uses a simple
``token bucket’’ approach:
• The size of the bucket corresponds to ingress_policing_burst. Initially the
bucket is full.
• Whenever a packet is received, its size (converted to tokens) is compared to
the number of tokens currently in the bucket. If the required number of
tokens are available, they are removed and the packet is forwarded.
Otherwise, the packet is dropped.
• Whenever it is not full, the bucket is refilled with tokens at the rate
specified by ingress_policing_rate.
Policing interacts badly with some network protocols, and especially with fragmented IP
packets. Suppose that there is enough network activity to keep the bucket nearly empty
all the time. Then this token bucket algorithm will forward a single packet every so
often, with the period depending on packet size and on the configured rate. All of the
fragments of an IP packets are normally transmitted back-to-back, as a group. In such a
situation, therefore, only one of these fragments will be forwarded and the rest will be
dropped. IP does not provide any way for the intended recipient to ask for only the
remaining fragments. In such a case there are two likely possibilities for what will
happen next: either all of the fragments will eventually be retransmitted (as TCP will
do), in which case the same problem will recur, or the sender will not realize that its
packet has been dropped and data will simply be lost (as some UDP-based protocols will
do). Either way, it is possible that no forward progress will ever occur.
ingress_policing_rate: integer, at least 0
Maximum rate for data received on this interface, in kbps. Data received faster
than this rate is dropped. Set to 0 (the default) to disable policing.
ingress_policing_burst: integer, at least 0
Maximum burst size for data received on this interface, in kb. The default burst
size if set to 0 is 1000 kb. This value has no effect if ingress_policing_rate is
0.
Specifying a larger burst size lets the algorithm be more forgiving, which is
important for protocols like TCP that react severely to dropped packets. The burst
size should be at least the size of the interface’s MTU. Specifying a value that
is numerically at least as large as 10% of ingress_policing_rate helps TCP come
closer to achieving the full rate.
Bidirectional Forwarding Detection (BFD):
BFD, defined in RFC 5880 and RFC 5881, allows point to point detection of connectivity
failures by occasional transmission of BFD control messages. It is implemented in Open
vSwitch to serve as a more popular and standards compliant alternative to CFM.
BFD operates by regularly transmitting BFD control messages at a rate negotiated
independently in each direction. Each endpoint specifies the rate at which it expects to
receive control messages, and the rate at which it’s willing to transmit them. Open
vSwitch uses a detection multiplier of three, meaning that an endpoint which fails to
receive BFD control messages for a period of three times the expected reception rate, will
signal a connectivity fault. In the case of a unidirectional connectivity issue, the
system not receiving BFD control messages will signal the problem to its peer in the
messages it transmits.
The Open vSwitch implementation of BFD aims to comply faithfully with the requirements put
forth in RFC 5880. Currently, the only known omission is ``Demand Mode’’, which we hope
to include in future. Open vSwitch does not implement the optional Authentication or
``Echo Mode’’ features.
bfd : enable: optional string
When true BFD is enabled on this Interface, otherwise it’s disabled. Defaults to
false.
bfd : min_rx: optional string, containing an integer, at least 1
The fastest rate, in milliseconds, at which this BFD session is willing to receive
BFD control messages. The actual rate may be slower if the remote endpoint isn’t
willing to transmit as quickly as specified. Defaults to 1000.
bfd : min_tx: optional string, containing an integer, at least 1
The fastest rate, in milliseconds, at which this BFD session is willing to transmit
BFD control messages. The actual rate may be slower if the remote endpoint isn’t
willing to receive as quickly as specified. Defaults to 100.
bfd : decay_min_rx: optional string, containing an integer
decay_min_rx is used to set the min_rx, when there is no obvious incoming data
traffic at the interface. It cannot be set less than the min_rx. The decay feature
is disabled by setting the decay_min_rx to 0. And the feature is reset everytime
itself or min_rx is reconfigured.
bfd : forwarding_if_rx: optional string, either true or false
When forwarding_if_rx is true the interface will be considered capable of packet
I/O as long as there is packet received at interface. This is important in that
when link becomes temporarily conjested, consecutive BFD control packets can be
lost. And the forwarding_if_rx can prevent link failover by detecting non-control
packets received at interface.
bfd : cpath_down: optional string, either true or false
Concatenated path down may be used when the local system should not have traffic
forwarded to it for some reason other than a connectivty failure on the interface
being monitored. When a controller thinks this may be the case, it may set
cpath_down to true which may cause the remote BFD session not to forward traffic to
this Interface. Defaults to false.
bfd : check_tnl_key: optional string, either true or false
When set to true, Check Tunnel Key will make BFD only accept control messages with
an in_key of zero. Defaults to false.
bfd : bfd_dst_mac: optional string
An Ethernet address in the form xx:xx:xx:xx:xx:xx to set the destination mac
address of the bfd packet. If this field is set, it is assumed that all the bfd
packets destined to this interface also has the same destination mac address. If
not set, a default value of 00:23:20:00:00:01 is used.
bfd_status : state: optional string, one of down, init, up, or admin_down
State of the BFD session. The BFD session is fully healthy and negotiated if UP.
bfd_status : forwarding: optional string, either true or false
True if the BFD session believes this Interface may be used to forward traffic.
Typically this means the local session is signaling UP, and the remote system isn’t
signaling a problem such as concatenated path down.
bfd_status : diagnostic: optional string
A short message indicating what the BFD session thinks is wrong in case of a
problem.
bfd_status : remote_state: optional string, one of down, init, up, or admin_down
State of the remote endpoint’s BFD session.
bfd_status : remote_diagnostic: optional string
A short message indicating what the remote endpoint’s BFD session thinks is wrong
in case of a problem.
Connectivity Fault Management:
802.1ag Connectivity Fault Management (CFM) allows a group of Maintenance Points (MPs)
called a Maintenance Association (MA) to detect connectivity problems with each other.
MPs within a MA should have complete and exclusive interconnectivity. This is verified by
occasionally broadcasting Continuity Check Messages (CCMs) at a configurable transmission
interval.
According to the 802.1ag specification, each Maintenance Point should be configured out-
of-band with a list of Remote Maintenance Points it should have connectivity to. Open
vSwitch differs from the specification in this area. It simply assumes the link is
faulted if no Remote Maintenance Points are reachable, and considers it not faulted
otherwise.
When operating over tunnels which have no in_key, or an in_key of flow. CFM will only
accept CCMs with a tunnel key of zero.
cfm_mpid: optional integer
A Maintenance Point ID (MPID) uniquely identifies each endpoint within a
Maintenance Association. The MPID is used to identify this endpoint to other
Maintenance Points in the MA. Each end of a link being monitored should have a
different MPID. Must be configured to enable CFM on this Interface.
cfm_fault: optional boolean
Indicates a connectivity fault triggered by an inability to receive heartbeats from
any remote endpoint. When a fault is triggered on Interfaces participating in
bonds, they will be disabled.
Faults can be triggered for several reasons. Most importantly they are triggered
when no CCMs are received for a period of 3.5 times the transmission interval.
Faults are also triggered when any CCMs indicate that a Remote Maintenance Point is
not receiving CCMs but able to send them. Finally, a fault is triggered if a CCM
is received which indicates unexpected configuration. Notably, this case arises
when a CCM is received which advertises the local MPID.
cfm_fault_status : recv: none
Indicates a CFM fault was triggered due to a lack of CCMs received on the
Interface.
cfm_fault_status : rdi: none
Indicates a CFM fault was triggered due to the reception of a CCM with the RDI bit
flagged. Endpoints set the RDI bit in their CCMs when they are not receiving CCMs
themselves. This typically indicates a unidirectional connectivity failure.
cfm_fault_status : maid: none
Indicates a CFM fault was triggered due to the reception of a CCM with a MAID other
than the one Open vSwitch uses. CFM broadcasts are tagged with an identification
number in addition to the MPID called the MAID. Open vSwitch only supports
receiving CCM broadcasts tagged with the MAID it uses internally.
cfm_fault_status : loopback: none
Indicates a CFM fault was triggered due to the reception of a CCM advertising the
same MPID configured in the cfm_mpid column of this Interface. This may indicate a
loop in the network.
cfm_fault_status : overflow: none
Indicates a CFM fault was triggered because the CFM module received CCMs from more
remote endpoints than it can keep track of.
cfm_fault_status : override: none
Indicates a CFM fault was manually triggered by an administrator using an
ovs-appctl command.
cfm_fault_status : interval: none
Indicates a CFM fault was triggered due to the reception of a CCM frame having an
invalid interval.
cfm_remote_opstate: optional string, either down or up
When in extended mode, indicates the operational state of the remote endpoint as
either up or down. See other_config:cfm_opstate.
cfm_health: optional integer, in range 0 to 100
Indicates the health of the interface as a percentage of CCM frames received over
21 other_config:cfm_intervals. The health of an interface is undefined if it is
communicating with more than one cfm_remote_mpids. It reduces if healthy
heartbeats are not received at the expected rate, and gradually improves as healthy
heartbeats are received at the desired rate. Every 21 other_config:cfm_intervals,
the health of the interface is refreshed.
As mentioned above, the faults can be triggered for several reasons. The link
health will deteriorate even if heartbeats are received but they are reported to be
unhealthy. An unhealthy heartbeat in this context is a heartbeat for which either
some fault is set or is out of sequence. The interface health can be 100 only on
receiving healthy heartbeats at the desired rate.
cfm_remote_mpids: set of integers
When CFM is properly configured, Open vSwitch will occasionally receive CCM
broadcasts. These broadcasts contain the MPID of the sending Maintenance Point.
The list of MPIDs from which this Interface is receiving broadcasts from is
regularly collected and written to this column.
other_config : cfm_interval: optional string, containing an integer
The interval, in milliseconds, between transmissions of CFM heartbeats. Three
missed heartbeat receptions indicate a connectivity fault.
In standard operation only intervals of 3, 10, 100, 1,000, 10,000, 60,000, or
600,000 ms are supported. Other values will be rounded down to the nearest value
on the list. Extended mode (see other_config:cfm_extended) supports any interval
up to 65,535 ms. In either mode, the default is 1000 ms.
We do not recommend using intervals less than 100 ms.
other_config : cfm_extended: optional string, either true or false
When true, the CFM module operates in extended mode. This causes it to use a
nonstandard destination address to avoid conflicting with compliant implementations
which may be running concurrently on the network. Furthermore, extended mode
increases the accuracy of the cfm_interval configuration parameter by breaking wire
compatibility with 802.1ag compliant implementations. Defaults to false.
other_config : cfm_demand: optional string, either true or false
When true, and other_config:cfm_extended is true, the CFM module operates in demand
mode. When in demand mode, traffic received on the Interface is used to indicate
liveness. CCMs are still transmitted and received, but if the Interface is
receiving traffic, their absence does not cause a connectivity fault.
Demand mode has a couple of caveats:
• To ensure that ovs-vswitchd has enough time to pull statistics from the
datapath, the fault detection interval is set to 3.5 *
MAX(other_config:cfm_interval, 500) ms.
• To avoid ambiguity, demand mode disables itself when there are multiple
remote maintenance points.
• If the Interface is heavily congested, CCMs containing the
other_config:cfm_opstate status may be dropped causing changes in the
operational state to be delayed. Similarly, if CCMs containing the RDI bit
are not received, unidirectional link failures may not be detected.
other_config : cfm_opstate: optional string, either down or up
When down, the CFM module marks all CCMs it generates as operationally down without
triggering a fault. This allows remote maintenance points to choose not to forward
traffic to the Interface on which this CFM module is running. Currently, in Open
vSwitch, the opdown bit of CCMs affects Interfaces participating in bonds, and the
bundle OpenFlow action. This setting is ignored when CFM is not in extended mode.
Defaults to up.
other_config : cfm_ccm_vlan: optional string, containing an integer, in range 1 to 4,095
When set, the CFM module will apply a VLAN tag to all CCMs it generates with the
given value. May be the string random in which case each CCM will be tagged with a
different randomly generated VLAN.
other_config : cfm_ccm_pcp: optional string, containing an integer, in range 1 to 7
When set, the CFM module will apply a VLAN tag to all CCMs it generates with the
given PCP value, the VLAN ID of the tag is governed by the value of
other_config:cfm_ccm_vlan. If other_config:cfm_ccm_vlan is unset, a VLAN ID of zero
is used.
Bonding Configuration:
other_config : lacp-port-id: optional string, containing an integer, in range 1 to 65,535
The LACP port ID of this Interface. Port IDs are used in LACP negotiations to
identify individual ports participating in a bond.
other_config : lacp-port-priority: optional string, containing an integer, in range 1 to
65,535
The LACP port priority of this Interface. In LACP negotiations Interfaces with
numerically lower priorities are preferred for aggregation.
other_config : lacp-aggregation-key: optional string, containing an integer, in range 1 to
65,535
The LACP aggregation key of this Interface. Interfaces with different aggregation
keys may not be active within a given Port at the same time.
Virtual Machine Identifiers:
These key-value pairs specifically apply to an interface that represents a virtual
Ethernet interface connected to a virtual machine. These key-value pairs should not be
present for other types of interfaces. Keys whose names end in -uuid have values that
uniquely identify the entity in question. For a Citrix XenServer hypervisor, these values
are UUIDs in RFC 4122 format. Other hypervisors may use other formats.
external_ids : attached-mac: optional string
The MAC address programmed into the ``virtual hardware’’ for this interface, in the
form xx:xx:xx:xx:xx:xx. For Citrix XenServer, this is the value of the MAC field
in the VIF record for this interface.
external_ids : iface-id: optional string
A system-unique identifier for the interface. On XenServer, this will commonly be
the same as external_ids:xs-vif-uuid.
external_ids : iface-status: optional string, either active or inactive
Hypervisors may sometimes have more than one interface associated with a given
external_ids:iface-id, only one of which is actually in use at a given time. For
example, in some circumstances XenServer has both a ``tap’’ and a ``vif’’ interface
for a single external_ids:iface-id, but only uses one of them at a time. A
hypervisor that behaves this way must mark the currently in use interface active
and the others inactive. A hypervisor that never has more than one interface for a
given external_ids:iface-id may mark that interface active or omit
external_ids:iface-status entirely.
During VM migration, a given external_ids:iface-id might transiently be marked
active on two different hypervisors. That is, active means that this
external_ids:iface-id is the active instance within a single hypervisor, not in a
broader scope. There is one exception: some hypervisors support ``migration’’ from
a given hypervisor to itself (most often for test purposes). During such a
``migration,’’ two instances of a single external_ids:iface-id might both be
briefly marked active on a single hypervisor.
external_ids : xs-vif-uuid: optional string
The virtual interface associated with this interface.
external_ids : xs-network-uuid: optional string
The virtual network to which this interface is attached.
external_ids : vm-id: optional string
The VM to which this interface belongs. On XenServer, this will be the same as
external_ids:xs-vm-uuid.
external_ids : xs-vm-uuid: optional string
The VM to which this interface belongs.
VLAN Splinters:
The ``VLAN splinters’’ feature increases Open vSwitch compatibility with buggy network
drivers in old versions of Linux that do not properly support VLANs when VLAN devices are
not used, at some cost in memory and performance.
When VLAN splinters are enabled on a particular interface, Open vSwitch creates a VLAN
device for each in-use VLAN. For sending traffic tagged with a VLAN on the interface, it
substitutes the VLAN device. Traffic received on the VLAN device is treated as if it had
been received on the interface on the particular VLAN.
VLAN splinters consider a VLAN to be in use if:
• The VLAN is the tag value in any Port record.
• The VLAN is listed within the trunks column of the Port record of an
interface on which VLAN splinters are enabled. An empty trunks does not
influence the in-use VLANs: creating 4,096 VLAN devices is impractical
because it will exceed the current 1,024 port per datapath limit.
• An OpenFlow flow within any bridge matches the VLAN.
The same set of in-use VLANs applies to every interface on which VLAN splinters are
enabled. That is, the set is not chosen separately for each interface but selected once
as the union of all in-use VLANs based on the rules above.
It does not make sense to enable VLAN splinters on an interface for an access port, or on
an interface that is not a physical port.
VLAN splinters are deprecated. When broken device drivers are no longer in widespread
use, we will delete this feature.
other_config : enable-vlan-splinters: optional string, either true or false
Set to true to enable VLAN splinters on this interface. Defaults to false.
VLAN splinters increase kernel and userspace memory overhead, so do not use them
unless they are needed.
VLAN splinters do not support 802.1p priority tags. Received priorities will
appear to be 0, regardless of their actual values, and priorities on transmitted
packets will also be cleared to 0.
Common Columns:
The overall purpose of these columns is described under Common Columns at the beginning of
this document.
other_config: map of string-string pairs
external_ids: map of string-string pairs
Flow_Table TABLE
Configuration for a particular OpenFlow table.
Summary:
name optional string
flow_limit optional integer, at least 0
overflow_policy optional string, either refuse or evict
groups set of strings
Details:
name: optional string
The table’s name. Set this column to change the name that controllers will receive
when they request table statistics, e.g. ovs-ofctl dump-tables. The name does not
affect switch behavior.
flow_limit: optional integer, at least 0
If set, limits the number of flows that may be added to the table. Open vSwitch
may limit the number of flows in a table for other reasons, e.g. due to hardware
limitations or for resource availability or performance reasons.
overflow_policy: optional string, either refuse or evict
Controls the switch’s behavior when an OpenFlow flow table modification request
would add flows in excess of flow_limit. The supported values are:
refuse Refuse to add the flow or flows. This is also the default policy when
overflow_policy is unset.
evict Delete the flow that will expire soonest. See groups for details.
groups: set of strings
When overflow_policy is evict, this controls how flows are chosen for eviction when
the flow table would otherwise exceed flow_limit flows. Its value is a set of NXM
fields or sub-fields, each of which takes one of the forms field[] or
field[start..end], e.g. NXM_OF_IN_PORT[]. Please see nicira-ext.h for a complete
list of NXM field names.
When a flow must be evicted due to overflow, the flow to evict is chosen through an
approximation of the following algorithm:
1.
Divide the flows in the table into groups based on the values of the specified
fields or subfields, so that all of the flows in a given group have the same
values for those fields. If a flow does not specify a given field, that field’s
value is treated as 0.
2.
Consider the flows in the largest group, that is, the group that contains the
greatest number of flows. If two or more groups all have the same largest number
of flows, consider the flows in all of those groups.
3.
Among the flows under consideration, choose the flow that expires soonest for
eviction.
The eviction process only considers flows that have an idle timeout or a hard
timeout. That is, eviction never deletes permanent flows. (Permanent flows do
count against flow_limit.)
Open vSwitch ignores any invalid or unknown field specifications.
When overflow_policy is not evict, this column has no effect.
QoS TABLE
Quality of Service (QoS) configuration for each Port that references it.
Summary:
type string
queues map of integer-Queue pairs, key in range 0 to 4,294,967,295
Configuration for linux-htb and linux-hfsc:
other_config : max-rate optional string, containing an integer
Common Columns:
other_config map of string-string pairs
external_ids map of string-string pairs
Details:
type: string
The type of QoS to implement. The currently defined types are listed below:
linux-htb
Linux ``hierarchy token bucket’’ classifier. See tc-htb(8) (also at
http://linux.die.net/man/8/tc-htb) and the HTB manual
(http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm) for information on how
this classifier works and how to configure it.
linux-hfsc
Linux "Hierarchical Fair Service Curve" classifier. See
http://linux-ip.net/articles/hfsc.en/ for information on how this classifier
works.
queues: map of integer-Queue pairs, key in range 0 to 4,294,967,295
A map from queue numbers to Queue records. The supported range of queue numbers
depend on type. The queue numbers are the same as the queue_id used in OpenFlow in
struct ofp_action_enqueue and other structures.
Queue 0 is the ``default queue.’’ It is used by OpenFlow output actions when no
specific queue has been set. When no configuration for queue 0 is present, it is
automatically configured as if a Queue record with empty dscp and other_config
columns had been specified. (Before version 1.6, Open vSwitch would leave queue 0
unconfigured in this case. With some queuing disciplines, this dropped all packets
destined for the default queue.)
Configuration for linux-htb and linux-hfsc:
The linux-htb and linux-hfsc classes support the following key-value pair:
other_config : max-rate: optional string, containing an integer
Maximum rate shared by all queued traffic, in bit/s. Optional. If not specified,
for physical interfaces, the default is the link rate. For other interfaces or if
the link rate cannot be determined, the default is currently 100 Mbps.
Common Columns:
The overall purpose of these columns is described under Common Columns at the beginning of
this document.
other_config: map of string-string pairs
external_ids: map of string-string pairs
Queue TABLE
A configuration for a port output queue, used in configuring Quality of Service (QoS)
features. May be referenced by queues column in QoS table.
Summary:
dscp optional integer, in range 0 to 63
Configuration for linux-htb QoS:
other_config : min-rate optional string, containing an integer, at least 1
other_config : max-rate optional string, containing an integer, at least 1
other_config : burst optional string, containing an integer, at least 1
other_config : priority optional string, containing an integer, in range 0 to
4,294,967,295
Configuration for linux-hfsc QoS:
other_config : min-rate optional string, containing an integer, at least 1
other_config : max-rate optional string, containing an integer, at least 1
Common Columns:
other_config map of string-string pairs
external_ids map of string-string pairs
Details:
dscp: optional integer, in range 0 to 63
If set, Open vSwitch will mark all traffic egressing this Queue with the given DSCP
bits. Traffic egressing the default Queue is only marked if it was explicitly
selected as the Queue at the time the packet was output. If unset, the DSCP bits
of traffic egressing this Queue will remain unchanged.
Configuration for linux-htb QoS:
QoS type linux-htb may use queue_ids less than 61440. It has the following key-value
pairs defined.
other_config : min-rate: optional string, containing an integer, at least 1
Minimum guaranteed bandwidth, in bit/s.
other_config : max-rate: optional string, containing an integer, at least 1
Maximum allowed bandwidth, in bit/s. Optional. If specified, the queue’s rate
will not be allowed to exceed the specified value, even if excess bandwidth is
available. If unspecified, defaults to no limit.
other_config : burst: optional string, containing an integer, at least 1
Burst size, in bits. This is the maximum amount of ``credits’’ that a queue can
accumulate while it is idle. Optional. Details of the linux-htb implementation
require a minimum burst size, so a too-small burst will be silently ignored.
other_config : priority: optional string, containing an integer, in range 0 to
4,294,967,295
A queue with a smaller priority will receive all the excess bandwidth that it can
use before a queue with a larger value receives any. Specific priority values are
unimportant; only relative ordering matters. Defaults to 0 if unspecified.
Configuration for linux-hfsc QoS:
QoS type linux-hfsc may use queue_ids less than 61440. It has the following key-value
pairs defined.
other_config : min-rate: optional string, containing an integer, at least 1
Minimum guaranteed bandwidth, in bit/s.
other_config : max-rate: optional string, containing an integer, at least 1
Maximum allowed bandwidth, in bit/s. Optional. If specified, the queue’s rate
will not be allowed to exceed the specified value, even if excess bandwidth is
available. If unspecified, defaults to no limit.
Common Columns:
The overall purpose of these columns is described under Common Columns at the beginning of
this document.
other_config: map of string-string pairs
external_ids: map of string-string pairs
Mirror TABLE
A port mirror within a Bridge.
A port mirror configures a bridge to send selected frames to special ``mirrored’’ ports,
in addition to their normal destinations. Mirroring traffic may also be referred to as
SPAN or RSPAN, depending on how the mirrored traffic is sent.
Summary:
name string
Selecting Packets for Mirroring:
select_all boolean
select_dst_port set of weak reference to Ports
select_src_port set of weak reference to Ports
select_vlan set of up to 4,096 integers, in range 0 to 4,095
Mirroring Destination Configuration:
output_port optional weak reference to Port
output_vlan optional integer, in range 1 to 4,095
Statistics: Mirror counters:
statistics : tx_packets optional integer
statistics : tx_bytes optional integer
Common Columns:
external_ids map of string-string pairs
Details:
name: string
Arbitrary identifier for the Mirror.
Selecting Packets for Mirroring:
To be selected for mirroring, a given packet must enter or leave the bridge through a
selected port and it must also be in one of the selected VLANs.
select_all: boolean
If true, every packet arriving or departing on any port is selected for mirroring.
select_dst_port: set of weak reference to Ports
Ports on which departing packets are selected for mirroring.
select_src_port: set of weak reference to Ports
Ports on which arriving packets are selected for mirroring.
select_vlan: set of up to 4,096 integers, in range 0 to 4,095
VLANs on which packets are selected for mirroring. An empty set selects packets on
all VLANs.
Mirroring Destination Configuration:
These columns are mutually exclusive. Exactly one of them must be nonempty.
output_port: optional weak reference to Port
Output port for selected packets, if nonempty.
Specifying a port for mirror output reserves that port exclusively for mirroring.
No frames other than those selected for mirroring via this column will be forwarded
to the port, and any frames received on the port will be discarded.
The output port may be any kind of port supported by Open vSwitch. It may be, for
example, a physical port (sometimes called SPAN) or a GRE tunnel.
output_vlan: optional integer, in range 1 to 4,095
Output VLAN for selected packets, if nonempty.
The frames will be sent out all ports that trunk output_vlan, as well as any ports
with implicit VLAN output_vlan. When a mirrored frame is sent out a trunk port,
the frame’s VLAN tag will be set to output_vlan, replacing any existing tag; when
it is sent out an implicit VLAN port, the frame will not be tagged. This type of
mirroring is sometimes called RSPAN.
See the documentation for other_config:forward-bpdu in the Interface table for a
list of destination MAC addresses which will not be mirrored to a VLAN to avoid
confusing switches that interpret the protocols that they represent.
Please note: Mirroring to a VLAN can disrupt a network that contains unmanaged
switches. Consider an unmanaged physical switch with two ports: port 1, connected
to an end host, and port 2, connected to an Open vSwitch configured to mirror
received packets into VLAN 123 on port 2. Suppose that the end host sends a packet
on port 1 that the physical switch forwards to port 2. The Open vSwitch forwards
this packet to its destination and then reflects it back on port 2 in VLAN 123.
This reflected packet causes the unmanaged physical switch to replace the MAC
learning table entry, which correctly pointed to port 1, with one that incorrectly
points to port 2. Afterward, the physical switch will direct packets destined for
the end host to the Open vSwitch on port 2, instead of to the end host on port 1,
disrupting connectivity. If mirroring to a VLAN is desired in this scenario, then
the physical switch must be replaced by one that learns Ethernet addresses on a
per-VLAN basis. In addition, learning should be disabled on the VLAN containing
mirrored traffic. If this is not done then intermediate switches will learn the MAC
address of each end host from the mirrored traffic. If packets being sent to that
end host are also mirrored, then they will be dropped since the switch will attempt
to send them out the input port. Disabling learning for the VLAN will cause the
switch to correctly send the packet out all ports configured for that VLAN. If
Open vSwitch is being used as an intermediate switch, learning can be disabled by
adding the mirrored VLAN to flood_vlans in the appropriate Bridge table or tables.
Mirroring to a GRE tunnel has fewer caveats than mirroring to a VLAN and should
generally be preferred.
Statistics: Mirror counters:
Key-value pairs that report mirror statistics.
statistics : tx_packets: optional integer
Number of packets transmitted through this mirror.
statistics : tx_bytes: optional integer
Number of bytes transmitted through this mirror.
Common Columns:
The overall purpose of these columns is described under Common Columns at the beginning of
this document.
external_ids: map of string-string pairs
Controller TABLE
An OpenFlow controller.
Open vSwitch supports two kinds of OpenFlow controllers:
Primary controllers
This is the kind of controller envisioned by the OpenFlow 1.0 specification.
Usually, a primary controller implements a network policy by taking charge
of the switch’s flow table.
Open vSwitch initiates and maintains persistent connections to primary
controllers, retrying the connection each time it fails or drops. The
fail_mode column in the Bridge table applies to primary controllers.
Open vSwitch permits a bridge to have any number of primary controllers.
When multiple controllers are configured, Open vSwitch connects to all of
them simultaneously. Because OpenFlow 1.0 does not specify how multiple
controllers coordinate in interacting with a single switch, more than one
primary controller should be specified only if the controllers are
themselves designed to coordinate with each other. (The Nicira-defined
NXT_ROLE OpenFlow vendor extension may be useful for this.)
Service controllers
These kinds of OpenFlow controller connections are intended for occasional
support and maintenance use, e.g. with ovs-ofctl. Usually a service
controller connects only briefly to inspect or modify some of a switch’s
state.
Open vSwitch listens for incoming connections from service controllers. The
service controllers initiate and, if necessary, maintain the connections
from their end. The fail_mode column in the Bridge table does not apply to
service controllers.
Open vSwitch supports configuring any number of service controllers.
The target determines the type of controller.
Summary:
Core Features:
target string
connection_mode optional string, either in-band or out-of-band
Controller Failure Detection and Handling:
max_backoff optional integer, at least 1,000
inactivity_probe optional integer
Asynchronous Message Configuration:
enable_async_messages optional boolean
controller_rate_limit optional integer, at least 100
controller_burst_limit optional integer, at least 25
Additional In-Band Configuration:
local_ip optional string
local_netmask optional string
local_gateway optional string
Controller Status:
is_connected boolean
role optional string, one of slave, other, or master
status : last_error optional string
status : state optional string, one of ACTIVE, VOID, CONNECTING, IDLE, or
BACKOFF
status : sec_since_connect optional string, containing an integer, at least 0
status : sec_since_disconnect
optional string, containing an integer, at least 1
Connection Parameters:
other_config : dscp optional string, containing an integer
Common Columns:
external_ids map of string-string pairs
other_config map of string-string pairs
Details:
Core Features:
target: string
Connection method for controller.
The following connection methods are currently supported for primary controllers:
ssl:ip[:port]
The specified SSL port (default: 6633) on the host at the given ip, which
must be expressed as an IP address (not a DNS name). The ssl column in the
Open_vSwitch table must point to a valid SSL configuration when this form is
used.
SSL support is an optional feature that is not always built as part of Open
vSwitch.
tcp:ip[:port]
The specified TCP port (default: 6633) on the host at the given ip, which
must be expressed as an IP address (not a DNS name).
The following connection methods are currently supported for service controllers:
pssl:[port][:ip]
Listens for SSL connections on the specified TCP port (default: 6633). If
ip, which must be expressed as an IP address (not a DNS name), is specified,
then connections are restricted to the specified local IP address.
The ssl column in the Open_vSwitch table must point to a valid SSL
configuration when this form is used.
SSL support is an optional feature that is not always built as part of Open
vSwitch.
ptcp:[port][:ip]
Listens for connections on the specified TCP port (default: 6633). If ip,
which must be expressed as an IP address (not a DNS name), is specified,
then connections are restricted to the specified local IP address.
When multiple controllers are configured for a single bridge, the target values
must be unique. Duplicate target values yield unspecified results.
connection_mode: optional string, either in-band or out-of-band
If it is specified, this setting must be one of the following strings that
describes how Open vSwitch contacts this OpenFlow controller over the network:
in-band
In this mode, this controller’s OpenFlow traffic travels over the bridge
associated with the controller. With this setting, Open vSwitch allows
traffic to and from the controller regardless of the contents of the
OpenFlow flow table. (Otherwise, Open vSwitch would never be able to
connect to the controller, because it did not have a flow to enable it.)
This is the most common connection mode because it is not necessary to
maintain two independent networks.
out-of-band
In this mode, OpenFlow traffic uses a control network separate from the
bridge associated with this controller, that is, the bridge does not use any
of its own network devices to communicate with the controller. The control
network must be configured separately, before or after ovs-vswitchd is
started.
If not specified, the default is implementation-specific.
Controller Failure Detection and Handling:
max_backoff: optional integer, at least 1,000
Maximum number of milliseconds to wait between connection attempts. Default is
implementation-specific.
inactivity_probe: optional integer
Maximum number of milliseconds of idle time on connection to controller before
sending an inactivity probe message. If Open vSwitch does not communicate with the
controller for the specified number of seconds, it will send a probe. If a
response is not received for the same additional amount of time, Open vSwitch
assumes the connection has been broken and attempts to reconnect. Default is
implementation-specific. A value of 0 disables inactivity probes.
Asynchronous Message Configuration:
OpenFlow switches send certain messages to controllers spontanenously, that is, not in
response to any request from the controller. These messages are called ``asynchronous
messages.’’ These columns allow asynchronous messages to be limited or disabled to ensure
the best use of network resources.
enable_async_messages: optional boolean
The OpenFlow protocol enables asynchronous messages at time of connection
establishment, which means that a controller can receive asynchronous messages,
potentially many of them, even if it turns them off immediately after connecting.
Set this column to false to change Open vSwitch behavior to disable, by default,
all asynchronous messages. The controller can use the NXT_SET_ASYNC_CONFIG Nicira
extension to OpenFlow to turn on any messages that it does want to receive, if any.
controller_rate_limit: optional integer, at least 100
The maximum rate at which the switch will forward packets to the OpenFlow
controller, in packets per second. This feature prevents a single bridge from
overwhelming the controller. If not specified, the default is implementation-
specific.
In addition, when a high rate triggers rate-limiting, Open vSwitch queues
controller packets for each port and transmits them to the controller at the
configured rate. The controller_burst_limit value limits the number of queued
packets. Ports on a bridge share the packet queue fairly.
Open vSwitch maintains two such packet rate-limiters per bridge: one for packets
sent up to the controller because they do not correspond to any flow, and the other
for packets sent up to the controller by request through flow actions. When both
rate-limiters are filled with packets, the actual rate that packets are sent to the
controller is up to twice the specified rate.
controller_burst_limit: optional integer, at least 25
In conjunction with controller_rate_limit, the maximum number of unused packet
credits that the bridge will allow to accumulate, in packets. If not specified,
the default is implementation-specific.
Additional In-Band Configuration:
These values are considered only in in-band control mode (see connection_mode).
When multiple controllers are configured on a single bridge, there should be only one set
of unique values in these columns. If different values are set for these columns in
different controllers, the effect is unspecified.
local_ip: optional string
The IP address to configure on the local port, e.g. 192.168.0.123. If this value
is unset, then local_netmask and local_gateway are ignored.
local_netmask: optional string
The IP netmask to configure on the local port, e.g. 255.255.255.0. If local_ip is
set but this value is unset, then the default is chosen based on whether the IP
address is class A, B, or C.
local_gateway: optional string
The IP address of the gateway to configure on the local port, as a string, e.g.
192.168.0.1. Leave this column unset if this network has no gateway.
Controller Status:
is_connected: boolean
true if currently connected to this controller, false otherwise.
role: optional string, one of slave, other, or master
The level of authority this controller has on the associated bridge. Possible
values are:
other Allows the controller access to all OpenFlow features.
master Equivalent to other, except that there may be at most one master controller
at a time. When a controller configures itself as master, any existing
master is demoted to the slaverole.
slave Allows the controller read-only access to OpenFlow features. Attempts to
modify the flow table will be rejected with an error. Slave controllers do
not receive OFPT_PACKET_IN or OFPT_FLOW_REMOVED messages, but they do
receive OFPT_PORT_STATUS messages.
status : last_error: optional string
A human-readable description of the last error on the connection to the controller;
i.e. strerror(errno). This key will exist only if an error has occurred.
status : state: optional string, one of ACTIVE, VOID, CONNECTING, IDLE, or BACKOFF
The state of the connection to the controller:
VOID Connection is disabled.
BACKOFF
Attempting to reconnect at an increasing period.
CONNECTING
Attempting to connect.
ACTIVE Connected, remote host responsive.
IDLE Connection is idle. Waiting for response to keep-alive.
These values may change in the future. They are provided only for human
consumption.
status : sec_since_connect: optional string, containing an integer, at least 0
The amount of time since this controller last successfully connected to the switch
(in seconds). Value is empty if controller has never successfully connected.
status : sec_since_disconnect: optional string, containing an integer, at least 1
The amount of time since this controller last disconnected from the switch (in
seconds). Value is empty if controller has never disconnected.
Connection Parameters:
Additional configuration for a connection between the controller and the Open vSwitch.
other_config : dscp: optional string, containing an integer
The Differentiated Service Code Point (DSCP) is specified using 6 bits in the Type
of Service (TOS) field in the IP header. DSCP provides a mechanism to classify the
network traffic and provide Quality of Service (QoS) on IP networks. The DSCP
value specified here is used when establishing the connection between the
controller and the Open vSwitch. If no value is specified, a default value of 48
is chosen. Valid DSCP values must be in the range 0 to 63.
Common Columns:
The overall purpose of these columns is described under Common Columns at the beginning of
this document.
external_ids: map of string-string pairs
other_config: map of string-string pairs
Manager TABLE
Configuration for a database connection to an Open vSwitch database (OVSDB) client.
This table primarily configures the Open vSwitch database (ovsdb-server), not the Open
vSwitch switch (ovs-vswitchd). The switch does read the table to determine what
connections should be treated as in-band.
The Open vSwitch database server can initiate and maintain active connections to remote
clients. It can also listen for database connections.
Summary:
Core Features:
target string (must be unique within table)
connection_mode optional string, either in-band or out-of-band
Client Failure Detection and Handling:
max_backoff optional integer, at least 1,000
inactivity_probe optional integer
Status:
is_connected boolean
status : last_error optional string
status : state optional string, one of ACTIVE, VOID, CONNECTING, IDLE, or
BACKOFF
status : sec_since_connect optional string, containing an integer, at least 0
status : sec_since_disconnect
optional string, containing an integer, at least 0
status : locks_held optional string
status : locks_waiting optional string
status : locks_lost optional string
status : n_connections optional string, containing an integer, at least 2
status : bound_port optional string, containing an integer
Connection Parameters:
other_config : dscp optional string, containing an integer
Common Columns:
external_ids map of string-string pairs
other_config map of string-string pairs
Details:
Core Features:
target: string (must be unique within table)
Connection method for managers.
The following connection methods are currently supported:
ssl:ip[:port]
The specified SSL port (default: 6632) on the host at the given ip, which
must be expressed as an IP address (not a DNS name). The ssl column in the
Open_vSwitch table must point to a valid SSL configuration when this form is
used.
SSL support is an optional feature that is not always built as part of Open
vSwitch.
tcp:ip[:port]
The specified TCP port (default: 6632) on the host at the given ip, which
must be expressed as an IP address (not a DNS name).
pssl:[port][:ip]
Listens for SSL connections on the specified TCP port (default: 6632).
Specify 0 for port to have the kernel automatically choose an available
port. If ip, which must be expressed as an IP address (not a DNS name), is
specified, then connections are restricted to the specified local IP
address.
The ssl column in the Open_vSwitch table must point to a valid SSL
configuration when this form is used.
SSL support is an optional feature that is not always built as part of Open
vSwitch.
ptcp:[port][:ip]
Listens for connections on the specified TCP port (default: 6632). Specify
0 for port to have the kernel automatically choose an available port. If
ip, which must be expressed as an IP address (not a DNS name), is specified,
then connections are restricted to the specified local IP address.
When multiple managers are configured, the target values must be unique. Duplicate
target values yield unspecified results.
connection_mode: optional string, either in-band or out-of-band
If it is specified, this setting must be one of the following strings that
describes how Open vSwitch contacts this OVSDB client over the network:
in-band
In this mode, this connection’s traffic travels over a bridge managed by
Open vSwitch. With this setting, Open vSwitch allows traffic to and from
the client regardless of the contents of the OpenFlow flow table.
(Otherwise, Open vSwitch would never be able to connect to the client,
because it did not have a flow to enable it.) This is the most common
connection mode because it is not necessary to maintain two independent
networks.
out-of-band
In this mode, the client’s traffic uses a control network separate from that
managed by Open vSwitch, that is, Open vSwitch does not use any of its own
network devices to communicate with the client. The control network must be
configured separately, before or after ovs-vswitchd is started.
If not specified, the default is implementation-specific.
Client Failure Detection and Handling:
max_backoff: optional integer, at least 1,000
Maximum number of milliseconds to wait between connection attempts. Default is
implementation-specific.
inactivity_probe: optional integer
Maximum number of milliseconds of idle time on connection to the client before
sending an inactivity probe message. If Open vSwitch does not communicate with the
client for the specified number of seconds, it will send a probe. If a response is
not received for the same additional amount of time, Open vSwitch assumes the
connection has been broken and attempts to reconnect. Default is implementation-
specific. A value of 0 disables inactivity probes.
Status:
is_connected: boolean
true if currently connected to this manager, false otherwise.
status : last_error: optional string
A human-readable description of the last error on the connection to the manager;
i.e. strerror(errno). This key will exist only if an error has occurred.
status : state: optional string, one of ACTIVE, VOID, CONNECTING, IDLE, or BACKOFF
The state of the connection to the manager:
VOID Connection is disabled.
BACKOFF
Attempting to reconnect at an increasing period.
CONNECTING
Attempting to connect.
ACTIVE Connected, remote host responsive.
IDLE Connection is idle. Waiting for response to keep-alive.
These values may change in the future. They are provided only for human
consumption.
status : sec_since_connect: optional string, containing an integer, at least 0
The amount of time since this manager last successfully connected to the database
(in seconds). Value is empty if manager has never successfully connected.
status : sec_since_disconnect: optional string, containing an integer, at least 0
The amount of time since this manager last disconnected from the database (in
seconds). Value is empty if manager has never disconnected.
status : locks_held: optional string
Space-separated list of the names of OVSDB locks that the connection holds.
Omitted if the connection does not hold any locks.
status : locks_waiting: optional string
Space-separated list of the names of OVSDB locks that the connection is currently
waiting to acquire. Omitted if the connection is not waiting for any locks.
status : locks_lost: optional string
Space-separated list of the names of OVSDB locks that the connection has had stolen
by another OVSDB client. Omitted if no locks have been stolen from this
connection.
status : n_connections: optional string, containing an integer, at least 2
When target specifies a connection method that listens for inbound connections
(e.g. ptcp: or pssl:) and more than one connection is actually active, the value is
the number of active connections. Otherwise, this key-value pair is omitted.
When multiple connections are active, status columns and key-value pairs (other
than this one) report the status of one arbitrarily chosen connection.
status : bound_port: optional string, containing an integer
When target is ptcp: or pssl:, this is the TCP port on which the OVSDB server is
listening. (This is is particularly useful when target specifies a port of 0,
allowing the kernel to choose any available port.)
Connection Parameters:
Additional configuration for a connection between the manager and the Open vSwitch
Database.
other_config : dscp: optional string, containing an integer
The Differentiated Service Code Point (DSCP) is specified using 6 bits in the Type
of Service (TOS) field in the IP header. DSCP provides a mechanism to classify the
network traffic and provide Quality of Service (QoS) on IP networks. The DSCP
value specified here is used when establishing the connection between the manager
and the Open vSwitch. If no value is specified, a default value of 48 is chosen.
Valid DSCP values must be in the range 0 to 63.
Common Columns:
The overall purpose of these columns is described under Common Columns at the beginning of
this document.
external_ids: map of string-string pairs
other_config: map of string-string pairs
NetFlow TABLE
A NetFlow target. NetFlow is a protocol that exports a number of details about
terminating IP flows, such as the principals involved and duration.
Summary:
targets set of 1 or more strings
engine_id optional integer, in range 0 to 255
engine_type optional integer, in range 0 to 255
active_timeout integer, at least -1
add_id_to_interface boolean
Common Columns:
external_ids map of string-string pairs
Details:
targets: set of 1 or more strings
NetFlow targets in the form ip:port. The ip must be specified numerically, not as
a DNS name.
engine_id: optional integer, in range 0 to 255
Engine ID to use in NetFlow messages. Defaults to datapath index if not specified.
engine_type: optional integer, in range 0 to 255
Engine type to use in NetFlow messages. Defaults to datapath index if not
specified.
active_timeout: integer, at least -1
The interval at which NetFlow records are sent for flows that are still active, in
seconds. A value of 0 requests the default timeout (currently 600 seconds); a
value of -1 disables active timeouts.
add_id_to_interface: boolean
If this column’s value is false, the ingress and egress interface fields of NetFlow
flow records are derived from OpenFlow port numbers. When it is true, the 7 most
significant bits of these fields will be replaced by the least significant 7 bits
of the engine id. This is useful because many NetFlow collectors do not expect
multiple switches to be sending messages from the same host, so they do not store
the engine information which could be used to disambiguate the traffic.
When this option is enabled, a maximum of 508 ports are supported.
Common Columns:
The overall purpose of these columns is described under Common Columns at the beginning of
this document.
external_ids: map of string-string pairs
SSL TABLE
SSL configuration for an Open_vSwitch.
Summary:
private_key string
certificate string
ca_cert string
bootstrap_ca_cert boolean
Common Columns:
external_ids map of string-string pairs
Details:
private_key: string
Name of a PEM file containing the private key used as the switch’s identity for SSL
connections to the controller.
certificate: string
Name of a PEM file containing a certificate, signed by the certificate authority
(CA) used by the controller and manager, that certifies the switch’s private key,
identifying a trustworthy switch.
ca_cert: string
Name of a PEM file containing the CA certificate used to verify that the switch is
connected to a trustworthy controller.
bootstrap_ca_cert: boolean
If set to true, then Open vSwitch will attempt to obtain the CA certificate from
the controller on its first SSL connection and save it to the named PEM file. If it
is successful, it will immediately drop the connection and reconnect, and from then
on all SSL connections must be authenticated by a certificate signed by the CA
certificate thus obtained. This option exposes the SSL connection to a
man-in-the-middle attack obtaining the initial CA certificate. It may still be
useful for bootstrapping.
Common Columns:
The overall purpose of these columns is described under Common Columns at the beginning of
this document.
external_ids: map of string-string pairs
sFlow TABLE
A set of sFlow(R) targets. sFlow is a protocol for remote monitoring of switches.
Summary:
agent optional string
header optional integer
polling optional integer
sampling optional integer
targets set of 1 or more strings
Common Columns:
external_ids map of string-string pairs
Details:
agent: optional string
Name of the network device whose IP address should be reported as the ``agent
address’’ to collectors. If not specified, the agent device is figured from the
first target address and the routing table. If the routing table does not contain
a route to the target, the IP address defaults to the local_ip in the collector’s
Controller. If an agent IP address cannot be determined any of these ways, sFlow
is disabled.
header: optional integer
Number of bytes of a sampled packet to send to the collector. If not specified,
the default is 128 bytes.
polling: optional integer
Polling rate in seconds to send port statistics to the collector. If not
specified, defaults to 30 seconds.
sampling: optional integer
Rate at which packets should be sampled and sent to the collector. If not
specified, defaults to 400, which means one out of 400 packets, on average, will be
sent to the collector.
targets: set of 1 or more strings
sFlow targets in the form ip:port.
Common Columns:
The overall purpose of these columns is described under Common Columns at the beginning of
this document.
external_ids: map of string-string pairs
IPFIX TABLE
A set of IPFIX collectors. IPFIX is a protocol that exports a number of details about
flows.
Summary:
targets set of 1 or more strings
sampling optional integer, in range 1 to 4,294,967,295
obs_domain_id optional integer, in range 0 to 4,294,967,295
obs_point_id optional integer, in range 0 to 4,294,967,295
cache_active_timeout optional integer, in range 0 to 4,200
cache_max_flows optional integer, in range 0 to 4,294,967,295
Common Columns:
external_ids map of string-string pairs
Details:
targets: set of 1 or more strings
IPFIX target collectors in the form ip:port.
sampling: optional integer, in range 1 to 4,294,967,295
For per-bridge packet sampling, i.e. when this row is referenced from a Bridge, the
rate at which packets should be sampled and sent to each target collector. If not
specified, defaults to 400, which means one out of 400 packets, on average, will be
sent to each target collector. Ignored for per-flow sampling, i.e. when this row
is referenced from a Flow_Sample_Collector_Set.
obs_domain_id: optional integer, in range 0 to 4,294,967,295
For per-bridge packet sampling, i.e. when this row is referenced from a Bridge, the
IPFIX Observation Domain ID sent in each IPFIX packet. If not specified, defaults
to 0. Ignored for per-flow sampling, i.e. when this row is referenced from a
Flow_Sample_Collector_Set.
obs_point_id: optional integer, in range 0 to 4,294,967,295
For per-bridge packet sampling, i.e. when this row is referenced from a Bridge, the
IPFIX Observation Point ID sent in each IPFIX flow record. If not specified,
defaults to 0. Ignored for per-flow sampling, i.e. when this row is referenced
from a Flow_Sample_Collector_Set.
cache_active_timeout: optional integer, in range 0 to 4,200
The maximum period in seconds for which an IPFIX flow record is cached and
aggregated before being sent. If not specified, defaults to 0. If 0, caching is
disabled.
cache_max_flows: optional integer, in range 0 to 4,294,967,295
The maximum number of IPFIX flow records that can be cached at a time. If not
specified, defaults to 0. If 0, caching is disabled.
Common Columns:
The overall purpose of these columns is described under Common Columns at the beginning of
this document.
external_ids: map of string-string pairs
Flow_Sample_Collector_Set TABLE
A set of IPFIX collectors of packet samples generated by OpenFlow sample actions.
Summary:
id integer, in range 0 to 4,294,967,295
bridge Bridge
ipfix optional IPFIX
Common Columns:
external_ids map of string-string pairs
Details:
id: integer, in range 0 to 4,294,967,295
The ID of this collector set, unique among the bridge’s collector sets, to be used
as the collector_set_id in OpenFlow sample actions.
bridge: Bridge
The bridge into which OpenFlow sample actions can be added to send packet samples
to this set of IPFIX collectors.
ipfix: optional IPFIX
Configuration of the set of IPFIX collectors to send one flow record per sampled
packet to.
Common Columns:
The overall purpose of these columns is described under Common Columns at the beginning of
this document.
external_ids: map of string-string pairs