in this scenario, then the physical switch must be replaced by one
that learns Ethernet addresses on a per-VLAN basis. In addition,
learning should be disabled on the VLAN containing mirrored traffic.
-If this is not done then the intermediate switch will learn the MAC
+If this is not done then intermediate switches will learn the MAC
address of each end host from the mirrored traffic. If packets being
sent to that end host are also mirrored, then they will be dropped
since the switch will attempt to send them out the input port.
Disabling learning for the VLAN will cause the switch to correctly
-send the packet out all ports configured for that VLAN.
+send the packet out all ports configured for that VLAN. If Open
+vSwitch is being used as an intermediate switch learning can be disabled
+by setting the key \fBvlan.\fIbrname\fB.learning-disable=\fIvid\fR
+to the mirrored VLAN.
.ST "Example"
The following \fBovs\-vswitchd\fR configuration copies all frames received
on \fBeth1\fR or \fBeth2\fR to \fBeth3\fR.
.fi
.SS "NetFlow v5 Flow Logging"
-NetFlow is a protocol that exports a number of details about terminating
-IP flows, such as the principals involved and duration. A bridge may be
-configured to send NetFlow v5 records to NetFlow collectors when flows
-end. To enable, define the key \fBnetflow.\fIbridge\fB.host\fR for each
-collector in the form \fIip\fB:\fIport\fR. Records from \fIbridge\fR
+NetFlow is a protocol that exports a number of details about terminating
+IP flows, such as the principals involved and duration. A bridge may be
+configured to send NetFlow v5 records to NetFlow collectors when flows
+end. To enable, define the key \fBnetflow.\fIbridge\fB.host\fR for each
+collector in the form \fIip\fB:\fIport\fR. Records from \fIbridge\fR
will be sent to each \fIip\fR on UDP \fIport\fR. The \fIip\fR must
be specified numerically, not as a DNS name.
-The NetFlow messages will use the datapath index for the engine type and id.
-This can be overridden with the \fBnetflow.\fIbridge\fB.engine-type\fR and
+In addition to terminating flows, NetFlow can also send records at a set
+interval for flows that are still active. This interval can be configured
+by defining the key \fBnetflow.\fIbridge\fB\.active-timeout\fR. The value
+is in seconds. An active timeout of 0 will disable this functionality. By
+default there is timeout value of 600 seconds.
+
+The NetFlow messages will use the datapath index for the engine type and id.
+This can be overridden with the \fBnetflow.\fIbridge\fB.engine-type\fR and
\fBnetflow.\fIbridge\fB.engine-id\fR, respectively. Each takes a value
-between 0 and 255, inclusive.
+between 0 and 255, inclusive.
Many NetFlow collectors do not expect multiple switches to be
sending messages from the same host, and they do not store the engine
flows from multiple switches appearing as if they came on the interface,
add \fBnetflow.\fIbridge\fB.add-id-to-iface=true\fR to the configuration
file. This will place the least significant 7 bits of the engine id
-into the most significant bits of the ingress and egress interface fields
-of flow records. By default, this behavior is disabled.
+into the most significant bits of the ingress and egress interface fields
+of flow records. When this option is enabled, a maximum of 508 ports are
+supported. By default, this behavior is disabled.
+
+The egress interface field normally contains the OpenFlow port number,
+however, certain port values have special meaning: 0xFFFF indicates
+flooding, 0xFFFE is multiple controller-specified output interfaces, and
+0xFFFD means that packets from the flow were dropped. If add-id-to-iface
+is enabled then these values become 0x1FF, 0x1FE, and 0x1FD respectively.
The following syntax sends NetFlow records for \fBmybr\fR to the NetFlow
collector \fBnflow.example.com\fR on UDP port \fB9995\fR:
projects / openvswitch / blobdiff