Core Features:
- name: string (must
be unique within table)
- Interface name. Should be alphanumeric and no more than about 8 bytes
long. May be the same as the port name, for non-bonded ports. Must
otherwise be unique among the names of ports, interfaces, and bridges on a
host.
- ifindex:
optional integer, in range 0 to 4,294,967,295
- A positive interface index as defined for SNMP MIB-II in RFCs 1213 and
2863, if the interface has one, otherwise 0. The ifindex is useful for
seamless integration with protocols such as SNMP and sFlow.
- mac_in_use:
optional string
- The MAC address in use by this interface.
- mac: optional
string
- Ethernet address to set for this interface. If unset then the default MAC
address is used:
- For the local interface, the default is the lowest-numbered MAC address
among the other bridge ports, either the value of the mac in its
Port record, if set, or its actual MAC (for bonded ports, the MAC
of its slave whose name is first in alphabetical order). Internal ports
and bridge ports that are used as port mirroring destinations (see the
Mirror table) are ignored.
- For other internal interfaces, the default MAC is randomly generated.
- External interfaces typically have a MAC address associated with their
hardware.
- Some interfaces may not have a software-controllable MAC address.
- ofport:
optional integer
- OpenFlow port number for this interface. Unlike most columns, this
column’s value should be set only by Open vSwitch itself. Other
clients should set this column to an empty set (the default) when creating
an Interface.
- Open vSwitch populates this column when the port number becomes known. If
the interface is successfully added, ofport will be set to a number
between 1 and 65535 (generally either in the range 1 to 65279, inclusive,
or 65534, the port number for the OpenFlow ``local port’’).
If the interface cannot be added then Open vSwitch sets this column to
-1.
- When ofport_request is not set, Open vSwitch picks an appropriate
value for this column and then tries to keep the value constant across
restarts.
- ofport_request:
optional integer, in range 1 to 65,279
- Requested OpenFlow port number for this interface. The port number must be
between 1 and 65279, inclusive. Some datapaths cannot satisfy all requests
for particular port numbers. When this column is empty or the request
cannot be fulfilled, the system will choose a free port. The ofport
column reports the assigned OpenFlow port number.
- The port number must be requested in the same transaction that creates the
port.
System-Specific Details:
- type:
string
- The interface type, one of:
- system
- An ordinary network device, e.g. eth0 on Linux. Sometimes referred
to as ``external interfaces’’ since they are generally
connected to hardware external to that on which the Open vSwitch is
running. The empty string is a synonym for system.
- internal
- A simulated network device that sends and receives traffic. An internal
interface whose name is the same as its bridge’s name
is called the ``local interface.’’ It does not make sense to
bond an internal interface, so the terms ``port’’ and
``interface’’ are often used imprecisely for internal
interfaces.
- tap
- A TUN/TAP device managed by Open vSwitch.
- gre
- An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4
tunnel.
- ipsec_gre
- An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4 IPsec
tunnel.
- gre64
- It is same as GRE, but it allows 64 bit key. To store higher 32-bits of
key, it uses GRE protocol sequence number field. This is non standard use
of GRE protocol since OVS does not increment sequence number for every
packet at time of encap as expected by standard GRE implementation. See
Tunnel Options for information on configuring GRE tunnels.
- ipsec_gre64
- Same as IPSEC_GRE except 64 bit key.
- vxlan
- An Ethernet tunnel over the experimental, UDP-based VXLAN protocol
described at
http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-03.
- Open vSwitch uses UDP destination port 4789. The source port used for
VXLAN traffic varies on a per-flow basis and is in the ephemeral port
range.
- lisp
- A layer 3 tunnel over the experimental, UDP-based Locator/ID Separation
Protocol (RFC 6830).
- patch
- A pair of virtual devices that act as a patch cable.
- null
- An ignored interface. Deprecated and slated for removal in February
2013.
Tunnel Options:
These options apply to interfaces with type of gre,
ipsec_gre, gre64, ipsec_gre64, vxlan, and
lisp.
Each tunnel must be uniquely identified by the combination of
type, options:remote_ip, options:local_ip, and
options:in_key. If two ports are defined that are the same except one
has an optional identifier and the other does not, the more specific one is
matched first. options:in_key is considered more specific than
options:local_ip if a port defines one and another port defines the
other.
- options :
remote_ip: optional string
- Required. The remote tunnel endpoint, one of:
- An IPv4 address (not a DNS name), e.g. 192.168.0.123. Only unicast
endpoints are supported.
- The word flow. The tunnel accepts packets from any remote tunnel
endpoint. To process only packets from a specific remote tunnel endpoint,
the flow entries may match on the tun_src field. When sending
packets to a remote_ip=flow tunnel, the flow actions must
explicitly set the tun_dst field to the IP address of the desired
remote tunnel endpoint, e.g. with a set_field action.
- The remote tunnel endpoint for any packet received from a tunnel is
available in the tun_src field for matching in the flow table.
- options :
local_ip: optional string
- Optional. The tunnel destination IP that received packets must match.
Default is to match all addresses. If specified, may be one of:
- An IPv4 address (not a DNS name), e.g. 192.168.12.3.
- The word flow. The tunnel accepts packets sent to any of the local
IP addresses of the system running OVS. To process only packets sent to a
specific IP address, the flow entries may match on the tun_dst
field. When sending packets to a local_ip=flow tunnel, the flow
actions may explicitly set the tun_src field to the desired IP
address, e.g. with a set_field action. However, while routing the
tunneled packet out, the local system may override the specified address
with the local IP address configured for the outgoing system
interface.
- This option is valid only for tunnels also configured with the
remote_ip=flow option.
- The tunnel destination IP address for any packet received from a tunnel is
available in the tun_dst field for matching in the flow table.
- options :
in_key: optional string
- Optional. The key that received packets must contain, one of:
- 0. The tunnel receives packets with no key or with a key of 0. This
is equivalent to specifying no options:in_key at all.
- A positive 24-bit (for VXLAN and LISP), 32-bit (for GRE) or 64-bit (for
GRE64) number. The tunnel receives only packets with the specified
key.
- The word flow. The tunnel accepts packets with any key. The key
will be placed in the tun_id field for matching in the flow table.
The ovs-ofctl manual page contains additional information about
matching fields in OpenFlow flows.
- options :
out_key: optional string
- Optional. The key to be set on outgoing packets, one of:
- 0. Packets sent through the tunnel will have no key. This is
equivalent to specifying no options:out_key at all.
- A positive 24-bit (for VXLAN and LISP), 32-bit (for GRE) or 64-bit (for
GRE64) number. Packets sent through the tunnel will have the specified
key.
- The word flow. Packets sent through the tunnel will have the key
set using the set_tunnel Nicira OpenFlow vendor extension (0 is
used in the absence of an action). The ovs-ofctl manual page
contains additional information about the Nicira OpenFlow vendor
extensions.
- options :
key: optional string
- Optional. Shorthand to set in_key and out_key at the same
time.
- options :
tos: optional string
- Optional. The value of the ToS bits to be set on the encapsulating packet.
ToS is interpreted as DSCP and ECN bits, ECN part must be zero. It may
also be the word inherit, in which case the ToS will be copied from
the inner packet if it is IPv4 or IPv6 (otherwise it will be 0). The ECN
fields are always inherited. Default is 0.
- options :
ttl: optional string
- Optional. The TTL to be set on the encapsulating packet. It may also be
the word inherit, in which case the TTL will be copied from the
inner packet if it is IPv4 or IPv6 (otherwise it will be the system
default, typically 64). Default is the system default TTL.
- options :
df_default: optional string, either true or false
- Optional. If enabled, the Don’t Fragment bit will be set on tunnel
outer headers to allow path MTU discovery. Default is enabled; set to
false to disable.
Tunnel Options: gre and ipsec_gre only:
Only gre and ipsec_gre interfaces support these options.
- options :
csum: optional string, either true or false
- Optional. Compute GRE checksums on outgoing packets. Default is disabled,
set to true to enable. Checksums present on incoming packets will
be validated regardless of this setting.
- GRE checksums impose a significant performance penalty because they cover
the entire packet. The encapsulated L3, L4, and L7 packet contents
typically have their own checksums, so this additional checksum only adds
value for the GRE and encapsulated L2 headers.
- This option is supported for ipsec_gre, but not useful because GRE
checksums are weaker than, and redundant with, IPsec payload
authentication.
Tunnel Options: ipsec_gre only:
Only ipsec_gre interfaces support these options.
- options :
peer_cert: optional string
- Required for certificate authentication. A string containing the
peer’s certificate in PEM format. Additionally the host’s
certificate must be specified with the certificate option.
- options :
certificate: optional string
- Required for certificate authentication. The name of a PEM file containing
a certificate that will be presented to the peer during
authentication.
- options :
private_key: optional string
- Optional for certificate authentication. The name of a PEM file containing
the private key associated with certificate. If certificate
contains the private key, this option may be omitted.
- options :
psk: optional string
- Required for pre-shared key authentication. Specifies a pre-shared key for
authentication that must be identical on both sides of the tunnel.
Patch Options:
Only patch interfaces support these options.
- options :
peer: optional string
- The name of the Interface for the other side of the patch.
The named Interface’s own peer option must specify
this Interface’s name. That is, the two patch interfaces
must have reversed name and peer values.
Interface Status:
Status information about interfaces attached to bridges, updated every 5
seconds. Not all interfaces have all of these properties; virtual interfaces
don’t have a link speed, for example. Non-applicable columns will have
empty values.
- admin_state:
optional string, either down or up
- The administrative state of the physical network link.
- link_state:
optional string, either down or up
- The observed state of the physical network link. This is ordinarily the
link’s carrier status. If the interface’s Port is a
bond configured for miimon monitoring, it is instead the network
link’s miimon status.
- link_resets:
optional integer
- The number of times Open vSwitch has observed the link_state of
this Interface change.
- link_speed:
optional integer
- The negotiated speed of the physical network link. Valid values are
positive integers greater than 0.
- duplex:
optional string, either full or half
- The duplex mode of the physical network link.
- mtu: optional
integer
- The MTU (maximum transmission unit); i.e. the largest amount of data that
can fit into a single Ethernet frame. The standard Ethernet MTU is 1500
bytes. Some physical media and many kinds of virtual interfaces can be
configured with higher MTUs.
- This column will be empty for an interface that does not have an MTU as,
for example, some kinds of tunnels do not.
- lacp_current:
optional boolean
- Boolean value indicating LACP status for this interface. If true, this
interface has current LACP information about its LACP partner. This
information may be used to monitor the health of interfaces in a LACP
enabled port. This column will be empty if LACP is not enabled.
- status: map
of string-string pairs
- Key-value pairs that report port status. Supported status values are
type-dependent; some interfaces may not have a valid
status:driver_name, for example.
- status :
driver_name: optional string
- The name of the device driver controlling the network adapter.
- status :
driver_version: optional string
- The version string of the device driver controlling the network
adapter.
- status :
firmware_version: optional string
- The version string of the network adapter’s firmware, if
available.
- status :
source_ip: optional string
- The source IP address used for an IPv4 tunnel end-point, such as
gre.
- status :
tunnel_egress_iface: optional string
- Egress interface for tunnels. Currently only relevant for GRE tunnels On
Linux systems, this column will show the name of the interface which is
responsible for routing traffic destined for the configured
options:remote_ip. This could be an internal interface such as a
bridge port.
- status :
tunnel_egress_iface_carrier: optional string, either down or
up
- Whether carrier is detected on status:tunnel_egress_iface.
Statistics:
Key-value pairs that report interface statistics. The current implementation
updates these counters periodically. Future implementations may update them
when an interface is created, when they are queried (e.g. using an OVSDB
select operation), and just before an interface is deleted due to
virtual interface hot-unplug or VM shutdown, and perhaps at other times, but
not on any regular periodic basis.
These are the same statistics reported by OpenFlow in its
struct ofp_port_stats structure. If an interface does not
support a given statistic, then that pair is omitted.
Statistics: Successful transmit and receive
counters:
- statistics
: rx_packets: optional integer
- Number of received packets.
- statistics
: rx_bytes: optional integer
- Number of received bytes.
- statistics
: tx_packets: optional integer
- Number of transmitted packets.
- statistics
: tx_bytes: optional integer
- Number of transmitted bytes.
Statistics: Receive errors:
- statistics
: rx_dropped: optional integer
- Number of packets dropped by RX.
- statistics
: rx_frame_err: optional integer
- Number of frame alignment errors.
- statistics
: rx_over_err: optional integer
- Number of packets with RX overrun.
- statistics
: rx_crc_err: optional integer
- Number of CRC errors.
- statistics
: rx_errors: optional integer
- Total number of receive errors, greater than or equal to the sum of the
above.
Statistics: Transmit errors:
- statistics
: tx_dropped: optional integer
- Number of packets dropped by TX.
- statistics
: collisions: optional integer
- Number of collisions.
- statistics
: tx_errors: optional integer
- Total number of transmit errors, greater than or equal to the sum of the
above.
Ingress Policing:
These settings control ingress policing for packets received on this interface.
On a physical interface, this limits the rate at which traffic is allowed into
the system from the outside; on a virtual interface (one connected to a
virtual machine), this limits the rate at which the VM is able to transmit.
Policing is a simple form of quality-of-service that simply drops
packets received in excess of the configured rate. Due to its simplicity,
policing is usually less accurate and less effective than egress QoS (which
is configured using the QoS and Queue tables).
Policing is currently implemented only on Linux. The Linux
implementation uses a simple ``token bucket’’ approach:
- The size of the bucket corresponds to ingress_policing_burst.
Initially the bucket is full.
- Whenever a packet is received, its size (converted to tokens) is compared
to the number of tokens currently in the bucket. If the required number of
tokens are available, they are removed and the packet is forwarded.
Otherwise, the packet is dropped.
- Whenever it is not full, the bucket is refilled with tokens at the rate
specified by ingress_policing_rate.
Policing interacts badly with some network protocols, and
especially with fragmented IP packets. Suppose that there is enough network
activity to keep the bucket nearly empty all the time. Then this token
bucket algorithm will forward a single packet every so often, with the
period depending on packet size and on the configured rate. All of the
fragments of an IP packets are normally transmitted back-to-back, as a
group. In such a situation, therefore, only one of these fragments will be
forwarded and the rest will be dropped. IP does not provide any way for the
intended recipient to ask for only the remaining fragments. In such a case
there are two likely possibilities for what will happen next: either all of
the fragments will eventually be retransmitted (as TCP will do), in which
case the same problem will recur, or the sender will not realize that its
packet has been dropped and data will simply be lost (as some UDP-based
protocols will do). Either way, it is possible that no forward progress will
ever occur.
- ingress_policing_rate:
integer, at least 0
- Maximum rate for data received on this interface, in kbps. Data received
faster than this rate is dropped. Set to 0 (the default) to disable
policing.
- ingress_policing_burst:
integer, at least 0
- Maximum burst size for data received on this interface, in kb. The default
burst size if set to 0 is 1000 kb. This value has no effect if
ingress_policing_rate is 0.
- Specifying a larger burst size lets the algorithm be more forgiving, which
is important for protocols like TCP that react severely to dropped
packets. The burst size should be at least the size of the
interface’s MTU. Specifying a value that is numerically at least as
large as 10% of ingress_policing_rate helps TCP come closer to
achieving the full rate.
Bidirectional Forwarding Detection (BFD):
BFD, defined in RFC 5880 and RFC 5881, allows point to point detection of
connectivity failures by occasional transmission of BFD control messages. It
is implemented in Open vSwitch to serve as a more popular and standards
compliant alternative to CFM.
BFD operates by regularly transmitting BFD control messages at a
rate negotiated independently in each direction. Each endpoint specifies the
rate at which it expects to receive control messages, and the rate at which
it’s willing to transmit them. Open vSwitch uses a detection
multiplier of three, meaning that an endpoint which fails to receive BFD
control messages for a period of three times the expected reception rate,
will signal a connectivity fault. In the case of a unidirectional
connectivity issue, the system not receiving BFD control messages will
signal the problem to its peer in the messages it transmits.
The Open vSwitch implementation of BFD aims to comply faithfully
with the requirements put forth in RFC 5880. Currently, the only known
omission is ``Demand Mode’’, which we hope to include in
future. Open vSwitch does not implement the optional Authentication or
``Echo Mode’’ features.
- bfd : enable:
optional string
- When true BFD is enabled on this Interface, otherwise
it’s disabled. Defaults to false.
- bfd : min_rx:
optional string, containing an integer, at least 1
- The fastest rate, in milliseconds, at which this BFD session is willing to
receive BFD control messages. The actual rate may be slower if the remote
endpoint isn’t willing to transmit as quickly as specified.
Defaults to 1000.
- bfd : min_tx:
optional string, containing an integer, at least 1
- The fastest rate, in milliseconds, at which this BFD session is willing to
transmit BFD control messages. The actual rate may be slower if the remote
endpoint isn’t willing to receive as quickly as specified. Defaults
to 100.
- bfd : decay_min_rx:
optional string, containing an integer
- decay_min_rx is used to set the min_rx, when there is no
obvious incoming data traffic at the interface. It cannot be set less than
the min_rx. The decay feature is disabled by setting the
decay_min_rx to 0. And the feature is reset everytime itself or
min_rx is reconfigured.
- bfd :
forwarding_if_rx: optional string, either true or
false
- When forwarding_if_rx is true the interface will be considered
capable of packet I/O as long as there is packet received at interface.
This is important in that when link becomes temporarily conjested,
consecutive BFD control packets can be lost. And the
forwarding_if_rx can prevent link failover by detecting non-control
packets received at interface.
- bfd : cpath_down:
optional string, either true or false
- Concatenated path down may be used when the local system should not have
traffic forwarded to it for some reason other than a connectivty failure
on the interface being monitored. When a controller thinks this may be the
case, it may set cpath_down to true which may cause the
remote BFD session not to forward traffic to this Interface.
Defaults to false.
- bfd :
check_tnl_key: optional string, either true or
false
- When set to true, Check Tunnel Key will make BFD only accept control
messages with an in_key of zero. Defaults to false.
- bfd : bfd_dst_mac:
optional string
- An Ethernet address in the form
xx:xx:xx:xx:xx:xx to set the
destination mac address of the bfd packet. If this field is set, it is
assumed that all the bfd packets destined to this interface also has the
same destination mac address. If not set, a default value of
00:23:20:00:00:01 is used.
- bfd_status
: state: optional string, one of down, init, up, or
admin_down
- State of the BFD session. The BFD session is fully healthy and negotiated
if UP.
- bfd_status
: forwarding: optional string, either true or
false
- True if the BFD session believes this Interface may be used to
forward traffic. Typically this means the local session is signaling
UP, and the remote system isn’t signaling a problem such as
concatenated path down.
- bfd_status
: diagnostic: optional string
- A short message indicating what the BFD session thinks is wrong in case of
a problem.
- bfd_status
: remote_state: optional string, one of down, init,
up, or admin_down
- State of the remote endpoint’s BFD session.
- bfd_status
: remote_diagnostic: optional string
- A short message indicating what the remote endpoint’s BFD session
thinks is wrong in case of a problem.
Connectivity Fault Management:
802.1ag Connectivity Fault Management (CFM) allows a group of Maintenance Points
(MPs) called a Maintenance Association (MA) to detect connectivity problems
with each other. MPs within a MA should have complete and exclusive
interconnectivity. This is verified by occasionally broadcasting Continuity
Check Messages (CCMs) at a configurable transmission interval.
According to the 802.1ag specification, each Maintenance Point
should be configured out-of-band with a list of Remote Maintenance Points it
should have connectivity to. Open vSwitch differs from the specification in
this area. It simply assumes the link is faulted if no Remote Maintenance
Points are reachable, and considers it not faulted otherwise.
When operating over tunnels which have no in_key, or an
in_key of flow. CFM will only accept CCMs with a tunnel key of
zero.
- cfm_mpid:
optional integer
- A Maintenance Point ID (MPID) uniquely identifies each endpoint within a
Maintenance Association. The MPID is used to identify this endpoint to
other Maintenance Points in the MA. Each end of a link being monitored
should have a different MPID. Must be configured to enable CFM on this
Interface.
- cfm_fault:
optional boolean
- Indicates a connectivity fault triggered by an inability to receive
heartbeats from any remote endpoint. When a fault is triggered on
Interfaces participating in bonds, they will be disabled.
- Faults can be triggered for several reasons. Most importantly they are
triggered when no CCMs are received for a period of 3.5 times the
transmission interval. Faults are also triggered when any CCMs indicate
that a Remote Maintenance Point is not receiving CCMs but able to send
them. Finally, a fault is triggered if a CCM is received which indicates
unexpected configuration. Notably, this case arises when a CCM is received
which advertises the local MPID.
- cfm_fault_status
: recv: none
- Indicates a CFM fault was triggered due to a lack of CCMs received on the
Interface.
- cfm_fault_status
: rdi: none
- Indicates a CFM fault was triggered due to the reception of a CCM with the
RDI bit flagged. Endpoints set the RDI bit in their CCMs when they are not
receiving CCMs themselves. This typically indicates a unidirectional
connectivity failure.
- cfm_fault_status
: maid: none
- Indicates a CFM fault was triggered due to the reception of a CCM with a
MAID other than the one Open vSwitch uses. CFM broadcasts are tagged with
an identification number in addition to the MPID called the MAID. Open
vSwitch only supports receiving CCM broadcasts tagged with the MAID it
uses internally.
- cfm_fault_status
: loopback: none
- Indicates a CFM fault was triggered due to the reception of a CCM
advertising the same MPID configured in the cfm_mpid column of this
Interface. This may indicate a loop in the network.
- cfm_fault_status
: overflow: none
- Indicates a CFM fault was triggered because the CFM module received CCMs
from more remote endpoints than it can keep track of.
- cfm_fault_status
: override: none
- Indicates a CFM fault was manually triggered by an administrator using an
ovs-appctl command.
- cfm_fault_status
: interval: none
- Indicates a CFM fault was triggered due to the reception of a CCM frame
having an invalid interval.
- cfm_remote_opstate:
optional string, either down or up
- When in extended mode, indicates the operational state of the remote
endpoint as either up or down. See
other_config:cfm_opstate.
- cfm_health:
optional integer, in range 0 to 100
- Indicates the health of the interface as a percentage of CCM frames
received over 21 other_config:cfm_intervals. The health of an
interface is undefined if it is communicating with more than one
cfm_remote_mpids. It reduces if healthy heartbeats are not received
at the expected rate, and gradually improves as healthy heartbeats are
received at the desired rate. Every 21 other_config:cfm_intervals,
the health of the interface is refreshed.
- As mentioned above, the faults can be triggered for several reasons. The
link health will deteriorate even if heartbeats are received but they are
reported to be unhealthy. An unhealthy heartbeat in this context is a
heartbeat for which either some fault is set or is out of sequence. The
interface health can be 100 only on receiving healthy heartbeats at the
desired rate.
- cfm_remote_mpids:
set of integers
- When CFM is properly configured, Open vSwitch will occasionally receive
CCM broadcasts. These broadcasts contain the MPID of the sending
Maintenance Point. The list of MPIDs from which this Interface is
receiving broadcasts from is regularly collected and written to this
column.
- other_config
: cfm_interval: optional string, containing an integer
- The interval, in milliseconds, between transmissions of CFM heartbeats.
Three missed heartbeat receptions indicate a connectivity fault.
- In standard operation only intervals of 3, 10, 100, 1,000, 10,000, 60,000,
or 600,000 ms are supported. Other values will be rounded down to the
nearest value on the list. Extended mode (see
other_config:cfm_extended) supports any interval up to 65,535 ms.
In either mode, the default is 1000 ms.
- We do not recommend using intervals less than 100 ms.
- other_config
: cfm_extended: optional string, either true or
false
- When true, the CFM module operates in extended mode. This causes it
to use a nonstandard destination address to avoid conflicting with
compliant implementations which may be running concurrently on the
network. Furthermore, extended mode increases the accuracy of the
cfm_interval configuration parameter by breaking wire compatibility
with 802.1ag compliant implementations. Defaults to false.
- other_config
: cfm_demand: optional string, either true or
false
- When true, and other_config:cfm_extended is true, the CFM
module operates in demand mode. When in demand mode, traffic received on
the Interface is used to indicate liveness. CCMs are still
transmitted and received, but if the Interface is receiving
traffic, their absence does not cause a connectivity fault.
- Demand mode has a couple of caveats:
- To ensure that ovs-vswitchd has enough time to pull statistics from the
datapath, the fault detection interval is set to 3.5 *
MAX(other_config:cfm_interval, 500) ms.
- To avoid ambiguity, demand mode disables itself when there are multiple
remote maintenance points.
- If the Interface is heavily congested, CCMs containing the
other_config:cfm_opstate status may be dropped causing changes in
the operational state to be delayed. Similarly, if CCMs containing the RDI
bit are not received, unidirectional link failures may not be
detected.
- other_config
: cfm_opstate: optional string, either down or up
- When down, the CFM module marks all CCMs it generates as
operationally down without triggering a fault. This allows remote
maintenance points to choose not to forward traffic to the
Interface on which this CFM module is running. Currently, in Open
vSwitch, the opdown bit of CCMs affects Interfaces participating in
bonds, and the bundle OpenFlow action. This setting is ignored when CFM is
not in extended mode. Defaults to up.
- other_config
: cfm_ccm_vlan: optional string, containing an integer, in range 1 to
4,095
- When set, the CFM module will apply a VLAN tag to all CCMs it generates
with the given value. May be the string random in which case each
CCM will be tagged with a different randomly generated VLAN.
- other_config
: cfm_ccm_pcp: optional string, containing an integer, in range 1 to
7
- When set, the CFM module will apply a VLAN tag to all CCMs it generates
with the given PCP value, the VLAN ID of the tag is governed by the value
of other_config:cfm_ccm_vlan. If other_config:cfm_ccm_vlan
is unset, a VLAN ID of zero is used.
Bonding Configuration:
- other_config
: lacp-port-id: optional string, containing an integer, in range 1 to
65,535
- The LACP port ID of this Interface. Port IDs are used in LACP
negotiations to identify individual ports participating in a bond.
- other_config
: lacp-port-priority: optional string, containing an integer, in range 1
to 65,535
- The LACP port priority of this Interface. In LACP negotiations
Interfaces with numerically lower priorities are preferred for
aggregation.
- other_config
: lacp-aggregation-key: optional string, containing an integer, in range
1 to 65,535
- The LACP aggregation key of this Interface. Interfaces with
different aggregation keys may not be active within a given Port at
the same time.
Virtual Machine Identifiers:
These key-value pairs specifically apply to an interface that represents a
virtual Ethernet interface connected to a virtual machine. These key-value
pairs should not be present for other types of interfaces. Keys whose names
end in -uuid have values that uniquely identify the entity in question.
For a Citrix XenServer hypervisor, these values are UUIDs in RFC 4122 format.
Other hypervisors may use other formats.
- external_ids
: attached-mac: optional string
- The MAC address programmed into the ``virtual hardware’’ for
this interface, in the form
xx:xx:xx:xx:xx:xx. For Citrix
XenServer, this is the value of the MAC field in the VIF record for
this interface.
- external_ids
: iface-id: optional string
- A system-unique identifier for the interface. On XenServer, this will
commonly be the same as external_ids:xs-vif-uuid.
- external_ids
: iface-status: optional string, either active or
inactive
- Hypervisors may sometimes have more than one interface associated with a
given external_ids:iface-id, only one of which is actually in use
at a given time. For example, in some circumstances XenServer has both a
``tap’’ and a ``vif’’ interface for a single
external_ids:iface-id, but only uses one of them at a time. A
hypervisor that behaves this way must mark the currently in use interface
active and the others inactive. A hypervisor that never has
more than one interface for a given external_ids:iface-id may mark
that interface active or omit external_ids:iface-status
entirely.
- During VM migration, a given external_ids:iface-id might
transiently be marked active on two different hypervisors. That is,
active means that this external_ids:iface-id is the active
instance within a single hypervisor, not in a broader scope. There is one
exception: some hypervisors support ``migration’’ from a
given hypervisor to itself (most often for test purposes). During such a
``migration,’’ two instances of a single
external_ids:iface-id might both be briefly marked active on
a single hypervisor.
- external_ids
: xs-vif-uuid: optional string
- The virtual interface associated with this interface.
- external_ids
: xs-network-uuid: optional string
- The virtual network to which this interface is attached.
- external_ids
: vm-id: optional string
- The VM to which this interface belongs. On XenServer, this will be the
same as external_ids:xs-vm-uuid.
- external_ids
: xs-vm-uuid: optional string
- The VM to which this interface belongs.
VLAN Splinters:
The ``VLAN splinters’’ feature increases Open vSwitch
compatibility with buggy network drivers in old versions of Linux that do not
properly support VLANs when VLAN devices are not used, at some cost in memory
and performance.
When VLAN splinters are enabled on a particular interface, Open
vSwitch creates a VLAN device for each in-use VLAN. For sending traffic
tagged with a VLAN on the interface, it substitutes the VLAN device. Traffic
received on the VLAN device is treated as if it had been received on the
interface on the particular VLAN.
VLAN splinters consider a VLAN to be in use if:
- The VLAN is the tag value in any Port record.
- The VLAN is listed within the trunks column of the Port
record of an interface on which VLAN splinters are enabled. An empty
trunks does not influence the in-use VLANs: creating 4,096 VLAN
devices is impractical because it will exceed the current 1,024 port per
datapath limit.
- An OpenFlow flow within any bridge matches the VLAN.
The same set of in-use VLANs applies to every interface on which
VLAN splinters are enabled. That is, the set is not chosen separately for
each interface but selected once as the union of all in-use VLANs based on
the rules above.
It does not make sense to enable VLAN splinters on an interface
for an access port, or on an interface that is not a physical port.
VLAN splinters are deprecated. When broken device drivers are no
longer in widespread use, we will delete this feature.
- other_config
: enable-vlan-splinters: optional string, either true or
false
- Set to true to enable VLAN splinters on this interface. Defaults to
false.
- VLAN splinters increase kernel and userspace memory overhead, so do not
use them unless they are needed.
- VLAN splinters do not support 802.1p priority tags. Received priorities
will appear to be 0, regardless of their actual values, and priorities on
transmitted packets will also be cleared to 0.
Common Columns:
The overall purpose of these columns is described under Common
Columns at the beginning of this document.
- other_config:
map of string-string pairs
- external_ids:
map of string-string pairs
