X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=vswitchd%2Fvswitch.xml;h=b3029eb2633241a7b5b29da10e0aa2e346922b79;hb=c1a543a8d6d2847983b6b0defd1e19777da85715;hp=500a0f967768a27b4b9573ecd72062b2b9cc3a8e;hpb=76ce9432393df462e2030036021ea60096a734d4;p=openvswitch
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index 500a0f96..b3029eb2 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -1,44 +1,59 @@
+
A database with this schema holds the configuration for one Open
- vSwitch daemon. The root of the configuration for the daemon is
- the table, which must have exactly one
+
+ A database with this schema holds the configuration for one Open
+ vSwitch daemon. The top-level configuration for the daemon is the
+ table, which must have exactly one
record. Records in other tables are significant only when they
- can be reached directly or indirectly from the
- table.
When a controller is configured, it is, ordinarily, responsible + for setting up all flows on the switch. Thus, if the connection to + the controller fails, no new network connections can be set up. + If the connection to the controller stays down long enough, + no packets can pass through the switch at all. This setting + determines the switch's response to such a situation. It may be set + to one of the following: +
standalone
secure
If this value is unset, the default is implementation-specific.
+When more than one controller is configured, + is considered only when none of the + configured controllers can be contacted.
network-uuids
bridge-id
xs-network-uuids
xe network-list
.datapath-id
disable-in-band
true
, disable in-band control on
+ the bridge regardless of controller and manager settings.hwaddr
in-band-queue
flow-eviction-threshold
A bridge port must be configured for VLANs in one of two mutually exclusive ways:
If nonempty, this port's implicitly tagged VLAN. Frames - arriving on trunk ports will be forwarded to this port only - if they are tagged with the given VLAN. Frames arriving on - other VLAN ports will be forwarded to this port only if they - have the same value. Frames forwarded - to this port will not have an 802.1Q header.
-When a frame with a 802.1Q header that indicates a nonzero VLAN is - received on an implicit VLAN port, it is discarded.
-Must be empty if this is a trunk port.
++ If this is an access port (see above), the port's implicitly + tagged VLAN. Must be empty if this is a trunk port. +
++ Frames arriving on trunk ports will be forwarded to this + port only if they are tagged with the given VLAN (or, if + is 0, then if they lack a VLAN header). + Frames arriving on other access ports will be forwarded to + this port only if they have the same + value. Frames forwarded to this port will not have an + 802.1Q header. +
++ When a frame with a 802.1Q header that indicates a nonzero + VLAN is received on an access port, it is discarded. +
The 802.1Q VLAN(s) that this port trunks. If the column is
- empty, then the port trunks all VLANs as well as packets that
- have no VLAN header. Otherwise, only frames that have an
- 802.1Q header with one of the specified VLANs are accepted.
- If 0
is included, then frames without an 802.1Q
- header are also accepted.
Must be empty unless this is a trunk port.
++ If this is a trunk port (see above), the 802.1Q VLAN(s) that + this port trunks; if it is empty, then the port trunks all + VLANs. Must be empty if this is an access port. +
++ Frames arriving on trunk ports are dropped if they are not + in one of the specified VLANs. For this purpose, packets + that have no VLAN header are treated as part of VLAN 0. +
A port that has more than one interface is a ``bonded port.'' - Bonding allows for load balancing and fail-over. Open vSwitch - supports ``source load balancing'' (SLB) bonding, which - assigns flows to slaves based on source MAC address, with - periodic rebalancing as traffic patterns change. This form of - bonding does not require 802.3ad or other special support from - the upstream switch to which the slave devices are - connected.
+A port that has more than one interface is a ``bonded port.'' Bonding + allows for load balancing and fail-over. Some kinds of bonding will + work with any kind of upstream switch:
+ +balance-slb
active-backup
+ The following modes require the upstream switch to support 802.3ad with
+ successful LACP negotiation. If LACP negotiation fails then
+ balance-slb
style flow hashing is used as a fallback:
+
balance-tcp
stable
Attempts to always assign a given flow to the same slave
+ consistently. In an effort to maintain stability, no load
+ balancing is done. Uses a similar hashing strategy to
+ balance-tcp
, always taking into account L3 and L4
+ fields even if LACP negotiations are unsuccessful.
Slave selection decisions are made based on if set. Otherwise,
+ OpenFlow port number is used. Decisions are consistent across all
+ ovs-vswitchd
instances with equivalent
+
+ values.
These columns apply only to bonded ports. Their values are otherwise ignored.
+The type of bonding used for a bonded port. Defaults to
+ balance-slb
if unset.
+
For a bonded port, the number of milliseconds for which carrier must stay up on an interface before the interface is considered to be up. @@ -247,9 +609,25 @@ name of the port. Use only for compatibility with legacy software that requires this.
Configures LACP on this port. LACP allows directly connected
+ switches to negotiate which links may be bonded. LACP may be enabled
+ on non-bonded ports for the benefit of any switches they may be
+ connected to. active
ports are allowed to initiate LACP
+ negotiations. passive
ports are allowed to participate
+ in LACP negotiations initiated by a remote switch, but not allowed to
+ initiate such negotiations themselves. If unset Open vSwitch will
+ choose a reasonable default.
fake-bridge-
,
- e.g. fake-bridge-network-uuids
.
+ + Key-value pairs for use by external frameworks that integrate with + Open vSwitch, rather than by Open vSwitch itself. System integrators + should either use the Open vSwitch development mailing list to + coordinate on common key-value definitions, or choose key names that + are likely to be unique. +
+
+ No key-value pairs native to are currently
+ defined. For fake bridges (see the
+ column), external IDs for the fake bridge are defined here by
+ prefixing a key with fake-bridge-
,
+ e.g. fake-bridge-xs-network-uuids
.
+
xx:xx:xx:xx:xx:xx
.bond-rebalance-interval
bond-detect-mode
carrier
and miimon
. Defaults
+ to carrier
which uses each interface's carrier to detect
+ failures. When set to miimon
, will check for failures
+ by polling each interface's MII. bond-miimon-interval
miimon
to detect failures. bond-hash-basis
lacp-system-id
lacp-system-priority
lacp-time
The LACP timing which should be used on this
+ . Possible values are fast
,
+ slow
and a positive number of milliseconds. By
+ default slow
is used. When configured to be
+ fast
LACP heartbeats are requested at a rate of once
+ per second causing connectivity problems to be detected more
+ quickly. In slow
mode, heartbeats are requested at
+ a rate of once every 30 seconds.
Users may manually set a heartbeat transmission rate to increase
+ the fault detection speed further. When manually set, OVS
+ expects the partner switch to be configured with the same
+ transmission rate. Manually setting lacp-time
to
+ something other than fast
or slow
is
+ not supported by the LACP specification.
lacp-heartbeat
Open vSwitch populates this column when the port number becomes known. If the interface is successfully added, will be set to a number between 1 and 65535 - (generally either in the range 1 to 65280, exclusive, or 65534, the + (generally either in the range 1 to 65279, inclusive, or 65534, the port number for the OpenFlow ``local port''). If the interface cannot be added then Open vSwitch sets this column to -1.
@@ -357,15 +788,130 @@tap
gre
remote_ip
, local_ip
, and
- in_key
. Note that if two ports are defined that are
- the same except one has an optional identifier and the other does
- not, the more specific one is matched first. in_key
- is considered more specific than local_ip
if a port
- defines one and another port defines the other. The arguments
- are:
+ remote_ip
local_ip
in_key
flow
. If
+ flow
is specified then any key will be accepted
+ and the key will be placed in the tun_id
field
+ for matching in the flow table. The ovs-ofctl manual page
+ contains additional information about matching fields in
+ OpenFlow flows. Default is no key.out_key
flow
. If
+ flow
is specified then the key may be set using
+ the set_tunnel
Nicira OpenFlow vendor extension (0
+ is used in the absence of an action). The ovs-ofctl manual
+ page contains additional information about the Nicira OpenFlow
+ vendor extensions. Default is no key.key
in_key
and
+ out_key
at the same time.tos
inherit
, in which case the ToS will be copied from
+ the inner packet if it is IPv4 or IPv6 (otherwise it will be
+ 0). Note that the ECN fields are always inherited. Default is
+ 0.ttl
inherit
, in which case the
+ TTL will be copied from the inner packet if it is IPv4 or IPv6
+ (otherwise it will be the system default, typically 64).
+ Default is the system default TTL.csum
true
to enable.df_inherit
true
to enable.df_default
df_inherit
option
+ is not set, or if the encapsulated packet is not IP. Default
+ is enabled; set to false
to disable.pmtud
false
to disable.header_cache
false
to disable.ipsec_gre
gre
) must be uniquely identified by the
+ combination of and
+ . Note that if two ports are
+ defined that are the same except one has an optional identifier and
+ the other does not, the more specific one is matched first.
+ An authentication method of
+ or must be defined. The
+ following options may be specified in the
+ column:
remote_ip
peer_cert
certificate
option.certificate
private_key
certificate
. If certificate
+ contains the private key, this option may be omitted.psk
in_key
flow
. If
flow
is specified then the key may be set using
the set_tunnel
Nicira OpenFlow vendor extension (0
- is used in the absense of an action). The ovs-ofctl manual
+ is used in the absence of an action). The ovs-ofctl manual
page contains additional information about the Nicira OpenFlow
vendor extensions. Default is no key.csum
false
to disable.true
to enable.df_inherit
true
to enable.df_default
df_inherit
option
+ is not set, or if the encapsulated packet is not IP. Default
+ is enabled; set to false
to disable.pmtud
false
to disable.capwap
remote_ip
local_ip
tos
inherit
, in which case the ToS will be copied from
+ the inner packet if it is IPv4 or IPv6 (otherwise it will be
+ 0). Note that the ECN fields are always inherited. Default is
+ 0.ttl
inherit
, in which case the
+ TTL will be copied from the inner packet if it is IPv4 or IPv6
+ (otherwise it will be the system default, typically 64).
+ Default is the system default TTL.df_inherit
true
to enable.df_default
df_inherit
option
+ is not set, or if the encapsulated packet is not IP. Default
+ is enabled; set to false
to disable.pmtud
false
to disable.false
to disable.header_cache
false
to disable.patch
peer
argument is required that indicates the name
- of the other side of the patch. Since a patch must work in
- pairs, a second patch interface must be declared with the
- name
and peer
arguments reversed.+ A pair of virtual devices that act as a patch cable. The column must have the following key-value pair: +
+ +null
Maximum burst size for data received on this interface, in kb. The
- default burst size if set to 0
is 1000 kb. This value
- has no effect if
- is 0
.
The burst size should be at least the size of the interface's - MTU.
++ Status information about interfaces attached to bridges, updated every + 5 seconds. Not all interfaces have all of these properties; virtual + interfaces don't have a link speed, for example. Non-applicable + columns will have empty values. +
++ The administrative state of the physical network link. +
Maximum rate for data received on this interface, in kbps. Data
- received faster than this rate is dropped. Set to 0
to
- disable policing.
The meaning of ``ingress'' is from Open vSwitch's perspective. If - configured on a physical interface, then it limits the rate at which - traffic is allowed into the system from the outside. If configured - on a virtual interface that is connected to a virtual machine, then - it limits the rate at which the guest is able to transmit.
++ The observed state of the physical network link. This is ordinarily + the link's carrier status. If the interface's is + a bond configured for miimon monitoring, it is instead the network + link's miimon status. +
Key-value pairs that identify this interface's role in external
- systems. All of the currently defined key-value pairs specifically
- apply to an interface that represents a virtual Ethernet interface
+
+ The negotiated speed of the physical network link.
+ Valid values are positive integers greater than 0.
+
+ The duplex mode of the physical network link.
+
+ The MTU (maximum transmission unit); i.e. the largest
+ amount of data that can fit into a single Ethernet frame.
+ The standard Ethernet MTU is 1500 bytes. Some physical media
+ and many kinds of virtual interfaces can be configured with
+ higher MTUs.
+
+ This column will be empty for an interface that does not
+ have an MTU as, for example, some kinds of tunnels do not.
+
+ Key-value pairs that report port status. Supported status values are
+ -dependent; some interfaces may not have a valid
+ , for example.
+ The currently defined key-value pairs are:
+
+ driver_name
+
+ driver_version
+
+ firmware_version
+
+ source_ip
gre
or capwap
.
+
+
+ tunnel_egress_iface
+ These settings control ingress policing for packets received on this + interface. On a physical interface, this limits the rate at which + traffic is allowed into the system from the outside; on a virtual + interface (one connected to a virtual machine), this limits the rate at + which the VM is able to transmit. +
++ Policing is a simple form of quality-of-service that simply drops + packets received in excess of the configured rate. Due to its + simplicity, policing is usually less accurate and less effective than + egress QoS (which is configured using the and tables). +
++ Policing is currently implemented only on Linux. The Linux + implementation uses a simple ``token bucket'' approach: +
++ Policing interacts badly with some network protocols, and especially + with fragmented IP packets. Suppose that there is enough network + activity to keep the bucket nearly empty all the time. Then this token + bucket algorithm will forward a single packet every so often, with the + period depending on packet size and on the configured rate. All of the + fragments of an IP packets are normally transmitted back-to-back, as a + group. In such a situation, therefore, only one of these fragments + will be forwarded and the rest will be dropped. IP does not provide + any way for the intended recipient to ask for only the remaining + fragments. In such a case there are two likely possibilities for what + will happen next: either all of the fragments will eventually be + retransmitted (as TCP will do), in which case the same problem will + recur, or the sender will not realize that its packet has been dropped + and data will simply be lost (as some UDP-based protocols will do). + Either way, it is possible that no forward progress will ever occur. +
+
+ Maximum rate for data received on this interface, in kbps. Data
+ received faster than this rate is dropped. Set to 0
+ (the default) to disable policing.
+
Maximum burst size for data received on this interface, in kb. The
+ default burst size if set to 0
is 1000 kb. This value
+ has no effect if
+ is 0
.
+ Specifying a larger burst size lets the algorithm be more forgiving, + which is important for protocols like TCP that react severely to + dropped packets. The burst size should be at least the size of the + interface's MTU. Specifying a value that is numerically at least as + large as 10% of helps TCP come + closer to achieving the full rate. +
++ 802.1ag Connectivity Fault Management (CFM) allows a group of + Maintenance Points (MPs) called a Maintenance Association (MA) to + detect connectivity problems with each other. MPs within a MA should + have complete and exclusive interconnectivity. This is verified by + occasionally broadcasting Continuity Check Messages (CCMs) at a + configurable transmission interval. +
+ +attached-mac
MAC
+ field in the VIF record for this interface.iface-id
+ Additionally the following key-value pairs specifically
+ apply to an interface that represents a virtual Ethernet interface
connected to a virtual machine. These key-value pairs should not be
present for other types of interfaces. Keys whose names end
in -uuid
have values that uniquely identify the entity
in question. For a Citrix XenServer hypervisor, these values are
UUIDs in RFC 4122 format. Other hypervisors may use other
- formats.
The currently defined key-value pairs are:
+ formats. + +The currently defined key-value pairs for XenServer are:
vif-uuid
xs-vif-uuid
network-uuid
xs-network-uuid
vm-uuid
xs-vm-uuid
vif-mac
MAC
- field in the VIF record for this interface.cfm_interval
bond-stable-id
stable
bond mode to
+ make slave selection decisions. Allocating
+ values
+ consistently across interfaces participating in a bond will
+ guarantee consistent slave selection decisions across
+ ovs-vswitchd
instances when using stable
+ bonding mode.lacp-port-id
lacp-port-priority
lacp-aggregation-key
+ Key-value pairs that report interface statistics. The current
+ implementation updates these counters periodically. In the future,
+ we plan to, instead, update them when an interface is created, when
+ they are queried (e.g. using an OVSDB select
operation),
+ and just before an interface is deleted due to virtual interface
+ hot-unplug or VM shutdown, and perhaps at other times, but not on any
+ regular periodic basis.
+ The currently defined key-value pairs are listed below. These are
+ the same statistics reported by OpenFlow in its struct
+ ofp_port_stats
structure. If an interface does not support a
+ given statistic, then that pair is omitted.
rx_packets
rx_bytes
tx_packets
tx_bytes
rx_dropped
rx_frame_err
rx_over_err
rx_crc_err
rx_errors
tx_dropped
collisions
tx_errors