</column>
<column name="flood_vlans">
- VLAN IDs of VLANs on which MAC address learning should be disabled, so
- that packets are flooded instead of being sent to specific ports that
- are believed to contain packets' destination MACs. This should
- ordinarily be used to disable MAC learning on VLANs used for mirroring
- (RSPAN VLANs). It may also be useful for debugging.
+ <p>
+ VLAN IDs of VLANs on which MAC address learning should be disabled,
+ so that packets are flooded instead of being sent to specific ports
+ that are believed to contain packets' destination MACs. This should
+ ordinarily be used to disable MAC learning on VLANs used for
+ mirroring (RSPAN VLANs). It may also be useful for debugging.
+ </p>
+ <p>
+ SLB bonding (see the <ref table="Port" column="bond_mode"/> column in
+ the <ref table="Port"/> table) is incompatible with
+ <code>flood_vlans</code>. Consider using another bonding mode or
+ a different type of mirror instead.
+ </p>
</column>
</group>
<dd>
Values below 100 will be rounded up to 100.
</dd>
+ <dt><code>forward-bpdu</code></dt>
+ <dd>
+ Option to allow forwarding of BPDU frames when NORMAL
+ action if invoked. Frames with reserved Ethernet addresses
+ (e.g. STP BPDU) will be forwarded when this option is enabled.
+ If the Open vSwitch bridge is used to connect different
+ Ethernet networks, and if Open vSwitch node does not run STP,
+ then this option should be enabled.
+ Default is disabled, set to <code>true</code> to enable.
+ </dd>
</dl>
</column>
</group>
</column>
<group title="VLAN Configuration">
- <p>A bridge port must be configured for VLANs in one of two
- mutually exclusive ways:
- <ul>
- <li>A ``trunk port'' has an empty value for <ref
- column="tag"/>. Its <ref column="trunks"/> value may be
- empty or non-empty.</li>
- <li>An ``implicitly tagged VLAN port'' or ``access port''
- has an nonempty value for <ref column="tag"/>. Its
- <ref column="trunks"/> value must be empty.</li>
- </ul>
- If <ref column="trunks"/> and <ref column="tag"/> are both
- nonempty, the configuration is ill-formed.
+ <p>Bridge ports support the following types of VLAN configuration:</p>
+ <dl>
+ <dt>trunk</dt>
+ <dd>
+ <p>
+ A trunk port carries packets on one or more specified VLANs
+ specified in the <ref column="trunks"/> column (often, on every
+ VLAN). A packet that ingresses on a trunk port is in the VLAN
+ specified in its 802.1Q header, or VLAN 0 if the packet has no
+ 802.1Q header. A packet that egresses through a trunk port will
+ have a 802.1Q header if it has a nonzero VLAN ID (or a nonzero
+ 802.1Q priority).
+ </p>
+
+ <p>
+ Any packet that ingresses on a trunk port tagged with a VLAN that
+ the port does not trunk is dropped.
+ </p>
+ </dd>
+
+ <dt>access</dt>
+ <dd>
+ <p>
+ An access port carries packets on exactly one VLAN specified in the
+ <ref column="tag"/> column. Packets ingressing and egressing on an
+ access port have no 802.1Q header.
+ </p>
+
+ <p>
+ Any packet with an 802.1Q header that ingresses on an access port
+ is dropped, regardless of whether the VLAN ID in the header is the
+ access port's VLAN ID.
+ </p>
+ </dd>
+
+ <dt>native-tagged</dt>
+ <dd>
+ A native-tagged port resembles a trunk port, with the exception that
+ a packet without an 802.1Q header that ingresses on a native-tagged
+ port is in the ``native VLAN'' (specified in the <ref column="tag"/>
+ column).
+ </dd>
+
+ <dt>native-untagged</dt>
+ <dd>
+ A native-untagged port resembles a native-tagged port, with the
+ exception that a packet that egresses on a native-untagged port in
+ the native VLAN not have an 802.1Q header.
+ </dd>
+ </dl>
+ <p>
+ A packet will only egress through bridge ports that carry the VLAN of
+ the packet, as described by the rules above.
</p>
- <column name="tag">
+ <column name="vlan_mode">
<p>
- If this is an access port (see above), the port's implicitly
- tagged VLAN. Must be empty if this is a trunk port.
- </p>
- <p>
- Frames arriving on trunk ports will be forwarded to this
- port only if they are tagged with the given VLAN (or, if
- <ref column="tag"/> is 0, then if they lack a VLAN header).
- Frames arriving on other access ports will be forwarded to
- this port only if they have the same <ref column="tag"/>
- value. Frames forwarded to this port will not have an
- 802.1Q header.
+ The VLAN mode of the port, as described above. When this column is
+ empty, a default mode is selected as follows:
</p>
+ <ul>
+ <li>
+ If <ref column="tag"/> contains a value, the port is an access
+ port. The <ref column="trunks"/> column should be empty.
+ </li>
+ <li>
+ Otherwise, the port is a trunk port. The <ref column="trunks"/>
+ column value is honored if it is present.
+ </li>
+ </ul>
+ </column>
+
+ <column name="tag">
<p>
- When a frame with a 802.1Q header that indicates a nonzero
- VLAN is received on an access port, it is discarded.
+ For an access port, the port's implicitly tagged VLAN. For a
+ native-tagged or native-untagged port, the port's native VLAN. Must
+ be empty if this is a trunk port.
</p>
</column>
<column name="trunks">
<p>
- If this is a trunk port (see above), the 802.1Q VLAN(s) that
- this port trunks; if it is empty, then the port trunks all
- VLANs. Must be empty if this is an access port.
+ For a trunk, native-tagged, or native-untagged port, the 802.1Q VLAN
+ or VLANs that this port trunks; if it is empty, then the port trunks
+ all VLANs. Must be empty if this is an access port.
</p>
<p>
- Frames arriving on trunk ports are dropped if they are not
- in one of the specified VLANs. For this purpose, packets
- that have no VLAN header are treated as part of VLAN 0.
+ A native-tagged or native-untagged port always trunks its native
+ VLAN, regardless of whether <ref column="trunks"/> includes that
+ VLAN.
</p>
</column>
</group>
connected to. <code>active</code> ports are allowed to initiate LACP
negotiations. <code>passive</code> ports are allowed to participate
in LACP negotiations initiated by a remote switch, but not allowed to
- initiate such negotiations themselves. If unset Open vSwitch will
- choose a reasonable default. </p>
+ initiate such negotiations themselves. Defaults to <code>off</code>
+ if unset. </p>
</column>
</group>
Key-value pairs for configuring rarely used port features. The
currently defined key-value pairs are:
<dl>
- <dt><code>hwaddr</code></dt>
- <dd>An Ethernet address in the form
- <code><var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var></code>.</dd>
<dt><code>bond-rebalance-interval</code></dt>
<dd>For an SLB bonded port, the number of milliseconds between
successive attempts to rebalance the bond, that is, to
(otherwise it will be the system default, typically 64).
Default is the system default TTL.</dd>
</dl>
+ <dl>
+ <dt><code>in_key</code></dt>
+ <dd>Optional. The WSI key that received packets must contain.
+ It may either be a 64-bit number (no key and a key of 0 are
+ treated as equivalent) or the word <code>flow</code>. If
+ <code>flow</code> is specified then any key will be accepted
+ and the key will be placed in the <code>tun_id</code> field
+ for matching in the flow table. The ovs-ofctl manual page
+ contains additional information about matching fields in
+ OpenFlow flows. Default is no key.</dd>
+ </dl>
+ <dl>
+ <dt><code>out_key</code></dt>
+ <dd>Optional. The WSI key to be set on outgoing packets. It may
+ either be a 64-bit number or the word <code>flow</code>. If
+ <code>flow</code> is specified then the key may be set using
+ the <code>set_tunnel</code> Nicira OpenFlow vendor extension (0
+ is used in the absence of an action). The ovs-ofctl manual
+ page contains additional information about the Nicira OpenFlow
+ vendor extensions. Default is no key.</dd>
+ </dl>
+ <dl>
+ <dt><code>key</code></dt>
+ <dd>Optional. Shorthand to set <code>in_key</code> and
+ <code>out_key</code> at the same time.</dd>
+ </dl>
<dl>
<dt><code>df_inherit</code></dt>
<dd>Optional. If enabled, the Don't Fragment bit will be copied
configurable transmission interval.
</p>
+ <p>
+ According to the 802.1ag specification, each Maintenance Point should
+ be configured out-of-band with a list of Remote Maintenance Points it
+ should have connectivity to. Open vSwitch differs from the
+ specification in this area. It simply assumes the link is faulted if
+ no Remote Maintenance Points are reachable, and considers it not
+ faulted otherwise.
+ </p>
+
<column name="cfm_mpid">
A Maintenance Point ID (MPID) uniquely identifies each endpoint within
a Maintenance Association. The MPID is used to identify this endpoint
CFM on this <ref table="Interface"/>.
</column>
- <column name="cfm_remote_mpid">
- The MPID of the remote endpoint being monitored. If this
- <ref table="Interface"/> does not have connectivity to an endpoint
- advertising the configured MPID, a fault is signalled. Must be
- configured to enable CFM on this <ref table="Interface"/>
+ <column name="cfm_fault">
+ <p>
+ Indicates a connectivity fault triggered by an inability to receive
+ heartbeats from any remote endpoint. When a fault is triggered on
+ <ref table="Interface"/>s participating in bonds, they will be
+ disabled.
+ </p>
+ <p>
+ Faults can be triggered for several reasons. Most importantly they
+ are triggered when no CCMs are received for a period of 3.5 times the
+ transmission interval. Faults are also triggered when any CCMs
+ indicate that a Remote Maintenance Point is not receiving CCMs but
+ able to send them. Finally, a fault is triggered if a CCM is
+ received which indicates unexpected configuration. Notably, this
+ case arises when a CCM is received which advertises the local MPID.
+ </p>
</column>
- <column name="cfm_fault">
- Indicates a connectivity fault triggered by an inability to receive
- heartbeats from the remote endpoint. When a fault is triggered on
- <ref table="Interface"/>s participating in bonds, they will be
- disabled.
+ <column name="cfm_remote_mpids">
+ When CFM is properly configured, Open vSwitch will occasionally
+ receive CCM broadcasts. These broadcasts contain the MPID of the
+ sending Maintenance Point. The list of MPIDs from which this
+ <ref table="Interface"/> is receiving broadcasts from is regularly
+ collected and written to this column.
</column>
</group>
<dd> The transmission interval of CFM heartbeats in milliseconds.
Three missed heartbeat receptions indicate a connectivity fault.
Defaults to 1000ms. </dd>
+ <dt><code>cfm_extended</code></dt>
+ <dd> When true, the CFM module operates in extended mode. This causes
+ it to use a nonstandard destination address to avoid conflicting
+ with compliant implementations which may be running concurrently on
+ the network. Furthermore, extended mode increases the accuracy of
+ the <code>cfm_interval</code> configuration parameter by breaking
+ wire compatibility with 802.1ag compliant implementations.
+ Defaults to false.</dd>
<dt><code>bond-stable-id</code></dt>
<dd> A positive integer using in <code>stable</code> bond mode to
make slave selection decisions. Allocating
</column>
</table>
- <table name="Mirror" title="Port mirroring (SPAN/RSPAN).">
+ <table name="Mirror" title="Port mirroring (SPAN/RSPAN/ERSPAN).">
<p>A port mirror within a <ref table="Bridge"/>.</p>
<p>A port mirror configures a bridge to send selected frames to special
- ``mirrored'' ports, in addition to their normal destinations. Mirroring
- traffic may also be referred to as SPAN or RSPAN, depending on the
- mechanism used for delivery.</p>
+ ``mirrored'' ports, in addition to their normal destinations. Mirroring
+ traffic may also be referred to as SPAN, RSPAN, or ERSPAN, depending on how
+ the mirrored traffic is sent.</p>
<column name="name">
Arbitrary identifier for the <ref table="Mirror"/>.
<column name="output_port">
<p>Output port for selected packets, if nonempty.</p>
<p>Specifying a port for mirror output reserves that port exclusively
- for mirroring. No frames other than those selected for mirroring
- will be forwarded to the port, and any frames received on the port
- will be discarded.</p>
- <p>This type of mirroring is sometimes called SPAN.</p>
+ for mirroring. No frames other than those selected for mirroring
+ will be forwarded to the port, and any frames received on the port
+ will be discarded.</p>
+ <p>
+ The output port may be any kind of port supported by Open vSwitch.
+ It may be, for example, a physical port (sometimes called SPAN), or a
+ GRE tunnel (sometimes called ERSPAN).
+ </p>
</column>
<column name="output_vlan">
Open vSwitch is being used as an intermediate switch, learning can be
disabled by adding the mirrored VLAN to <ref column="flood_vlans"/>
in the appropriate <ref table="Bridge"/> table or tables.</p>
+ <p>
+ Mirroring to a GRE tunnel has fewer caveats than mirroring to a
+ VLAN and should generally be preferred.
+ </p>
</column>
</group>
projects / openvswitch / blobdiff