Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   ovs-vswitchd.conf.db    ( 5 )

схема базы данных Open_vSwitch (Open_vSwitch database schema)

Datapath TABLE

Configuration for a datapath within Open_vSwitch.

A datapath is responsible for providing the packet handling in Open vSwitch. There are two primary datapath implementations used by Open vSwitch: kernel and userspace. Kernel datapath implementations are available for Linux and Hyper-V, and selected as system in the datapath_type column of the Bridge table. The userspace datapath is used by DPDK and AF-XDP, and is selected as netdev in the datapath_type column of the Bridge table.

A datapath of a particular type is shared by all the bridges that use that datapath. Thus, configurations applied to this table affect all bridges that use this datapath.

Summary: datapath_version string ct_zones map of integer-CT_Zone pairs, key in range 0 to 65,535 Capabilities: capabilities : max_vlan_headers optional string, containing an integer, at least 0 capabilities : recirc optional string, either true or false capabilities : lb_output_action optional string, either true or false Connection-Tracking Capabilities: capabilities : ct_state optional string, either true or false capabilities : ct_state_nat optional string, either true or false capabilities : ct_zone optional string, either true or false capabilities : ct_mark optional string, either true or false capabilities : ct_label optional string, either true or false capabilities : ct_orig_tuple optional string, either true or false capabilities : ct_orig_tuple6 optional string, either true or false capabilities : masked_set_action optional string, either true or false capabilities : tnl_push_pop optional string, either true or false capabilities : ufid optional string, either true or false capabilities : trunc optional string, either true or false capabilities : nd_ext optional string, either true or false Clone Actions: capabilities : clone optional string, either true or false capabilities : sample_nesting optional string, containing an integer, at least 0 capabilities : ct_eventmask optional string, either true or false capabilities : ct_clear optional string, either true or false capabilities : max_hash_alg optional string, containing an integer, at least 0 capabilities : check_pkt_len optional string, either true or false capabilities : ct_timeout optional string, either true or false capabilities : explicit_drop_action optional string, either true or false capabilities : ct_zero_snat optional string, either true or false Common Columns: external_ids map of string-string pairs

Details: datapath_version: string Reports the version number of the Open vSwitch datapath in use. This allows management software to detect and report discrepancies between Open vSwitch userspace and datapath versions. (The ovs_version column in the Open_vSwitch reports the Open vSwitch userspace version.) The version reported depends on the datapath in use:

• When the kernel module included in the Open vSwitch source tree is used, this column reports the Open vSwitch version from which the module was taken.

• When the kernel module that is part of the upstream Linux kernel is used, this column reports <unknown>.

• When the datapath is built into the ovs-vswitchd binary, this column reports <built-in>. A built-in datapath is by definition the same version as the rest of the Open vSwitch userspace.

• Other datapaths (such as the Hyper-V kernel datapath) currently report <unknown>.

A version discrepancy between ovs-vswitchd and the datapath in use is not normally cause for alarm. The Open vSwitch kernel datapaths for Linux and Hyper-V, in particular, are designed for maximum inter-version compatibility: any userspace version works with with any kernel version. Some reasons do exist to insist on particular user/kernel pairings. First, newer kernel versions add new features, that can only be used by new- enough userspace, e.g. VXLAN tunneling requires certain minimal userspace and kernel versions. Second, as an extension to the first reason, some newer kernel versions add new features for enhancing performance that only new- enough userspace versions can take advantage of.

ct_zones: map of integer-CT_Zone pairs, key in range 0 to 65,535 Configuration for connection tracking zones. Each pair maps from a zone id to a configuration for that zone. Zone 0 applies to the default zone (ie, the one used if a zone is not specified in connection tracking-related OpenFlow matches and actions).

Capabilities:

The capabilities column reports a datapath's features. For the netdev datapath, the capabilities are fixed for a given version of Open vSwitch because this datapath is built into the ovs-vswitchd binary. The Linux kernel and Windows and other datapaths, which are external to OVS userspace, can vary in version and capabilities independently from ovs-vswitchd.

Some of these features indicate whether higher-level Open vSwitch features are available. For example, OpenFlow features for connection-tracking are available only when capabilities:ct_state is true. A controller that wishes to determine whether a feature is supported could, therefore, consult the relevant capabilities in this table. However, as a general rule, it is better for a controller to try to use the higher-level feature and use the result as an indication of support, since the low-level capabilities are more likely to shift over time than the high- level features that rely on them.

capabilities : max_vlan_headers: optional string, containing an integer, at least 0 Number of 802.1q VLAN headers supported by the datapath, as probed by the ovs-vswitchd slow path. If the datapath supports more VLAN headers than the slow path, this reports the slow path's limit. The value of other- config:vlan-limit in the Open_vSwitch table does not influence the number reported here.

capabilities : recirc: optional string, either true or false If this is true, then the datapath supports recirculation, specifically OVS_KEY_ATTR_RECIRC_ID. Recirculation enables higher performance for MPLS and active-active load balancing bonding modes.

capabilities : lb_output_action: optional string, either true or false If this is true, then the datapath supports optimized balance-tcp bond mode. This capability replaces existing hash and recirc actions with new action lb_output and avoids recirculation of packet in datapath. It is supported only for balance-tcp bond mode in netdev datapath. The new action gives higer performance by using bond buckets instead of post recirculation flows for selection of slave port from bond. By default this new action is disabled, however it can be enabled by setting other-config:lb-output-action in Port table.

Connection-Tracking Capabilities:

These capabilities are granular because Open vSwitch and its datapaths added support for connection tracking over several releases, with features added individually over that time.

capabilities : ct_state: optional string, either true or false If true, datapath supports OVS_KEY_ATTR_CT_STATE, which indicates support for the bits in the OpenFlow ct_state field (see ovs-fields(7)) other than snat and dnat, which have a separate capability.

If this is false, the datapath does not support connection-tracking at all and the remaining connection- tracking capabilities should all be false. In this case, Open vSwitch will reject flows that match on the ct_state field or use the ct action.

capabilities : ct_state_nat: optional string, either true or false If true, it means that the datapath supports the snat and dnat flags in the OpenFlow ct_state field. The ct_state capability must be true for this to make sense.

If false, Open vSwitch will reject flows that match on the snat or dnat bits in ct_state or use nat in the ct action.

capabilities : ct_zone: optional string, either true or false If true, datapath supports OVS_KEY_ATTR_CT_ZONE. If false, Open vSwitch rejects flows that match on the ct_zone field or that specify a nonzero zone or a zone field on the ct action.

capabilities : ct_mark: optional string, either true or false If true, datapath supports OVS_KEY_ATTR_CT_MARK. If false, Open vSwitch rejects flows that match on the ct_mark field or that set ct_mark in the ct action.

capabilities : ct_label: optional string, either true or false If true, datapath supports OVS_KEY_ATTR_CT_LABEL. If false, Open vSwitch rejects flows that match on the ct_label field or that set ct_label in the ct action.

capabilities : ct_orig_tuple: optional string, either true or false If true, the datapath supports matching the 5-tuple from the connection's original direction for IPv4 traffic. If false, Open vSwitch rejects flows that match on ct_nw_src or ct_nw_dst, that use the ct feature of the resubmit action, or the force keyword in the ct action. (The latter isn't tied to connection tracking support of original tuples in any technical way. They are conflated because all current datapaths implemented the two features at the same time.)

If this and capabilities:ct_orig_tuple6 are both false, Open vSwitch rejects flows that match on ct_nw_proto, ct_tp_src, or ct_tp_dst.

capabilities : ct_orig_tuple6: optional string, either true or false If true, the datapath supports matching the 5-tuple from the connection's original direction for IPv6 traffic. If false, Open vSwitch rejects flows that match on ct_ipv6_src or ct_ipv6_dst.

capabilities : masked_set_action: optional string, either true or false True if the datapath supports masked data in OVS_ACTION_ATTR_SET actions. Masked data can improve performance by allowing megaflows to match on fewer fields.

capabilities : tnl_push_pop: optional string, either true or false True if the datapath supports tnl_push and pop actions. This is a prerequisite for a datapath to support native tunneling.

capabilities : ufid: optional string, either true or false True if the datapath supports OVS_FLOW_ATTR_UFID. UFID support improves revalidation performance by transferring less data between the slow path and the datapath.

capabilities : trunc: optional string, either true or false True if the datapath supports OVS_ACTION_ATTR_TRUNC action. If false, the output action with packet truncation requires every packet to be sent to the Open vSwitch slow path, which is likely to make it too slow for mirroring traffic in bulk.

capabilities : nd_ext: optional string, either true or false True if the datapath supports OVS_KEY_ATTR_ND_EXTENSIONS to match on ICMPv6 "ND reserved" and "ND option type" header fields. If false, the datapath reports error if the feature is used.

Clone Actions:

When Open vSwitch translates actions from OpenFlow into the datapath representation, some of the datapath actions may modify the packet or have other side effects that later datapath actions can't undo. The OpenFlow ct, meter, output with truncation, encap, decap, and dec_nsh_ttl actions fall into this category. Often, this is not a problem because nothing later on needs the original packet.

Such actions can, however, occur in circumstances where the translation does require the original packet. For example, an OpenFlow output action might direct a packet to a patch port, which might in turn lead to a ct action that NATs the packet (which cannot be undone), and then afterward when control flow pops back across the patch port some other action might need to act on the original packet.

Open vSwitch has two different ways to implement this ``save and restore'' via datapath actions. These capabilities indicate which one Open vSwitch will choose. When neither is available, Open vSwitch simply fails in situations that require this feature.

capabilities : clone: optional string, either true or false True if the datapath supports OVS_ACTION_ATTR_CLONE action. This is the preferred option for saving and restoring packets, since it is intended for the purpose, but old datapaths do not support it. Open vSwitch will use it whenever it is available.

(The OpenFlow clone action does not always yield a OVS_ACTION_ATTR_CLONE action. It only does so when the datapath supports it and the clone brackets actions that otherwise cannot be undone.)

capabilities : sample_nesting: optional string, containing an integer, at least 0 Maximum level of nesting allowed by OVS_ACTION_ATTR_SAMPLE action. Open vSwitch misuses this action for saving and restoring packets when the datapath supports more than 3 levels of nesting and OVS_ACTION_ATTR_CLONE is not available.

capabilities : ct_eventmask: optional string, either true or false True if the datapath's OVS_ACTION_ATTR_CT action implements the OVS_CT_ATTR_EVENTMASK attribute. When this is true, Open vSwitch uses the event mask feature to limit the kinds of events reported to conntrack update listeners. When Open vSwitch doesn't limit the event mask, listeners receive reports of numerous usually unimportant events, such as TCP state machine changes, which can waste CPU time.

capabilities : ct_clear: optional string, either true or false True if the datapath supports OVS_ACTION_ATTR_CT_CLEAR action. If false, the OpenFlow ct_clear action has no effect on the datapath.

capabilities : max_hash_alg: optional string, containing an integer, at least 0 Highest supported dp_hash algorithm. This allows Open vSwitch to avoid requesting a packet hash that the datapath does not support.

capabilities : check_pkt_len: optional string, either true or false True if the datapath supports OVS_ACTION_ATTR_CHECK_PKT_LEN. If false, Open vSwitch implements the check_pkt_larger action by sending every packet through the Open vSwitch slow path, which is likely to make it too slow for handling traffic in bulk.

capabilities : ct_timeout: optional string, either true or false True if the datapath supports OVS_CT_ATTR_TIMEOUT in the OVS_ACTION_ATTR_CT action. If false, Open vswitch cannot implement timeout policies based on connection tracking zones, as configured through the CT_Timeout_Policy table.

capabilities : explicit_drop_action: optional string, either true or false True if the datapath supports OVS_ACTION_ATTR_DROP. If false, explicit drop action will not be sent to the datapath.

capabilities : ct_zero_snat: optional string, either true or false True if the datapath supports all-zero SNAT. This is a special case if the src IP address is configured as all 0's, i.e., nat(src=0.0.0.0). In this case, when a source port collision is detected during the commit, the source port will be translated to an ephemeral port. If there is no collision, no SNAT is performed.

Common Columns:

The overall purpose of these columns is described under Common Columns at the beginning of this document.

external_ids: map of string-string pairs