A port mirror within a .
A port mirror configures a bridge to send selected frames to special
- ``mirrored'' ports, in addition to their normal destinations. Mirroring
- traffic may also be referred to as SPAN or RSPAN, depending on the
- mechanism used for delivery.
+ ``mirrored'' ports, in addition to their normal destinations. Mirroring
+ traffic may also be referred to as SPAN, RSPAN, or ERSPAN, depending on how
+ the mirrored traffic is sent.
Arbitrary identifier for the .
+
+ To be selected for mirroring, a given packet must enter or leave the
+ bridge through a selected port and it must also be in one of the
+ selected VLANs.
+
+
If true, every packet arriving or departing on any port is
selected for mirroring.
@@ -1544,19 +1666,26 @@
+
+ These columns are mutually exclusive. Exactly one of them must be
+ nonempty.
+
+
- Output port for selected packets, if nonempty. Mutually exclusive
- with .
+ Output port for selected packets, if nonempty.
Specifying a port for mirror output reserves that port exclusively
- for mirroring. No frames other than those selected for mirroring
- will be forwarded to the port, and any frames received on the port
- will be discarded.
- This type of mirroring is sometimes called SPAN.
+ for mirroring. No frames other than those selected for mirroring
+ will be forwarded to the port, and any frames received on the port
+ will be discarded.
+
+ The output port may be any kind of port supported by Open vSwitch.
+ It may be, for example, a physical port (sometimes called SPAN), or a
+ GRE tunnel (sometimes called ERSPAN).
+
- Output VLAN for selected packets, if nonempty. Mutually exclusive
- with .
+ Output VLAN for selected packets, if nonempty.
The frames will be sent out all ports that trunk
, as well as any ports with implicit VLAN
. When a mirrored frame is sent out a
@@ -1564,6 +1693,37 @@
, replacing any existing tag; when it is
sent out an implicit VLAN port, the frame will not be tagged. This
type of mirroring is sometimes called RSPAN.
+
+ The following destination MAC addresses will not be mirrored to a
+ VLAN to avoid confusing switches that interpret the protocols that
+ they represent:
+
+
+ 01:80:c2:00:00:00
+ - IEEE 802.1D Spanning Tree Protocol (STP).
+
+ 01:80:c2:00:00:01
+ - IEEE Pause frame.
+
+ 01:80:c2:00:00:0x
+ - Other reserved protocols.
+
+ 01:00:0c:cc:cc:cc
+ -
+ Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP),
+ Dynamic Trunking Protocol (DTP), Port Aggregation Protocol (PAgP),
+ and others.
+
+
+ 01:00:0c:cc:cc:cd
+ - Cisco Shared Spanning Tree Protocol PVSTP+.
+
+ 01:00:0c:cd:cd:cd
+ - Cisco STP Uplink Fast.
+
+ 01:00:0c:00:00:00
+ - Cisco Inter Switch Link.
+
Please note: Mirroring to a VLAN can disrupt a network that
contains unmanaged switches. Consider an unmanaged physical switch
with two ports: port 1, connected to an end host, and port 2,
@@ -1589,6 +1749,10 @@
Open vSwitch is being used as an intermediate switch, learning can be
disabled by adding the mirrored VLAN to
in the appropriate table or tables.
+
+ Mirroring to a GRE tunnel has fewer caveats than mirroring to a
+ VLAN and should generally be preferred.
+
@@ -1687,23 +1851,6 @@
The specified TCP port (default: 6633) on the host at
the given ip, which must be expressed as an IP address
(not a DNS name).
- discover
-
- Enables controller discovery.
- In controller discovery mode, Open vSwitch broadcasts a DHCP
- request with vendor class identifier OpenFlow
across
- all of the bridge's network devices. It will accept any valid
- DHCP reply that has the same vendor class identifier and includes
- a vendor-specific option with code 1 whose contents are a string
- specifying the location of the controller in the same format as
- .
- The DHCP reply may also, optionally, include a vendor-specific
- option with code 2 whose contents are a string specifying the URI
- to the base of the OpenFlow PKI
- (e.g. http://192.168.0.1/openflow/pki
). This URI is
- used only for bootstrapping the OpenFlow PKI at initial switch
- setup; ovs-vswitchd
does not use it at all.
-
The following connection methods are currently supported for service
@@ -1763,10 +1910,7 @@
-
If not specified, the default is implementation-specific. If
- is discover
, the connection mode
- is always treated as in-band
regardless of the actual
- setting.
+ If not specified, the default is implementation-specific.
@@ -1783,7 +1927,8 @@
number of seconds, it will send a probe. If a response is not
received for the same additional amount of time, Open vSwitch
assumes the connection has been broken and attempts to reconnect.
- Default is implementation-specific.
+ Default is implementation-specific. A value of 0 disables
+ inactivity probes.
@@ -1816,33 +1961,9 @@
-
- These values are considered only when
- is discover
.
-
-
- A POSIX
- extended regular expression against which the discovered controller
- location is validated. The regular expression is implicitly
- anchored at the beginning of the controller location string, as
- if it begins with ^
. If not specified, the default
- is implementation-specific.
-
-
-
- Whether to update /etc/resolv.conf
when the
- controller is discovered. If not specified, the default
- is implementation-specific. Open vSwitch will only modify
- /etc/resolv.conf
if the DHCP response that it receives
- specifies one or more DNS servers.
-
-
-
These values are considered only in in-band control mode (see
- ) and only when
- is not discover
. (For controller discovery, the network
- configuration obtained via DHCP is used instead.)
+ ).
When multiple controllers are configured on a single bridge, there
should be only one set of unique values in these columns. If different
@@ -1892,15 +2013,11 @@
other
- Allows the controller access to all OpenFlow features.
-
-
master
- Equivalent to
other
, except that there may be at
most one master controller at a time. When a controller configures
itself as master
, any existing master is demoted to
the slave
role.
-
-
slave
- Allows the controller read-only access to OpenFlow features.
Attempts to modify the flow table will be rejected with an
@@ -1917,19 +2034,23 @@
- A human-readable description of the last error on the connection
to the controller; i.e.
strerror(errno)
. This key
will exist only if an error has occurred.
-
-
state
- The state of the connection to the controller. Possible values
- are:
VOID
, BACKOFF
,
- CONNECTING
, ACTIVE
, and
- IDLE
.
-
-
- time_in_state
- - Seconds since connecting to (if currently connected) or
- disconnecting from (if currently disconnected) this
- controller.
+ are: VOID
(connection is disabled),
+ BACKOFF
(attempting to reconnect at an increasing
+ period), CONNECTING
(attempting to connect),
+ ACTIVE
(connected, remote host responsive), and
+ IDLE
(remote host idle, sending keep-alive). These
+ values may change in the future. They are provided only for human
+ consumption.
+ sec_since_connect
+ - The amount of time since this controller last successfully
+ connected to the switch (in seconds). Value is empty if controller
+ has never successfully connected.
+ sec_since_disconnect
+ - The amount of time since this controller last disconnected from
+ the switch (in seconds). Value is empty if controller has never
+ disconnected.
@@ -2060,6 +2181,7 @@
will send a probe. If a response is not received for the same
additional amount of time, Open vSwitch assumes the connection has been
broken and attempts to reconnect. Default is implementation-specific.
+ A value of 0 disables inactivity probes.
@@ -2092,15 +2214,51 @@
The state of the connection to the manager. Possible values
are: VOID
(connection is disabled),
BACKOFF
(attempting to reconnect at an increasing
- period), CONNECT_IN_PROGRESS
(attempting to connect),
+ period), CONNECTING
(attempting to connect),
ACTIVE
(connected, remote host responsive), and
- IDLE
(remote host unresponsive, disconnecting). These
+ IDLE
(remote host idle, sending keep-alive). These
values may change in the future. They are provided only for human
consumption.
- time_in_state
- - Milliseconds since the
state
key changed.
+ sec_since_connect
+ - The amount of time since this manager last successfully connected
+ to the database (in seconds). Value is empty if manager has never
+ successfully connected.
+
+
+ sec_since_disconnect
+ - The amount of time since this manager last disconnected from the
+ database (in seconds). Value is empty if manager has never
+ disconnected.
+
+
+ locks_held
+ locks_waiting
+ locks_lost
+ -
+ Space-separated lists of the names of OVSDB locks that the
+ connection holds, is currently waiting to acquire, or has had
+ stolen by another OVSDB client, respectively. Key-value pairs for
+ lists that would be empty are omitted.
+
+
+
+ n_connections
+ -
+
+ When specifies a connection method that
+ listens for inbound connections (e.g. ptcp:
or
+ pssl:
) and more than one connection is actually
+ active, the value is the number of active connections.
+ Otherwise, this key-value pair is omitted.
+
+
+ When multiple connections are active, status columns and
+ key-value pairs (other than this one) report the status of one
+ arbitrarily chosen connection.
+
+