X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=vswitchd%2Fovs-vswitchd.conf.5.in;h=e7a1739711da8d84db41b5dd2e517f5ed4f51841;hb=55bc65533fe868666f6ea8539f2a1b30da964abf;hp=00a0d1eb27ebdba64536b8e414c719ba28e6431c;hpb=f30f26bef42da4b9a81e8363152563f5f0915aca;p=openvswitch

diff --git a/vswitchd/ovs-vswitchd.conf.5.in b/vswitchd/ovs-vswitchd.conf.5.in
index 00a0d1eb..e7a17397 100644
--- a/vswitchd/ovs-vswitchd.conf.5.in
+++ b/vswitchd/ovs-vswitchd.conf.5.in
@@ -50,8 +50,7 @@ configure \fBovs\-vswitchd\fR.
 .SS "Bridge Configuration"
 A bridge (switch) with a given \fIname\fR is configured by specifying
 the names of its network devices as values for key
-\fBbridge.\fIname\fB.port\fR.  (The specified \fIname\fR may not begin
-with \fBdp\fR or \fBnl:\fR followed by a digit.)
+\fBbridge.\fIname\fB.port\fR.
 .PP
 The names given on \fBbridge.\fIname\fB.port\fR must be the names of
 existing network devices, except for ``internal ports.''  An internal
@@ -72,11 +71,23 @@ in the bridge, by specifying it as one of the values for key
 included, then its MAC address is by default the lowest-numbered MAC
 address among the other bridge ports, ignoring other internal ports
 and bridge ports that are
-used as port mirroring destinations (see \fBPort Mirroring\fR, below).  To
-use a specific MAC address instead, set \fBbridge.\fIname\fB.mac\fR to
-a MAC address in the format
+used as port mirroring destinations (see \fBPort Mirroring\fR, below).
+For this purpose, the MAC of a bonded port (see \fBNetwork Device
+Bonding\fR, below) is by default the MAC of its slave whose name is first in
+alphabetical order.
+There are two ways to modify this algorithm for selecting the MAC
+address of the local port:
+.IP \(bu
+To use a specific MAC address for the local port, set
+\fBbridge.\fIname\fB.mac\fR to a MAC address in the format
 \fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR, where each
-\fIx\fR is a hex digit.  If no valid MAC address can be determined
+\fIx\fR is a hex digit.
+.IP \(bu
+To override the MAC of a port for the purpose of this algorithm, set
+\fBport.\fIport\fB.mac\fR to a MAC address in the format described
+above.
+.PP
+If no valid MAC address can be determined
 either of these ways, then a MAC address is randomly generated.
 .PP
 The following syntax defines a bridge named \fBmybr\fR, configured
@@ -167,6 +178,10 @@ enabling or disabling an interface, set the value of
 \fBbonding.\fIname\fB.updelay\fR or
 \fBbonding.\fIname\fB.downdelay\fR, respectively, to a positive
 integer, interpreted in milliseconds.
+The \fBupdelay\fR setting is honored only when at least one bonded
+interface is already enabled.  When no interfaces are enabled, then
+the first bond interface to come up is enabled immediately.  The
+\fBdowndelay\fR setting is always honored.
 .PP
 The following syntax bonds \fBeth0\fR and \fBeth1\fR into a bonding
 device named \fBbond0\fR, which is added to bridge \fBmybr\fR along
@@ -251,6 +266,22 @@ a trunk port, the frame's VLAN tag will be set to \fIvid\fR, replacing
 any existing tag; when it is sent out an implicit VLAN port, the frame
 will not be tagged.  This type of mirroring may be referred to as
 RSPAN.
+.IP
+Please note that mirroring to a VLAN can disrupt a network that
+contains unmanaged switches.  Consider an unmanaged physical switch
+with two ports: port 1, connected to an end host, and port 2,
+connected to an Open vSwitch configured to mirror received packets
+into VLAN 123 on port 2.  Suppose that the end host sends a packet on
+port 1 that the physical switch forwards to port 2.  The Open vSwitch
+forwards this packet to its destination and then reflects it back on
+port 2 in VLAN 123.  This reflected packet causes the unmanaged
+physical switch to replace the MAC learning table entry, which
+correctly pointed to port 1, with one that incorrectly points to port
+2.  Afterward, the physical switch will direct packets destined for
+the end host to the Open vSwitch on port 2, instead of to the end host
+on port 1, disrupting connectivity.  If mirroring to a VLAN is desired
+in this scenario, then the physical switch must be replaced by one
+that learns Ethernet addresses on a per-VLAN basis.
 .ST "Example"
 The following \fBovs\-vswitchd\fR configuration copies all frames received
 on \fBeth1\fR or \fBeth2\fR to \fBeth3\fR.
@@ -314,8 +345,9 @@ NetFlow is a protocol that exports a number of details about terminating
 IP flows, such as the principals involved and duration.  A bridge may be 
 configured to send NetFlow v5 records to NetFlow collectors when flows 
 end.  To enable, define the key \fBnetflow.\fIbridge\fB.host\fR for each 
-collector in the form \fIhost\fB:\fIport\fR.  Records from \fIbridge\fR 
-will be sent to each \fIhost\fR on UDP \fIport\fR.
+collector in the form \fIip\fB:\fIport\fR.  Records from \fIbridge\fR 
+will be sent to each \fIip\fR on UDP \fIport\fR.  The \fIip\fR must
+be specified numerically, not as a DNS name.
 
 The NetFlow messages will use the datapath index for the engine type and id.  
 This can be overridden with the \fBnetflow.\fIbridge\fB.engine-type\fR and 
@@ -347,20 +379,19 @@ supports the OpenFlow Management Protocol, such as NOX.  This
 functionality is enabled by setting the key \fBmgmt.controller\fR to one 
 of the following values:
 .
-.TP
-\fBssl:\fIhost\fR[\fB:\fIport\fR]
-The specified SSL \fIport\fR (default: 6633) on the given remote
-\fIhost\fR.  SSL must be configured when this form is used (see \fBSSL
+.IP "\fBssl:\fIip\fR[\fB:\fIport\fR]"
+The specified SSL \fIport\fR (default: 6633) on the host at the given
+\fIip\fR, which must be expressed as an IP address (not a DNS name).
+SSL must be configured when this form is used (see \fBSSL
 Configuration\fR, below).
 .
-.TP
-\fBtcp:\fIhost\fR[\fB:\fIport\fR]
-The specified TCP \fIport\fR (default: 6633) on the given remote
-\fIhost\fR.
+.IP "\fBtcp:\fIip\fR[\fB:\fIport\fR]"
+The specified TCP \fIport\fR (default: 6633) on the host at the given
+\fIip\fR, which must be expressed as an IP address (not a DNS name).
 .PP
 The maximum time between attempts to connect to the controller may be
 specified in integral seconds with the \fBmgmt.max-backoff\fR key.  The
-default maximum backoff is 15 seconds, and the minimum value is 1
+default maximum backoff is 8 seconds, and the minimum value is 1
 second.
 
 An inactivity probe may be configured with the \fBmgmt.inactivity-probe\fR
@@ -368,7 +399,7 @@ key.  If \fBovs\-vswitchd\fR does not communicate with the controller for the
 specified number of seconds, it will send a probe.  If a response is not
 received for an additional amount of that time, \fBovs\-vswitchd\fR assumes
 the connection has been broken and attempts to reconnect.  The default
-is 15 seconds, and the minimum value is 5 seconds.
+and minimum values are both 5 seconds.
 
 A management id may be specified with the \fBmgmt.id\fR key.  It takes
 an id in the form of exactly 12 hexadecimal digits.  If one is not
@@ -397,7 +428,7 @@ switch will perform all configured bridging and switching locally.
 .TP
 \fBdiscover\fR
 Use controller discovery to find the local OpenFlow controller.
-Refer to \fBsecchan\fR(8) for information on how to configure a DHCP
+Refer to \fB\ovs\-openflowd\fR(8) for information on how to configure a DHCP
 server to support controller discovery.  The following additional
 options control the discovery process:
 .
@@ -427,15 +458,16 @@ that it receives specifies one or more DNS servers.
 .RE
 .
 .TP
-\fBssl:\fIhost\fR[\fB:\fIport\fR]
-The specified SSL \fIport\fR (default: 6633) on the given remote
-\fIhost\fR.  SSL must be configured when this form is used (see \fBSSL
+\fBssl:\fIip\fR[\fB:\fIport\fR]
+The specified SSL \fIport\fR (default: 6633) on the host at the given
+\fIip\fR, which must be expressed as an IP address (not a DNS name).
+SSL must be configured when this form is used (see \fBSSL
 Configuration\fR, below).
 .
 .TP
-\fBtcp:\fIhost\fR[\fB:\fIport\fR]
-The specified TCP \fIport\fR (default: 6633) on the given remote
-\fIhost\fR.
+\fBtcp:\fIip\fR[\fB:\fIport\fR]
+The specified TCP \fIport\fR (default: 6633) on the host at the given
+\fIip\fR, which must be expressed as an IP address (not a DNS name).
 .
 .TP
 \fBunix:\fIfile\fR
@@ -455,7 +487,7 @@ not in use, the following additional settings are honored:
 By default, or if this is set to \fBtrue\fR, \fBovs\-vswitchd\fR connects
 to the controller in-band.  If this is set to \fBfalse\fR,
 \fBovs\-vswitchd\fR connects to the controller out-of-band.  Refer to
-\fBsecchan\fR(8) for a description of in-band and out-of-band control.
+\fBovs\-openflowd\fR(8) for a description of in-band and out-of-band control.
 .IP "\fBbridge.\fIname\fB.controller.ip=\fIip\fR"
 If specified, the IP address to configure on the bridge's local port.
 .IP "\fBbridge.\fIname\fB.controller.netmask=\fInetmask\fR"
@@ -477,7 +509,7 @@ When the switch is connected to the controller, it waits for a
 message to be received from the controller for \fIsecs\fR seconds
 before it sends a inactivity probe to the controller.  After sending
 the inactivity probe, if no response is received for an additional
-\fIsecs\fR seconds, the secure channel assumes that the connection has
+\fIsecs\fR seconds, \fBovs-vswitchd\fR assumes that the connection has
 been broken and attempts to reconnect.
 .IP
 Changing the inactivity probe interval also changes the interval
@@ -491,7 +523,8 @@ the connection to the controller stays down long enough, no packets
 can pass through the switch at all.
 .IP
 The first of these that is set takes effect.
-If the value is \fBstandalone\fR, \fBovs\-vswitchd\fR will take over
+If the value is \fBstandalone\fR, or if neither of these settings
+is set, \fBovs\-vswitchd\fR will take over
 responsibility for setting up
 flows when no message has been received from the controller for three
 times the inactivity probe interval (see above).  In this mode,
@@ -500,9 +533,8 @@ MAC-learning switch.  \fBovs\-vswitchd\fR will continue to retry connecting
 to the controller in the background and, when the connection succeeds,
 it discontinues its standalone behavior.
 .IP
-If this option is set to \fBsecure\fR, or if neither of these settings
-is set, \fBovs\-vswitchd\fR will not set up flows on its own when the
-controller connection fails.
+If this option is set to \fBsecure\fR, \fBovs\-vswitchd\fR will not
+set up flows on its own when the controller connection fails.
 .IP "\fBbridge.\fIname\fB.controller.max-backoff=\fIsecs\fR"
 Sets the maximum time between attempts to connect to the controller to
 \fIsecs\fR, which must be at least 1.  The actual interval between
@@ -514,6 +546,19 @@ These settings configure how the switch applies a ``token
 bucket'' to limit the rate at which packets in unknown flows are
 forwarded to the OpenFlow controller for flow-setup processing.  This
 feature prevents a single bridge from overwhelming a controller.
+.PP
+In addition, when a high rate triggers rate-limiting,
+\fBovs\-vswitchd\fR queues controller packets for each port and
+transmits them to the controller at the configured rate.  The number
+of queued packets is limited by a ``burst size'' parameter.  The
+packet queue is shared fairly among the ports on a bridge.
+.PP
+\fBovs\-vswitchd\fR maintains two such packet rate-limiters per
+bridge.  One of these applies to packets sent up to the controller
+because they do not correspond to any flow.  The other applies to
+packets sent up to the controller by request through flow actions.
+When both rate-limiters are filled with packets, the actual rate that
+packets are sent to the controller is up to twice the specified rate.
 .IP "\fBbridge.\fIname\fB.controller.rate-limit=\fIrate\fR"
 .IQ "\fBmgmt.rate-limit=\fIrate\fR"
 Limits the maximum rate at which packets will be forwarded to the