X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=vswitchd%2Fvswitch.xml;h=b9d8aaa9f3249d3a5f53e9366b2f0e72e4f47271;hb=92467099ee05b930b060d34d05b81bb1322e6fbf;hp=cc81643d0511654c9b8437ec81b49a08df52644c;hpb=c1c9c9c4b636ab2acf2f75024c282a9a497ca9a9;p=openvswitch
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index cc81643d..b9d8aaa9 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -15,12 +15,6 @@
Set of bridges managed by the daemon.
-
- Default OpenFlow set used by bridges. May be
- overridden on a per-bridge basis by the column in .
-
-
Remote database clients to which the Open vSwitch's database server
should connect or to which it should listen.
@@ -31,14 +25,27 @@
- Key-value pairs that identify this Open vSwitch's role in
- external systems. The currently defined key-value pairs are:
+ Key-value pairs for use by external frameworks that integrate
+ with Open vSwitch, rather than by Open vSwitch itself. System
+ integrators should either use the Open vSwitch development
+ mailing list to coordinate on common key-value definitions, or
+ choose key names that are likely to be unique. The currently
+ defined common key-value pairs are:
- system-uuid
- - A universally unique identifier for the Open vSwitch's
- physical host. The form of the identifier depends on the
- type of the host. On a Citrix XenServer, this is the host
- UUID displayed by, e.g.,
xe host-list
.
+ system-type
+ - An identifier for the switch type, such as
+
XenServer
or KVM
.
+ system-version
+ - The version of the switch software, such as
+
5.6.0
on XenServer.
+ system-id
+ - A unique identifier for the Open vSwitch's physical host.
+ The form of the identifier depends on the type of the host.
+ On a Citrix XenServer, this will likely be the same as
+
xs-system-uuid
.
+ xs-system-uuid
+ - The Citrix XenServer universally unique identifier for the
+ physical host as displayed by
xe host-list
.
@@ -64,6 +71,26 @@
capability categories and the meaning of associated
records.
+
+
+
+ Key-value pairs that report statistics about a running Open_vSwitch
+ daemon. The current implementation updates these counters
+ periodically. In the future, we plan to, instead, update them only
+ when they are queried (e.g. using an OVSDB select
+ operation) and perhaps at other times, but not on any regular
+ periodic basis.
+
+ The currently defined key-value pairs are listed below. Some Open
+ vSwitch implementations may not support some statistics, in which
+ case those key-value pairs are omitted.
+
+ load-average
+ -
+ System load average multiplied by 100 and rounded to the nearest
+ integer.
+
+
@@ -112,11 +139,40 @@
- OpenFlow controller set. If unset, defaults to the set of
- controllers specified by in the
- table. If the default is also unset, then no OpenFlow
- controllers will be used.
+ OpenFlow controller set. If unset, then no OpenFlow controllers
+ will be used.
+
+
+
+ When a controller is configured, it is, ordinarily, responsible
+ for setting up all flows on the switch. Thus, if the connection to
+ the controller fails, no new network connections can be set up.
+ If the connection to the controller stays down long enough,
+ no packets can pass through the switch at all. This setting
+ determines the switch's response to such a situation. It may be set
+ to one of the following:
+
+ standalone
+ - If no message is received from the controller for three
+ times the inactivity probe interval
+ (see
), then Open vSwitch
+ will take over responsibility for setting up flows. In
+ this mode, Open vSwitch causes the bridge to act like an
+ ordinary MAC-learning switch. Open vSwitch will continue
+ to retry connecting to the controller in the background
+ and, when the connection succeeds, it will discontinue its
+ standalone behavior.
+ secure
+ - Open vSwitch will not set up flows on its own when the
+ controller connection fails or when no controllers are
+ defined. The bridge will continue to retry connecting to
+ any defined controllers forever.
+
+
+ If this value is unset, the default is implementation-specific.
+ When more than one controller is configured,
+ is considered only when none of the
+ configured controllers can be contacted.
@@ -135,14 +191,20 @@
- Key-value pairs that identify this bridge's role in external systems.
- The currently defined key-value pairs are:
+ Key-value pairs for use by external frameworks that integrate
+ with Open vSwitch, rather than by Open vSwitch itself. System
+ integrators should either use the Open vSwitch development
+ mailing list to coordinate on common key-value definitions, or
+ choose key names that are likely to be unique. The currently
+ defined key-value pairs are:
- network-uuids
+ bridge-id
+ - A unique identifier of the bridge. On Citrix XenServer this
+ will commonly be the same as
xs-network-uuids
.
+ xs-network-uuids
- Semicolon-delimited set of universally unique identifier(s) for
- the network with which this bridge is associated. The form of the
- identifier(s) depends on the type of the host. On a Citrix
- XenServer host, the network identifiers are RFC 4122 UUIDs as
+ the network with which this bridge is associated on a Citrix
+ XenServer host. The network identifiers are RFC 4122 UUIDs as
displayed by, e.g.,
xe network-list
.
@@ -191,37 +253,48 @@
A bridge port must be configured for VLANs in one of two
mutually exclusive ways:
- - A ``trunk port'' has an empty value for
-
and a possibly non-empty
- value.
+ - A ``trunk port'' has an empty value for
. Its value may be
+ empty or non-empty.
- An ``implicitly tagged VLAN port'' or ``access port''
- has an nonempty value for
and an empty
- value.
+ has an nonempty value for . Its
+ value must be empty.
If and are both
nonempty, the configuration is ill-formed.
- If nonempty, this port's implicitly tagged VLAN. Frames
- arriving on trunk ports will be forwarded to this port only
- if they are tagged with the given VLAN. Frames arriving on
- other VLAN ports will be forwarded to this port only if they
- have the same value. Frames forwarded
- to this port will not have an 802.1Q header.
- When a frame with a 802.1Q header that indicates a nonzero VLAN is
- received on an implicit VLAN port, it is discarded.
- Must be empty if this is a trunk port.
+
+ If this is an access port (see above), the port's implicitly
+ tagged VLAN. Must be empty if this is a trunk port.
+
+
+ Frames arriving on trunk ports will be forwarded to this
+ port only if they are tagged with the given VLAN (or, if
+ is 0, then if they lack a VLAN header).
+ Frames arriving on other access ports will be forwarded to
+ this port only if they have the same
+ value. Frames forwarded to this port will not have an
+ 802.1Q header.
+
+
+ When a frame with a 802.1Q header that indicates a nonzero
+ VLAN is received on an access port, it is discarded.
+
- The 802.1Q VLAN(s) that this port trunks. If the column is
- empty, then the port trunks all VLANs as well as packets that
- have no VLAN header. Otherwise, only frames that have an
- 802.1Q header with one of the specified VLANs are accepted.
- If 0
is included, then frames without an 802.1Q
- header are also accepted.
- Must be empty unless this is a trunk port.
+
+ If this is a trunk port (see above), the 802.1Q VLAN(s) that
+ this port trunks; if it is empty, then the port trunks all
+ VLANs. Must be empty if this is an access port.
+
+
+ Frames arriving on trunk ports are dropped if they are not
+ in one of the specified VLANs. For this purpose, packets
+ that have no VLAN header are treated as part of VLAN 0.
+
@@ -278,13 +351,21 @@
- Key-value pairs that identify this port's role in external systems. No
- key-value pairs native to are currently defined.
- For fake bridges (see the column), external
- IDs for the fake bridge are defined here by prefixing a
- key
- with fake-bridge-
,
- e.g. fake-bridge-network-uuids
.
+
+ Key-value pairs for use by external frameworks that integrate with
+ Open vSwitch, rather than by Open vSwitch itself. System integrators
+ should either use the Open vSwitch development mailing list to
+ coordinate on common key-value definitions, or choose key names that
+ are likely to be unique.
+
+
+ No key-value pairs native to are currently
+ defined. For fake bridges (see the
+ column), external IDs for the fake bridge are defined here by
+ prefixing a key with fake-bridge-
,
+ e.g. fake-bridge-xs-network-uuids
.
+
@@ -372,15 +453,15 @@
tap
A TUN/TAP device managed by Open vSwitch.
gre
- An Ethernet over RFC 1702 Generic Routing Encapsulation over IPv4
+ An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4
tunnel. Each tunnel must be uniquely identified by the
combination of remote_ip
, local_ip
, and
in_key
. Note that if two ports are defined that are
the same except one has an optional identifier and the other does
not, the more specific one is matched first. in_key
is considered more specific than local_ip
if a port
- defines one and another port defines the other. The arguments
- are:
+ defines one and another port defines the other. The following
+ options may be specified in the column:
remote_ip
- Required. The tunnel endpoint.
@@ -407,7 +488,7 @@
either be a 32-bit number or the word flow
. If
flow
is specified then the key may be set using
the set_tunnel
Nicira OpenFlow vendor extension (0
- is used in the absense of an action). The ovs-ofctl manual
+ is used in the absence of an action). The ovs-ofctl manual
page contains additional information about the Nicira OpenFlow
vendor extensions. Default is no key.
@@ -435,9 +516,69 @@
csum
- - Optional. Compute GRE checksums for outgoing packets and
- require checksums for incoming packets. Default is enabled,
- set to
false
to disable.
+ - Optional. Compute GRE checksums on outgoing packets.
+ Checksums present on incoming packets will be validated
+ regardless of this setting. Note that GRE checksums
+ impose a significant performance penalty as they cover the
+ entire packet. As the contents of the packet is typically
+ covered by L3 and L4 checksums, this additional checksum only
+ adds value for the GRE and encapsulated Ethernet headers.
+ Default is disabled, set to
true
to enable.
+
+
+ pmtud
+ - Optional. Enable tunnel path MTU discovery. If enabled
+ ``ICMP destination unreachable - fragmentation'' needed
+ messages will be generated for IPv4 packets with the DF bit set
+ and IPv6 packets above the minimum MTU if the packet size
+ exceeds the path MTU minus the size of the tunnel headers. It
+ also forces the encapsulating packet DF bit to be set (it is
+ always set if the inner packet implies path MTU discovery).
+ Note that this option causes behavior that is typically
+ reserved for routers and therefore is not entirely in
+ compliance with the IEEE 802.1D specification for bridges.
+ Default is enabled, set to
false
to disable.
+
+
+ capwap
+ Ethernet tunneling over the UDP transport portion of CAPWAP
+ (RFC 5415). This allows interoperability with certain switches
+ where GRE is not available. Note that only the tunneling component
+ of the protocol is implemented. Due to the non-standard use of
+ CAPWAP, UDP ports 58881 and 58882 are used as the source and
+ destinations ports respectivedly. Each tunnel must be uniquely
+ identified by the combination of remote_ip
and
+ local_ip
. If two ports are defined that are the same
+ except one includes local_ip
and the other does not,
+ the more specific one is matched first. CAPWAP support is not
+ available on all platforms. Currently it is only supported in the
+ Linux kernel module with kernel versions >= 2.6.25. The following
+ options may be specified in the column:
+
+ remote_ip
+ - Required. The tunnel endpoint.
+
+
+ local_ip
+ - Optional. The destination IP that received packets must
+ match. Default is to match all addresses.
+
+
+ tos
+ - Optional. The value of the ToS bits to be set on the
+ encapsulating packet. It may also be the word
+
inherit
, in which case the ToS will be copied from
+ the inner packet if it is IPv4 or IPv6 (otherwise it will be
+ 0). Note that the ECN fields are always inherited. Default is
+ 0.
+
+
+ ttl
+ - Optional. The TTL to be set on the encapsulating packet.
+ It may also be the word
inherit
, in which case the
+ TTL will be copied from the inner packet if it is IPv4 or IPv6
+ (otherwise it will be the system default, typically 64).
+ Default is the system default TTL.
pmtud
@@ -455,11 +596,23 @@
patch
- A pair of virtual devices that act as a patch cable. A
- peer
argument is required that indicates the name
- of the other side of the patch. Since a patch must work in
- pairs, a second patch interface must be declared with the
- name
and peer
arguments reversed.
+
+
+ A pair of virtual devices that act as a patch cable. The column must have the following key-value pair:
+
+
+ peer
+ -
+ The
of the for
+ the other side of the patch. The named 's own peer
option must specify
+ this 's name. That is, the two patch
+ interfaces must have reversed and
+ peer
values.
+
+
+
@@ -467,6 +620,20 @@
Configuration options whose interpretation varies based on
.
+
+
+
+ Key-value pairs that report port status. Supported status
+ values are type
-dependent.
+
+ The only currently defined key-value pair is:
+
+ source_ip
+ - The source IP address used for an IPv4 tunnel end-point,
+ such as
gre
or capwap
. Not
+ supported by all implementations.
+
+
@@ -493,31 +660,107 @@
- Key-value pairs that identify this interface's role in external
- systems. All of the currently defined key-value pairs specifically
+ Key-value pairs for use by external frameworks that integrate
+ with Open vSwitch, rather than by Open vSwitch itself. System
+ integrators should either use the Open vSwitch development
+ mailing list to coordinate on common key-value definitions, or
+ choose key names that are likely to be unique. The currently
+ defined common key-value pairs are:
+
+ attached-mac
+ -
+ The MAC address programmed into the ``virtual hardware'' for this
+ interface, in the form
+ xx:xx:xx:xx:xx:xx.
+ For Citrix XenServer, this is the value of the
MAC
+ field in the VIF record for this interface.
+ iface-id
+ - A system-unique identifier for the interface. On XenServer,
+ this will commonly be the same as
xs-vif-uuid
.
+
+
+ Additionally the following key-value pairs specifically
apply to an interface that represents a virtual Ethernet interface
connected to a virtual machine. These key-value pairs should not be
present for other types of interfaces. Keys whose names end
in -uuid
have values that uniquely identify the entity
in question. For a Citrix XenServer hypervisor, these values are
UUIDs in RFC 4122 format. Other hypervisors may use other
- formats.
- The currently defined key-value pairs are:
+ formats.
+
+ The currently defined key-value pairs for XenServer are:
- vif-uuid
+ xs-vif-uuid
- The virtual interface associated with this interface.
- network-uuid
+ xs-network-uuid
- The virtual network to which this interface is attached.
- vm-uuid
+ xs-vm-uuid
- The VM to which this interface belongs.
- vif-mac
- - The MAC address programmed into the "virtual hardware" for this
- interface, in the
- form xx:xx:xx:xx:xx:xx.
- For Citrix XenServer, this is the value of the
MAC
- field in the VIF record for this interface.
+
+
+
+ Key-value pairs that report interface statistics. The current
+ implementation updates these counters periodically. In the future,
+ we plan to, instead, update them when an interface is created, when
+ they are queried (e.g. using an OVSDB select
operation),
+ and just before an interface is deleted due to virtual interface
+ hot-unplug or VM shutdown, and perhaps at other times, but not on any
+ regular periodic basis.
+
+ The currently defined key-value pairs are listed below. These are
+ the same statistics reported by OpenFlow in its struct
+ ofp_port_stats
structure. If an interface does not support a
+ given statistic, then that pair is omitted.
+
+ -
+ Successful transmit and receive counters:
+
+ rx_packets
+ - Number of received packets.
+ rx_bytes
+ - Number of received bytes.
+ tx_packets
+ - Number of transmitted packets.
+ tx_bytes
+ - Number of transmitted bytes.
+
+
+ -
+ Receive errors:
+
+ rx_dropped
+ - Number of packets dropped by RX.
+ rx_frame_err
+ - Number of frame alignment errors.
+ rx_over_err
+ - Number of packets with RX overrun.
+ rx_crc_err
+ - Number of CRC errors.
+ rx_errors
+ -
+ Total number of receive errors, greater than or equal
+ to the sum of the above.
+
+
+
+ -
+ Transmit errors:
+
+ tx_dropped
+ - Number of packets dropped by TX.
+ collisions
+ - Number of collisions.
+ tx_errors
+ -
+ Total number of transmit errors, greater
+ than or equal to the sum of the above.
+
+
+
+
+
@@ -532,7 +775,12 @@
defined types are listed below:
linux-htb
- - Linux ``hierarchy token bucket'' classifier.
+ -
+ Linux ``hierarchy token bucket'' classifier. See tc-htb(8) (also at
+
http://linux.die.net/man/8/tc-htb
) and the HTB manual
+ (http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm
)
+ for information on how this classifier works and how to configure it.
+
@@ -559,6 +807,14 @@
Mbps.
+
+
+ Key-value pairs for use by external frameworks that integrate with Open
+ vSwitch, rather than by Open vSwitch itself. System integrators should
+ either use the Open vSwitch development mailing list to coordinate on
+ common key-value definitions, or choose key names that are likely to be
+ unique. No common key-value pairs are currently defined.
+
@@ -600,6 +856,14 @@
values are unimportant; only relative ordering matters.
+
+
+ Key-value pairs for use by external frameworks that integrate with Open
+ vSwitch, rather than by Open vSwitch itself. System integrators should
+ either use the Open vSwitch development mailing list to coordinate on
+ common key-value definitions, or choose key names that are likely to be
+ unique. No common key-value pairs are currently defined.
+
@@ -681,31 +945,95 @@
in the appropriate table or tables.
+
+
+
+ Key-value pairs for use by external frameworks that integrate with Open
+ vSwitch, rather than by Open vSwitch itself. System integrators should
+ either use the Open vSwitch development mailing list to coordinate on
+ common key-value definitions, or choose key names that are likely to be
+ unique. No common key-value pairs are currently defined.
+
+
An OpenFlow controller.
- Open vSwitch permits a bridge to have any number of OpenFlow
- controllers. When multiple controllers are configured, Open vSwitch
- connects to all of them simultaneously. OpenFlow 1.0 does not specify
- how multiple controllers coordinate in interacting with a single switch,
- so more than one controller should be specified only if the controllers
- are themselves designed to coordinate with each other.
+
+ Open vSwitch supports two kinds of OpenFlow controllers:
+
+
+
+ - Primary controllers
+ -
+
+ This is the kind of controller envisioned by the OpenFlow 1.0
+ specification. Usually, a primary controller implements a network
+ policy by taking charge of the switch's flow table.
+
+
+
+ Open vSwitch initiates and maintains persistent connections to
+ primary controllers, retrying the connection each time it fails or
+ drops. The column in the
+ table applies to primary controllers.
+
+
+
+ Open vSwitch permits a bridge to have any number of primary
+ controllers. When multiple controllers are configured, Open
+ vSwitch connects to all of them simultaneously. Because
+ OpenFlow 1.0 does not specify how multiple controllers
+ coordinate in interacting with a single switch, more than
+ one primary controller should be specified only if the
+ controllers are themselves designed to coordinate with each
+ other. (The Nicira-defined NXT_ROLE
OpenFlow
+ vendor extension may be useful for this.)
+
+
+ - Service controllers
+ -
+
+ These kinds of OpenFlow controller connections are intended for
+ occasional support and maintenance use, e.g. with
+ ovs-ofctl
. Usually a service controller connects only
+ briefly to inspect or modify some of a switch's state.
+
+
+
+ Open vSwitch listens for incoming connections from service
+ controllers. The service controllers initiate and, if necessary,
+ maintain the connections from their end. The column in the table does
+ not apply to service controllers.
+
+
+
+ Open vSwitch supports configuring any number of service controllers.
+
+
+
+
+
+ The determines the type of controller.
+
- Connection method for controller.
- The following connection methods are currently
- supported:
+ Connection method for controller.
+
+ The following connection methods are currently supported for primary
+ controllers:
+
ssl:ip
[:port
]
-
The specified SSL port (default: 6633) on the host at
- the given ip, which must be expressed as an IP address
- (not a DNS name). The
- column in the must point to a valid
- SSL configuration when this form is used.
+ the given ip, which must be expressed as an IP address
+ (not a DNS name). The
+ column in the table must point to a
+ valid SSL configuration when this form is used.
SSL support is an optional feature that is not always built as
part of Open vSwitch.
@@ -730,8 +1058,35 @@
used only for bootstrapping the OpenFlow PKI at initial switch
setup; ovs-vswitchd
does not use it at all.
- none
- - Disables the controller.
+
+
+ The following connection methods are currently supported for service
+ controllers:
+
+
+ pssl:
[port][:ip
]
+ -
+
+ Listens for SSL connections on the specified TCP port
+ (default: 6633). If ip, which must be expressed as an
+ IP address (not a DNS name), is specified, then connections are
+ restricted to the specified local IP address.
+
+
+ The column in the table must point to a valid SSL
+ configuration when this form is used.
+
+ SSL support is an optional feature that is not always built as
+ part of Open vSwitch.
+
+ ptcp:
[port][:ip
]
+ -
+ Listens for connections on the specified TCP port
+ (default: 6633). If ip, which must be expressed as an
+ IP address (not a DNS name), is specified, then connections are
+ restricted to the specified local IP address.
+
When multiple controllers are configured for a single bridge, the
values must be unique. Duplicate
@@ -784,43 +1139,6 @@
assumes the connection has been broken and attempts to reconnect.
Default is implementation-specific.
-
-
- When a controller is configured, it is, ordinarily, responsible
- for setting up all flows on the switch. Thus, if the connection to
- the controller fails, no new network connections can be set up.
- If the connection to the controller stays down long enough,
- no packets can pass through the switch at all. This setting
- determines the switch's response to such a situation. It may be set
- to one of the following:
-
- standalone
- - If no message is received from the controller for three
- times the inactivity probe interval
- (see
), then Open vSwitch
- will take over responsibility for setting up flows. In
- this mode, Open vSwitch causes the bridge to act like an
- ordinary MAC-learning switch. Open vSwitch will continue
- to retry connecting to the controller in the background
- and, when the connection succeeds, it will discontinue its
- standalone behavior.
- secure
- - Open vSwitch will not set up flows on its own when the
- controller connection fails. It will continue retry
- connecting to the controller forever.
-
-
- If this value is unset, the default is implementation-specific.
- When more than one controller is configured,
- is considered only when none of the
- configured controllers can be contacted. At that point, the bridge
- enters secure mode if any of the controllers'
- is set to secure
. Otherwise,
- it enters standalone mode if at least one
- is set to standalone
. If none of the
- values are set, the default is
- implementation-defined.
-
@@ -905,6 +1223,16 @@
this network has no gateway.
+
+
+
+ Key-value pairs for use by external frameworks that integrate with Open
+ vSwitch, rather than by Open vSwitch itself. System integrators should
+ either use the Open vSwitch development mailing list to coordinate on
+ common key-value definitions, or choose key names that are likely to be
+ unique. No common key-value pairs are currently defined.
+
+
@@ -946,6 +1274,14 @@
disambiguate the traffic.
When this option is enabled, a maximum of 508 ports are supported.
+
+
+ Key-value pairs for use by external frameworks that integrate with Open
+ vSwitch, rather than by Open vSwitch itself. System integrators should
+ either use the Open vSwitch development mailing list to coordinate on
+ common key-value definitions, or choose key names that are likely to be
+ unique. No common key-value pairs are currently defined.
+
@@ -978,6 +1314,14 @@
SSL connection to a man-in-the-middle attack obtaining the initial
CA certificate. It may still be useful for bootstrapping.
+
+
+ Key-value pairs for use by external frameworks that integrate with Open
+ vSwitch, rather than by Open vSwitch itself. System integrators should
+ either use the Open vSwitch development mailing list to coordinate on
+ common key-value definitions, or choose key names that are likely to be
+ unique. No common key-value pairs are currently defined.
+
@@ -1012,6 +1356,14 @@
sFlow targets in the form
ip:port
.
+
+
+ Key-value pairs for use by external frameworks that integrate with Open
+ vSwitch, rather than by Open vSwitch itself. System integrators should
+ either use the Open vSwitch development mailing list to coordinate on
+ common key-value definitions, or choose key names that are likely to be
+ unique. No common key-value pairs are currently defined.
+