</column>
<group title="VLAN Configuration">
- <p>A bridge port must be configured for VLANs in one of two
- mutually exclusive ways:
- <ul>
- <li>A ``trunk port'' has an empty value for <ref
- column="tag"/>. Its <ref column="trunks"/> value may be
- empty or non-empty.</li>
- <li>An ``implicitly tagged VLAN port'' or ``access port''
- has an nonempty value for <ref column="tag"/>. Its
- <ref column="trunks"/> value must be empty.</li>
- </ul>
- If <ref column="trunks"/> and <ref column="tag"/> are both
- nonempty, the configuration is ill-formed.
+ <p>Bridge ports support the following types of VLAN configuration:</p>
+ <dl>
+ <dt>trunk</dt>
+ <dd>
+ <p>
+ A trunk port carries packets on one or more specified VLANs
+ specified in the <ref column="trunks"/> column (often, on every
+ VLAN). A packet that ingresses on a trunk port is in the VLAN
+ specified in its 802.1Q header, or VLAN 0 if the packet has no
+ 802.1Q header. A packet that egresses through a trunk port will
+ have a 802.1Q header if it has a nonzero VLAN ID (or a nonzero
+ 802.1Q priority).
+ </p>
+
+ <p>
+ Any packet that ingresses on a trunk port tagged with a VLAN that
+ the port does not trunk is dropped.
+ </p>
+ </dd>
+
+ <dt>access</dt>
+ <dd>
+ <p>
+ An access port carries packets on exactly one VLAN specified in the
+ <ref column="tag"/> column. Packets ingressing and egressing on an
+ access port have no 802.1Q header.
+ </p>
+
+ <p>
+ Any packet with an 802.1Q header that ingresses on an access port
+ is dropped, regardless of whether the VLAN ID in the header is the
+ access port's VLAN ID.
+ </p>
+ </dd>
+
+ <dt>native-tagged</dt>
+ <dd>
+ A native-tagged port resembles a trunk port, with the exception that
+ a packet without an 802.1Q header that ingresses on a native-tagged
+ port is in the ``native VLAN'' (specified in the <ref column="tag"/>
+ column).
+ </dd>
+
+ <dt>native-untagged</dt>
+ <dd>
+ A native-untagged port resembles a native-tagged port, with the
+ exception that a packet that egresses on a native-untagged port in
+ the native VLAN not have an 802.1Q header.
+ </dd>
+ </dl>
+ <p>
+ A packet will only egress through bridge ports that carry the VLAN of
+ the packet, as described by the rules above.
</p>
- <column name="tag">
+ <column name="vlan_mode">
<p>
- If this is an access port (see above), the port's implicitly
- tagged VLAN. Must be empty if this is a trunk port.
- </p>
- <p>
- Frames arriving on trunk ports will be forwarded to this
- port only if they are tagged with the given VLAN (or, if
- <ref column="tag"/> is 0, then if they lack a VLAN header).
- Frames arriving on other access ports will be forwarded to
- this port only if they have the same <ref column="tag"/>
- value. Frames forwarded to this port will not have an
- 802.1Q header.
+ The VLAN mode of the port, as described above. When this column is
+ empty, a default mode is selected as follows:
</p>
+ <ul>
+ <li>
+ If <ref column="tag"/> contains a value, the port is an access
+ port. The <ref column="trunks"/> column should be empty.
+ </li>
+ <li>
+ Otherwise, the port is a trunk port. The <ref column="trunks"/>
+ column value is honored if it is present.
+ </li>
+ </ul>
+ </column>
+
+ <column name="tag">
<p>
- When a frame with a 802.1Q header that indicates a nonzero
- VLAN is received on an access port, it is discarded.
+ For an access port, the port's implicitly tagged VLAN. For a
+ native-tagged or native-untagged port, the port's native VLAN. Must
+ be empty if this is a trunk port.
</p>
</column>
<column name="trunks">
<p>
- If this is a trunk port (see above), the 802.1Q VLAN(s) that
- this port trunks; if it is empty, then the port trunks all
- VLANs. Must be empty if this is an access port.
+ For a trunk, native-tagged, or native-untagged port, the 802.1Q VLAN
+ or VLANs that this port trunks; if it is empty, then the port trunks
+ all VLANs. Must be empty if this is an access port.
</p>
<p>
- Frames arriving on trunk ports are dropped if they are not
- in one of the specified VLANs. For this purpose, packets
- that have no VLAN header are treated as part of VLAN 0.
+ A native-tagged or native-untagged port always trunks its native
+ VLAN, regardless of whether <ref column="trunks"/> includes that
+ VLAN.
</p>
</column>
</group>
(otherwise it will be the system default, typically 64).
Default is the system default TTL.</dd>
</dl>
+ <dl>
+ <dt><code>in_key</code></dt>
+ <dd>Optional. The WSI key that received packets must contain.
+ It may either be a 64-bit number (no key and a key of 0 are
+ treated as equivalent) or the word <code>flow</code>. If
+ <code>flow</code> is specified then any key will be accepted
+ and the key will be placed in the <code>tun_id</code> field
+ for matching in the flow table. The ovs-ofctl manual page
+ contains additional information about matching fields in
+ OpenFlow flows. Default is no key.</dd>
+ </dl>
+ <dl>
+ <dt><code>out_key</code></dt>
+ <dd>Optional. The WSI key to be set on outgoing packets. It may
+ either be a 64-bit number or the word <code>flow</code>. If
+ <code>flow</code> is specified then the key may be set using
+ the <code>set_tunnel</code> Nicira OpenFlow vendor extension (0
+ is used in the absence of an action). The ovs-ofctl manual
+ page contains additional information about the Nicira OpenFlow
+ vendor extensions. Default is no key.</dd>
+ </dl>
+ <dl>
+ <dt><code>key</code></dt>
+ <dd>Optional. Shorthand to set <code>in_key</code> and
+ <code>out_key</code> at the same time.</dd>
+ </dl>
<dl>
<dt><code>df_inherit</code></dt>
<dd>Optional. If enabled, the Don't Fragment bit will be copied
configurable transmission interval.
</p>
+ <p>
+ According to the 802.1ag specification, each Maintenance Point should
+ be configured out-of-band with a list of Remote Maintenance Points it
+ should have connectivity to. Open vSwitch differs from the
+ specification in this area. It simply assumes the link is faulted if
+ no Remote Maintenance Points are reachable, and considers it not
+ faulted otherwise.
+ </p>
+
<column name="cfm_mpid">
A Maintenance Point ID (MPID) uniquely identifies each endpoint within
a Maintenance Association. The MPID is used to identify this endpoint
CFM on this <ref table="Interface"/>.
</column>
- <column name="cfm_remote_mpid">
- The MPID of the remote endpoint being monitored. If this
- <ref table="Interface"/> does not have connectivity to an endpoint
- advertising the configured MPID, a fault is signalled. Must be
- configured to enable CFM on this <ref table="Interface"/>
+ <column name="cfm_fault">
+ <p>
+ Indicates a connectivity fault triggered by an inability to receive
+ heartbeats from any remote endpoint. When a fault is triggered on
+ <ref table="Interface"/>s participating in bonds, they will be
+ disabled.
+ </p>
+ <p>
+ Faults can be triggered for several reasons. Most importantly they
+ are triggered when no CCMs are received for a period of 3.5 times the
+ transmission interval. Faults are also triggered when any CCMs
+ indicate that a Remote Maintenance Point is not receiving CCMs but
+ able to send them. Finally, a fault is triggered if a CCM is
+ received which indicates unexpected configuration. Notably, this
+ case arises when a CCM is received which advertises the local MPID.
+ </p>
</column>
- <column name="cfm_fault">
- Indicates a connectivity fault triggered by an inability to receive
- heartbeats from the remote endpoint. When a fault is triggered on
- <ref table="Interface"/>s participating in bonds, they will be
- disabled.
+ <column name="cfm_remote_mpids">
+ When CFM is properly configured, Open vSwitch will occasionally
+ receive CCM broadcasts. These broadcasts contain the MPID of the
+ sending Maintenance Point. The list of MPIDs from which this
+ <ref table="Interface"/> is receiving broadcasts from is regularly
+ collected and written to this column.
</column>
</group>
<dd> The transmission interval of CFM heartbeats in milliseconds.
Three missed heartbeat receptions indicate a connectivity fault.
Defaults to 1000ms. </dd>
+ <dt><code>cfm_extended</code></dt>
+ <dd> When true, the CFM module operates in extended mode. This causes
+ it to use a nonstandard destination address to avoid conflicting
+ with compliant implementations which may be running concurrently on
+ the network. Furthermore, extended mode increases the accuracy of
+ the <code>cfm_interval</code> configuration parameter by breaking
+ wire compatibility with 802.1ag compliant implementations.
+ Defaults to false.</dd>
<dt><code>bond-stable-id</code></dt>
<dd> A positive integer using in <code>stable</code> bond mode to
make slave selection decisions. Allocating