GNU.WIKI: The GNU/Linux Knowledge Base

  [HOME] [PHP Manual] [HowTo] [ABS] [MAN1] [MAN2] [MAN3] [MAN4] [MAN5] [MAN6] [MAN7] [MAN8] [MAN9]

  [0-9] [Aa] [Bb] [Cc] [Dd] [Ee] [Ff] [Gg] [Hh] [Ii] [Jj] [Kk] [Ll] [Mm] [Nn] [Oo] [Pp] [Qq] [Rr] [Ss] [Tt] [Uu] [Vv] [Ww] [Xx] [Yy] [Zz]


NAME

       ovs-vswitchd - Open vSwitch daemon

SYNOPSIS

       ovs-vswitchd [database]

DESCRIPTION

       A  daemon that manages and controls any number of Open vSwitch switches
       on the local machine.

       The  database  argument  specifies   how   ovs-vswitchd   connects   to
       ovsdb-server.   The  default is unix:/var/run/openvswitch/db.sock.  The
       following forms are accepted:

       ssl:ip:port
              The specified SSL port on the host at the given ip,  which  must
              be   expressed   as  an  IP  address  (not  a  DNS  name).   The
              --private-key,  --certificate,   and   --ca-cert   options   are
              mandatory when this form is used.

       tcp:ip:port
              Connect to the given TCP port on ip.

       unix:file
              Connect to the Unix domain server socket named file.

       pssl:port[:ip]
              Listen  on  the  given  SSL  port for a connection.  By default,
              connections are not bound to a particular local IP address,  but
              specifying  ip  limits  connections  to those from the given ip.
              The --private-key,  --certificate,  and  --ca-cert  options  are
              mandatory when this form is used.

       ptcp:port[:ip]
              Listen  on  the  given  TCP  port for a connection.  By default,
              connections are not bound to a particular local IP address,  but
              ip  may be specified to listen only for connections to the given
              ip.

       punix:file
              Listen on the  Unix  domain  server  socket  named  file  for  a
              connection.

       ovs-vswitchd  retrieves its configuration from database at startup.  It
       sets up Open vSwitch datapaths and then operates switching across  each
       bridge  described in its configuration files.  As the database changes,
       ovs-vswitchd automatically updates its configuration to match.

       Upon receipt of a SIGHUP signal, ovs-vswitchd reopens its log file,  if
       one was specified on the command line.

       ovs-vswitchd  switches  may  be  configured  with  any of the following
       features:

       ·      L2 switching with MAC learning.

       ·      NIC bonding with automatic fail-over  and  source  MAC-based  TX
              load balancing ("SLB").

       ·      802.1Q VLAN support.

       ·      Port mirroring, with optional VLAN tagging.

       ·      NetFlow v5 flow logging.

       ·      sFlow(R) monitoring.

       ·      Connectivity to an external OpenFlow controller, such as NOX.

       Only a single instance of ovs-vswitchd is intended to run at a time.  A
       single ovs-vswitchd can manage any number of switch  instances,  up  to
       the maximum number of supported Open vSwitch datapaths.

       ovs-vswitchd   does  all  the  necessary  management  of  Open  vSwitch
       datapaths itself.  Thus, external tools,  such  ovs-dpctl(8),  are  not
       needed  for  managing  datapaths  in conjunction with ovs-vswitchd, and
       their  use  to  modify  datapaths  when  ovs-vswitchd  is  running  can
       interfere  with  its  operation.   (ovs-dpctl  may  still be useful for
       diagnostics.)

       An Open vSwitch datapath kernel module must be loaded for  ovs-vswitchd
       to  be  useful.  Please refer to the INSTALL.Linux file included in the
       Open vSwitch distribution for instructions on how to build and load the
       Open vSwitch kernel module.

OPTIONS

       --mlockall
              Causes  ovs-vswitchd to call the mlockall() function, to attempt
              to lock all of its process memory into physical RAM,  preventing
              the kernel from paging any of its memory to disk.  This helps to
              avoid networking interruptions due to system memory pressure.

              Some systems do not support mlockall() at all, and other systems
              only  allow  privileged users, such as the superuser, to use it.
              ovs-vswitchd emits a log message if mlockall() is unavailable or
              unsuccessful.

       --pidfile[=pidfile]
              Causes  a  file  (by  default,  ovs-vswitchd.pid)  to be created
              indicating the PID of  the  running  process.   If  the  pidfile
              argument  is not specified, or if it does not begin with /, then
              it is created in /var/run/openvswitch.

              If --pidfile is not specified, no pidfile is created.

       --overwrite-pidfile
              By default,  when  --pidfile  is  specified  and  the  specified
              pidfile  already  exists  and  is  locked  by a running process,
              ovs-vswitchd refuses to start.  Specify  --overwrite-pidfile  to
              cause it to instead overwrite the pidfile.

              When --pidfile is not specified, this option has no effect.

       --detach
              Causes ovs-vswitchd to detach itself from the foreground session
              and run as a  background  process.  ovs-vswitchd  detaches  only
              after  it  has  connected to the database, retrieved the initial
              configuration, and set up that configuration.

       --monitor
              Creates  an  additional  process  to  monitor  the  ovs-vswitchd
              daemon.   If  the  daemon  dies due to a signal that indicates a
              programming error (SIGABRT,  SIGALRM,  SIGBUS,  SIGFPE,  SIGILL,
              SIGPIPE,  SIGSEGV, SIGXCPU, or SIGXFSZ) then the monitor process
              starts a new copy of it.   If  the  daemon  dies  or  exits  for
              another reason, the monitor process exits.

              This  option  is  normally  used  with  --detach,  but  it  also
              functions without it.

       --no-chdir
              By default, when --detach is specified, ovs-vswitchd changes its
              current  working  directory  to  the  root  directory  after  it
              detaches.  Otherwise, invoking ovs-vswitchd  from  a  carelessly
              chosen directory would prevent the administrator from unmounting
              the file system that holds that directory.

              Specifying  --no-chdir  suppresses  this  behavior,   preventing
              ovs-vswitchd  from changing its current working directory.  This
              may be useful for collecting core  files,  since  it  is  common
              behavior  to write core dumps into the current working directory
              and the root directory is not a good directory to use.

              This option has no effect when --detach is not specified.

   Public Key Infrastructure Options
       -p privkey.pem
       --private-key=privkey.pem
              Specifies  a  PEM  file  containing  the  private  key  used  as
              ovs-vswitchd's identity for outgoing SSL connections.

       -c cert.pem
       --certificate=cert.pem
              Specifies a PEM file containing a certificate that certifies the
              private key specified on -p or --private-key to be  trustworthy.
              The certificate must be signed by the certificate authority (CA)
              that the peer in SSL connections will use to verify it.

       -C cacert.pem
       --ca-cert=cacert.pem
              Specifies  a  PEM  file  containing  the  CA  certificate   that
              ovs-vswitchd  should  use to verify certificates presented to it
              by SSL peers.  (This may be the same certificate that SSL  peers
              use  to verify the certificate specified on -c or --certificate,
              or it may be a different one, depending on  the  PKI  design  in
              use.)

       -C none
       --ca-cert=none
              Disables  verification  of  certificates presented by SSL peers.
              This  introduces  a  security  risk,  because  it   means   that
              certificates  cannot  be  verified  to be those of known trusted
              hosts.

       --bootstrap-ca-cert=cacert.pem
              When cacert.pem exists, this option has the same effect as -C or
              --ca-cert.  If it does not exist, then ovs-vswitchd will attempt
              to obtain the CA certificate from the SSL peer on its first  SSL
              connection  and  save  it  to  the  named  PEM  file.   If it is
              successful,  it  will  immediately  drop  the   connection   and
              reconnect,  and  from  then  on  all  SSL  connections  must  be
              authenticated by a certificate signed by the CA certificate thus
              obtained.

              This  option  exposes  the SSL connection to a man-in-the-middle
              attack obtaining the initial  CA  certificate,  but  it  may  be
              useful for bootstrapping.

              This  option  is  only  useful  if  the  SSL  peer  sends its CA
              certificate as part of  the  SSL  certificate  chain.   The  SSL
              protocol does not require the server to send the CA certificate.

              This option is mutually exclusive with -C and --ca-cert.

       -v[spec]
       --verbose=[spec]
              Sets  logging  levels.  Without any spec, sets the log level for
              every module and facility to dbg.  Otherwise, spec is a list  of
              words  separated  by  spaces or commas or colons, up to one from
              each category below:

              ·      A valid  module  name,  as  displayed  by  the  vlog/list
                     command  on ovs-appctl(8), limits the log level change to
                     the specified module.

              ·      syslog, console, or file, to limit the log  level  change
                     to  only to the system log, to the console, or to a file,
                     respectively.

              ·      off, emer, err, warn, info, or dbg, to  control  the  log
                     level.   Messages of the given severity or higher will be
                     logged, and messages of lower severity will  be  filtered
                     out.   off  filters  out all messages.  See ovs-appctl(8)
                     for a definition of each log level.

              Case is not significant within spec.

              Regardless of the log levels set for file,  logging  to  a  file
              will  not  take  place  unless --log-file is also specified (see
              below).

              For compatibility with older versions of OVS, any is accepted as
              a word but has no effect.

       -v
       --verbose
              Sets   the   maximum  logging  verbosity  level,  equivalent  to
              --verbose=dbg.

       --log-file[=file]
              Enables logging to a file.  If file is  specified,  then  it  is
              used  as  the exact name for the log file.  The default log file
              name      used      if      file       is       omitted       is
              /var/log/openvswitch/ovs-vswitchd.log.

       --syslog-target=host:port
              Send  syslog  messages  to  UDP port on host, in addition to the
              system syslog.  The host must be a numerical IP address,  not  a
              hostname.

       -h
       --help Prints a brief help message to the console.

       -V
       --version
              Prints version information to the console.

RUNTIME MANAGEMENT COMMANDS

       ovs-appctl(8) can send commands to a running ovs-vswitchd process.  The
       currently  supported  commands  are  described  below.    The   command
       descriptions assume an understanding of how to configure Open vSwitch.

   GENERAL COMMANDS
       exit   Causes ovs-vswitchd to gracefully terminate.

       qos/show interface
              Queries  the  kernel  for  Quality  of Service configuration and
              statistics associated with the given interface.

       bfd/show [interface]
              Displays detailed  information  about  Bidirectional  Forwarding
              Detection   configured   on  interface.   If  interface  is  not
              specified,  then  displays  detailed   information   about   all
              interfaces with BFD enabled.

       bfd/set-forwarding [interface] status
              Force  the  fault  status of the BFD module on interface (or all
              interfaces if none is  given)  to  be  status.   status  can  be
              "true",  "false",  or  "normal"  which  reverts  to the standard
              behavior.

       cfm/show [interface]
              Displays   detailed   information   about   Connectivity   Fault
              Management   configured  on  interface.   If  interface  is  not
              specified,  then  displays  detailed   information   about   all
              interfaces with CFM enabled.

       cfm/set-fault [interface] status
              Force  the  fault  status of the CFM module on interface (or all
              interfaces if none is  given)  to  be  status.   status  can  be
              "true",  "false",  or  "normal"  which  reverts  to the standard
              behavior.

       stp/tcn [bridge]
              Forces a topology change event on bridge if  it's  running  STP.
              This  may  cause it to send Topology Change Notifications to its
              peers and flush its MAC table..  If no bridge is given, forces a
              topology change event on all bridges.

   BRIDGE COMMANDS
       These commands manage bridges.

       fdb/flush [bridge]
              Flushes  bridge  MAC  address  learning  table,  or all learning
              tables if no bridge is given.

       fdb/show bridge
              Lists each  MAC  address/VLAN  pair  learned  by  the  specified
              bridge,  along with the port on which it was learned and the age
              of the entry, in seconds.

       bridge/reconnect [bridge]
              Makes bridge drop all of its OpenFlow controller connections and
              reconnect.   If  bridge  is not specified, then all bridges drop
              their controller connections and reconnect.

              This command might be useful for debugging  OpenFlow  controller
              issues.

       bridge/dump-flows bridge
              Lists  all  flows  in bridge, including those normally hidden to
              commands  such  as  ovs-ofctl  dump-flows.   Flows  set  up   by
              mechanisms such as in-band control and fail-open are hidden from
              the controller since it is not allowed  to  modify  or  override
              them.

   BOND COMMANDS
       These  commands  manage  bonded ports on an Open vSwitch's bridges.  To
       understand some of these commands, it  is  important  to  understand  a
       detail  of  the bonding implementation called ``source load balancing''
       (SLB).  Instead of directly  assigning  Ethernet  source  addresses  to
       slaves,  the  bonding  implementation  computes a function that maps an
       48-bit Ethernet source addresses into an 8-bit value  (a  ``MAC  hash''
       value).  All of the Ethernet addresses that map to a single 8-bit value
       are then assigned to a single slave.

       bond/list
              Lists all of the bonds, and their slaves, on each bridge.

       bond/show [port]
              Lists all of the bond-specific information (updelay,  downdelay,
              time  until  the next rebalance) about the given bonded port, or
              all bonded ports if no port is given.   Also  lists  information
              about each slave: whether it is enabled or disabled, the time to
              completion of an updelay or downdelay if  one  is  in  progress,
              whether  it  is  the  active  slave,  the hashes assigned to the
              slave.  Any LACP information related to this bond may  be  found
              using the lacp/show command.

       bond/migrate port hash slave
              Only  valid  for  SLB  bonds.  Assigns a given MAC hash to a new
              slave.  port specifies the bond port, hash the MAC  hash  to  be
              migrated  (as a decimal number between 0 and 255), and slave the
              new slave to be assigned.

              The reassignment is not permanent: rebalancing or fail-over will
              cause  the  MAC  hash  to be shifted to a new slave in the usual
              manner.

              A MAC hash cannot be migrated to a disabled slave.

       bond/set-active-slave port slave
              Sets slave as the active slave on port.  slave must currently be
              enabled.

              The  setting  is  not  permanent:  a  new  active  slave will be
              selected if slave becomes disabled.

       bond/enable-slave port slave
       bond/disable-slave port slave
              Enables (or disables) slave on the given bond port, skipping any
              updelay (or downdelay).

              This  setting  is  not  permanent:  it  persists  only until the
              carrier status of slave changes.

       bond/hash mac [vlan] [basis]
              Returns the hash value which would be used for mac with vlan and
              basis if specified.

       lacp/show [port]
              Lists  all of the LACP related information about the given port:
              active or  passive,  aggregation  key,  system  id,  and  system
              priority.   Also  lists information about each slave: whether it
              is enabled or disabled, whether it is attached or detached, port
              id and priority, actor information, and partner information.  If
              port is not specified, then displays detailed information  about
              all interfaces with CFM enabled.

   DATAPATH COMMANDS
       These  commands  manage logical datapaths.  They are are similar to the
       equivalent ovs-dpctl commands.

       dpif/dump-dps
              Prints the name of each configured datapath on a separate line.

       dpif/show
              Prints a summary of configured datapaths,  including  statistics
              and  a  list  of connected ports.  The port information includes
              the OpenFlow port number, datapath port number,  and  the  type.
              (The local port is identified as OpenFlow port 65534.)

       dpif/dump-flows dp
              Prints  to  the  console  all flow entries in datapath dp's flow
              table.

              This command is primarily useful  for  debugging  Open  vSwitch.
              The  flow  table  entries that it displays are not OpenFlow flow
              entries.  Instead, they are different and  considerably  simpler
              flows maintained by the datapath module.  If you wish to see the
              OpenFlow flow entries, use ovs-ofctl dump-flows.

       dpif/del-flows dp
              Deletes all flow entries  from  datapath  dp's  flow  table  and
              underlying   datapath   implementation  (e.g.,  kernel  datapath
              module).

              This command is primarily useful for debugging Open vSwitch.  As
              discussed  in  dpif/dump-flows,  these  entries are not OpenFlow
              flow entries.

   OFPROTO COMMANDS
       These commands manage the core OpenFlow switch  implementation  (called
       ofproto).

       ofproto/list
              Lists the names of the running ofproto instances.  These are the
              names that may be used on ofproto/trace.

       ofproto/trace [dpname] odp_flow [-generate | packet]
       ofproto/trace bridge br_flow [-generate | packet]
       ofproto/trace-packet-out [-consistent] [dpname] odp_flow  [-generate  |
       packet] actions
       ofproto/trace-packet-out  [-consistent]  bridge  br_flow  [-generate  |
       packet] actions
              Traces the path  of  an  imaginary  packet  through  switch  and
              reports  the  path  that  it took.  The initial treatment of the
              packet varies based on the command:

              ·      ofproto/trace looks the packet up in  the  OpenFlow  flow
                     table, as if the packet had arrived on an OpenFlow port.

              ·      ofproto/trace-packet-out  applies  the specified OpenFlow
                     actions, as if the packet, flow,  and  actions  had  been
                     specified in an OpenFlow ``packet-out'' request.

              The  packet's headers (e.g. source and destination) and metadata
              (e.g. input port), together called its ``flow,'' are usually all
              that  matter  for  the  purpose  of  tracing  a packet.  You can
              specify the flow in the following ways:

              dpname odp_flow
                     odp_flow is a flow in the form printed by  ovs-dpctl(8)'s
                     dump-flows command.  If all of your bridges have the same
                     type, which is the common case, then you can omit dpname,
                     but  if  you  have  bridges of different types (say, both
                     ovs-netdev and ovs-system), then you need  to  specify  a
                     dpname to disambiguate.

              bridge br_flow
                     br_flow is a flow in the form similar to that accepted by
                     ovs-ofctl(8)'s  add-flow  command.   (This  is   not   an
                     OpenFlow   flow:  besides  other  differences,  it  never
                     contains wildcards.)  bridge names of the bridge  through
                     which br_flow should be traced.

              Most commonly, one specifies only a flow, using one of the forms
              above, but sometimes one might need to specify an actual  packet
              instead of just a flow:

              Side effects.
                     Some  actions have side effects.  For example, the normal
                     action can update the MAC learning table, and  the  learn
                     action  can  change  OpenFlow tables.  The trace commands
                     only perform side effects when a packet is specified.  If
                     you want side effects to take place, then you must supply
                     a packet.

                     (Output actions are obviously side effects too,  but  the
                     trace   commands   never  execute  them,  even  when  one
                     specifies a packet.)

              Incomplete information.
                     Most of the time, Open vSwitch can figure out  everything
                     about  the  path  of a packet using just the flow, but in
                     some special circumstances it needs to look at  parts  of
                     the  packet that are not included in the flow.  When this
                     is the case, and you do not supply a packet, then a trace
                     command will tell you it needs a packet.

              If  you  wish  to include a packet as part of a trace operation,
              there are two ways to do it:

              -generate
                     This option, added to one of the ways to specify  a  flow
                     already  described,  causes  Open  vSwitch  to internally
                     generate a packet with the flow described and then to use
                     that  packet.   If  your goal is to execute side effects,
                     then -generate is the easiest way to do it, but -generate
                     is  not  a  good  way  to fill in incomplete information,
                     because it generates  packets  based  on  only  the  flow
                     information,  which  means that the packets really do not
                     have any more information than the flow.

              packet This form supplies an explicit packet as  a  sequence  of
                     hex digits.  An Ethernet frame is at least 14 bytes long,
                     so there must be at least 28 hex digits.   Obviously,  it
                     is inconvenient to type in the hex digits by hand, so the
                     ovs-pcap(1) and ovs-tcpundump(1) utilities provide easier
                     ways.

                     With  this  form,  packet  headers are extracted directly
                     from packet, so the odp_flow or  br_flow  should  specify
                     only metadata. The metadata can be:

                     skb_priority
                            Packet QoS priority.

                     pkt_mark
                            Mark of the packet.

                     tun_id The tunnel ID on which the packet arrived.

                     in_port
                            The port on which the packet arrived.

              The  in_port  value is kernel datapath port number for the first
              format and OpenFlow port  number  for  the  second  format.  The
              numbering  of  these two types of port usually differs and there
              is no relationship.

              ofproto-trace-packet-out  accepts  an   additional   -consistent
              option.  With this option specified, the command rejects actions
              that are inconsistent with the specified packet.  (An example of
              an  inconsistency  is  attempting  to  strip the VLAN tag from a
              packet that does not have a VLAN  tag.)   Open  vSwitch  ignores
              most   forms  of  inconsistency  in  OpenFlow  1.0  and  rejects
              inconsistencies in later versions of OpenFlow.   The  option  is
              necessary  because  the  command  does  not  ordinarily  imply a
              particular  OpenFlow  version.   One  exception  is  that,  when
              actions  includes  an  action  that  only OpenFlow 1.1 and later
              supports  (such  as  push_vlan),  -consistent  is  automatically
              enabled.

       ofproto/self-check [switch]
              Runs  an  internal  consistency  check  on switch, if specified,
              otherwise on all ofproto instances, and responds  with  a  brief
              summary of the results.  If the summary reports any errors, then
              the Open vSwitch logs should contain more detailed  information.
              Please  pass  along  errors reported by this command to the Open
              vSwitch developers as bugs.

   VLOG COMMANDS
       These commands manage ovs-vswitchd's logging settings.

       vlog/set [spec]
              Sets logging levels.  Without any spec, sets the log  level  for
              every  module and facility to dbg.  Otherwise, spec is a list of
              words separated by spaces or commas or colons, up  to  one  from
              each category below:

              ·      A  valid  module  name,  as  displayed  by  the vlog/list
                     command on ovs-appctl(8), limits the log level change  to
                     the specified module.

              ·      syslog,  console,  or file, to limit the log level change
                     to only to the system log, to the console, or to a  file,
                     respectively.

              ·      off,  emer,  err,  warn, info, or dbg, to control the log
                     level.  Messages of the given severity or higher will  be
                     logged,  and  messages of lower severity will be filtered
                     out.  off filters out all  messages.   See  ovs-appctl(8)
                     for a definition of each log level.

              Case is not significant within spec.

              Regardless  of  the  log  levels set for file, logging to a file
              will not take place unless ovs-vswitchd  was  invoked  with  the
              --log-file option.

              For compatibility with older versions of OVS, any is accepted as
              a word but has no effect.

       vlog/set PATTERN:facility:pattern
              Sets  the  log  pattern  for  facility  to  pattern.   Refer  to
              ovs-appctl(8) for a description of the valid syntax for pattern.

       vlog/list
              Lists the supported logging modules and their current levels.

       vlog/reopen
              Causes  ovs-vswitchd to close and reopen its log file.  (This is
              useful after rotating log files, to cause a new log file  to  be
              used.)

              This  has  no  effect  unless  ovs-vswitchd was invoked with the
              --log-file option.

       vlog/disable-rate-limit [module]...
       vlog/enable-rate-limit [module]...
              By default,  ovs-vswitchd  limits  the  rate  at  which  certain
              messages  can  be  logged.   When  a  message  would appear more
              frequently than the limit, it is suppressed.   This  saves  disk
              space,  makes  logs easier to read, and speeds up execution, but
              occasionally troubleshooting requires more  detail.   Therefore,
              vlog/disable-rate-limit allows rate limits to be disabled at the
              level of an individual log module.  Specify one or  more  module
              names, as displayed by the vlog/list command.  Specifying either
              no module names at all or the keyword any disables  rate  limits
              for every log module.

              The  vlog/enable-rate-limit command, whose syntax is the same as
              vlog/disable-rate-limit, can be used to re-enable a  rate  limit
              that was previously disabled.

   MEMORY COMMANDS
       These commands report memory usage.

       memory/show
              Displays  some  basic  statistics  about  ovs-vswitchd's  memory
              usage.  ovs-vswitchd  also  logs  this  information  soon  after
              startup and periodically as its memory consumption grows.

   COVERAGE COMMANDS
       These commands manage ovs-vswitchd's ``coverage counters,'' which count
       the number of times particular events occur during a daemon's  runtime.
       In addition to these commands, ovs-vswitchd automatically logs coverage
       counter values, at INFO level, when it detects that the  daemon's  main
       loop takes unusually long to run.

       Coverage  counters  are  useful  mainly  for  performance  analysis and
       debugging.

       coverage/show
              Displays the averaged per-second rates for the last few seconds,
              the  last  minute and the last hour, and the total counts of all
              of the coverage counters.

OPENFLOW IMPLEMENTATION

       This section documents aspects  of  OpenFlow  for  which  the  OpenFlow
       specification requires documentation.

   Packet buffering.
       The OpenFlow specification, version 1.2, says:

              Switches  that  implement  buffering  are  expected  to  expose,
              through documentation, both the amount of  available  buffering,
              and the length of time before buffers may be reused.

       Open  vSwitch  maintains  a separate set of 256 packet buffers for each
       OpenFlow connection.  Any given packet buffer is preserved until it  is
       referenced  by  an  OFPT_FLOW_MOD  or  OFPT_PACKET_OUT request or for 5
       seconds, whichever comes first.

LIMITS

       We believe these limits to be  accurate  as  of  this  writing.   These
       limits assume the use of the Linux kernel datapath.

       ·      ovs-vswitchd started through ovs-ctl(8) provides a limit of 7500
              file descriptors.  The limits on the number of bridges and ports
              is  decided  by  the availability of file descriptors.  With the
              Linux kernel datapath, creation of a single  bridge  consumes  3
              file  descriptors  and adding a port consumes 1 file descriptor.
              Performance will degrade beyond 1,024 ports per  bridge  due  to
              fixed  hash  table  sizing.   Other platforms may have different
              limitations.

       ·      2,048 MAC learning entries per bridge,  by  default.   (This  is
              configurable   via  other-config:mac-table-size  in  the  Bridge
              table.  See ovs-vswitchd.conf.db(5) for details.)

       ·      Kernel flows are limited only by memory available to the kernel.
              Performance  will  degrade  beyond  1,048,576  kernel  flows per
              bridge with a  32-bit  kernel,  beyond  262,144  with  a  64-bit
              kernel.   (ovs-vswitchd  should never install anywhere near that
              many flows.)

       ·      OpenFlow  flows  are   limited   only   by   available   memory.
              Performance is linear in the number of unique wildcard patterns.
              That is, an OpenFlow table that contains  many  flows  that  all
              match  on  the  same  fields in the same way has a constant-time
              lookup, but a table that  contains  many  flows  that  match  on
              different  fields  requires  lookup time linear in the number of
              flows.

       ·      255 ports per  bridge  participating  in  802.1D  Spanning  Tree
              Protocol.

       ·      32 mirrors per bridge.

       ·      15  bytes  for  the  name  of  a  port.  (This is a Linux kernel
              limitation.)

SEE ALSO

       ovs-appctl(8),  ovsdb-server(1),  INSTALL.Linux  in  the  Open  vSwitch
       distribution.



  All copyrights belong to their respective owners. Other content (c) 2014-2018, GNU.WIKI. Please report site errors to webmaster@gnu.wiki.
Page load time: 0.088 seconds. Last modified: November 04 2018 12:49:43.