choose key names that are likely to be unique. The currently
defined common key-value pairs are:
<dl>
- <dt><code>system-type</code></dt>
- <dd>An identifier for the switch type, such as
- <code>XenServer</code> or <code>KVM</code>.</dd>
- <dt><code>system-version</code></dt>
- <dd>The version of the switch software, such as
- <code>5.6.0</code> on XenServer.</dd>
<dt><code>system-id</code></dt>
<dd>A unique identifier for the Open vSwitch's physical host.
The form of the identifier depends on the type of the host.
</column>
</group>
+ <group title="Version Reporting">
+ <p>
+ These columns report the types and versions of the hardware and
+ software running Open vSwitch. We recommend in general that software
+ should test whether specific features are supported instead of relying
+ on version number checks. These values are primarily intended for
+ reporting to human administrators.
+ </p>
+
+ <column name="ovs_version">
+ The Open vSwitch version number, e.g. <code>1.1.0pre2</code>.
+ If Open vSwitch was configured with a build number, then it is
+ also included, e.g. <code>1.1.0pre2+build4948</code>.
+ </column>
+
+ <column name="db_version">
+ <p>
+ The database schema version number in the form
+ <code><var>major</var>.<var>minor</var>.<var>tweak</var></code>,
+ e.g. <code>1.2.3</code>. Whenever the database schema is changed in
+ a non-backward compatible way (e.g. deleting a column or a table),
+ <var>major</var> is incremented. When the database schema is changed
+ in a backward compatible way (e.g. adding a new column),
+ <var>minor</var> is incremented. When the database schema is changed
+ cosmetically (e.g. reindenting its syntax), <var>tweak</var> is
+ incremented.
+ </p>
+
+ <p>
+ The schema version is part of the database schema, so it can also be
+ retrieved by fetching the schema using the Open vSwitch database
+ protocol.
+ </p>
+ </column>
+
+ <column name="system_type">
+ <p>
+ An identifier for the type of system on top of which Open vSwitch
+ runs, e.g. <code>XenServer</code> or <code>KVM</code>.
+ </p>
+ <p>
+ System integrators are responsible for choosing and setting an
+ appropriate value for this column.
+ </p>
+ </column>
+
+ <column name="system_version">
+ <p>
+ The version of the system identified by <ref column="system_type"/>,
+ e.g. <code>5.5.0-24648p</code> on XenServer 5.5.0 build 24648.
+ </p>
+ <p>
+ System integrators are responsible for choosing and setting an
+ appropriate value for this column.
+ </p>
+ </column>
+
+ </group>
+
<group title="Database Configuration">
<p>
These columns primarily configure the Open vSwitch database
<p>A port that has more than one interface is a ``bonded port.''
Bonding allows for load balancing and fail-over. Open vSwitch
supports ``source load balancing'' (SLB) bonding, which
- assigns flows to slaves based on source MAC address, with
- periodic rebalancing as traffic patterns change. This form of
- bonding does not require 802.3ad or other special support from
- the upstream switch to which the slave devices are
- connected.</p>
+ assigns flows to slaves based on source MAC address and output VLAN,
+ with periodic rebalancing as traffic patterns change. This form of
+ bonding does not require 802.3ad or other special support from the
+ upstream switch to which the slave devices are connected.</p>
<p>These columns apply only to bonded ports. Their values are
otherwise ignored.</p>
bypass certain components of the IP stack (such as IP tables)
and it may be useful to disable it if these features are
required or as a debugging measure. Default is enabled, set to
- <code>false</code> to disable. If IPsec is enabled through the
- <ref column="other_config"/> parameters, header caching will be
- automatically disabled.</dd>
+ <code>false</code> to disable.</dd>
+ </dl>
+ </dd>
+ <dt><code>ipsec_gre</code></dt>
+ <dd>An Ethernet over RFC 2890 Generic Routing Encapsulation
+ over IPv4 IPsec tunnel. Each tunnel (including those of type
+ <code>gre</code>) must be uniquely identified by the
+ combination of <code>remote_ip</code> and
+ <code>local_ip</code>. Note that if two ports are defined
+ that are the same except one has an optional identifier and
+ the other does not, the more specific one is matched first.
+ An authentication method of <code>peer_cert</code> or
+ <code>psk</code> must be defined. The following options may
+ be specified in the <ref column="options"/> column:
+ <dl>
+ <dt><code>remote_ip</code></dt>
+ <dd>Required. The tunnel endpoint.</dd>
+ </dl>
+ <dl>
+ <dt><code>local_ip</code></dt>
+ <dd>Optional. The destination IP that received packets must
+ match. Default is to match all addresses.</dd>
+ </dl>
+ <dl>
+ <dt><code>peer_cert</code></dt>
+ <dd>Required for certificate authentication. A string
+ containing the peer's certificate in PEM format.
+ Additionally the host's certificate must be specified
+ with the <code>certificate</code> option.</dd>
+ </dl>
+ <dl>
+ <dt><code>certificate</code></dt>
+ <dd>Required for certificate authentication. The name of a
+ PEM file containing a certificate that will be presented
+ to the peer during authentication.</dd>
+ </dl>
+ <dl>
+ <dt><code>private_key</code></dt>
+ <dd>Optional for certificate authentication. The name of
+ a PEM file containing the private key associated with
+ <code>certificate</code>. If <code>certificate</code>
+ contains the private key, this option may be omitted.</dd>
+ </dl>
+ <dl>
+ <dt><code>psk</code></dt>
+ <dd>Required for pre-shared key authentication. Specifies a
+ pre-shared key for authentication that must be identical on
+ both sides of the tunnel.</dd>
+ </dl>
+ <dl>
+ <dt><code>in_key</code></dt>
+ <dd>Optional. The GRE key that received packets must contain.
+ It may either be a 32-bit number (no key and a key of 0 are
+ treated as equivalent) or the word <code>flow</code>. If
+ <code>flow</code> is specified then any key will be accepted
+ and the key will be placed in the <code>tun_id</code> field
+ for matching in the flow table. The ovs-ofctl manual page
+ contains additional information about matching fields in
+ OpenFlow flows. Default is no key.</dd>
+ </dl>
+ <dl>
+ <dt><code>out_key</code></dt>
+ <dd>Optional. The GRE key to be set on outgoing packets. It may
+ either be a 32-bit number or the word <code>flow</code>. If
+ <code>flow</code> is specified then the key may be set using
+ the <code>set_tunnel</code> Nicira OpenFlow vendor extension (0
+ is used in the absence of an action). The ovs-ofctl manual
+ page contains additional information about the Nicira OpenFlow
+ vendor extensions. Default is no key.</dd>
+ </dl>
+ <dl>
+ <dt><code>key</code></dt>
+ <dd>Optional. Shorthand to set <code>in_key</code> and
+ <code>out_key</code> at the same time.</dd>
+ </dl>
+ <dl>
+ <dt><code>tos</code></dt>
+ <dd>Optional. The value of the ToS bits to be set on the
+ encapsulating packet. It may also be the word
+ <code>inherit</code>, in which case the ToS will be copied from
+ the inner packet if it is IPv4 or IPv6 (otherwise it will be
+ 0). Note that the ECN fields are always inherited. Default is
+ 0.</dd>
+ </dl>
+ <dl>
+ <dt><code>ttl</code></dt>
+ <dd>Optional. The TTL to be set on the encapsulating packet.
+ It may also be the word <code>inherit</code>, in which case the
+ TTL will be copied from the inner packet if it is IPv4 or IPv6
+ (otherwise it will be the system default, typically 64).
+ Default is the system default TTL.</dd>
+ </dl>
+ <dl>
+ <dt><code>csum</code></dt>
+ <dd>Optional. Compute GRE checksums on outgoing packets.
+ Checksums present on incoming packets will be validated
+ regardless of this setting. Note that GRE checksums
+ impose a significant performance penalty as they cover the
+ entire packet. As the contents of the packet is typically
+ covered by L3 and L4 checksums, this additional checksum only
+ adds value for the GRE and encapsulated Ethernet headers.
+ Default is disabled, set to <code>true</code> to enable.</dd>
+ </dl>
+ <dl>
+ <dt><code>pmtud</code></dt>
+ <dd>Optional. Enable tunnel path MTU discovery. If enabled
+ ``ICMP destination unreachable - fragmentation'' needed
+ messages will be generated for IPv4 packets with the DF bit set
+ and IPv6 packets above the minimum MTU if the packet size
+ exceeds the path MTU minus the size of the tunnel headers. It
+ also forces the encapsulating packet DF bit to be set (it is
+ always set if the inner packet implies path MTU discovery).
+ Note that this option causes behavior that is typically
+ reserved for routers and therefore is not entirely in
+ compliance with the IEEE 802.1D specification for bridges.
+ Default is enabled, set to <code>false</code> to disable.</dd>
</dl>
</dd>
<dt><code>capwap</code></dt>
<column name="other_config">
Key-value pairs for rarely used interface features. Currently,
- the only keys are for configuring GRE-over-IPsec, which is only
- available through the <code>openvswitch-ipsec</code> package for
- Debian. The currently defined key-value pairs are:
- <dl>
- <dt><code>ipsec_local_ip</code></dt>
- <dd>Required key for GRE-over-IPsec interfaces. Additionally,
- the <ref column="type"/> must be <code>gre</code> and the
- <code>ipsec_psk</code> <ref column="other_config"/> key must
- be set. The <code>in_key</code>, <code>out_key</code>, and
- <code>key</code> <ref column="options"/> must not be
- set.</dd>
- <dt><code>ipsec_psk</code></dt>
- <dd>Required key for GRE-over-IPsec interfaces. Specifies a
- pre-shared key for authentication that must be identical on
- both sides of the tunnel. Additionally, the
- <code>ipsec_local_ip</code> key must also be set.</dd>
- </dl>
+ there are none defined.
</column>
<column name="statistics">
projects / openvswitch / blobdiff