mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-08-31 22:35:15 +00:00
Code Issues Releases Wiki Activity

ovs-vswitchd: Add Datapath, CT_Zone, and CT_Zone_Policy tables.

Browse Source 
Signed-off-by: Justin Pettit <jpettit@ovn.org>
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Co-authored-by: Yi-Hung Wei <yihung.wei@gmail.com>
This commit is contained in:
Justin Pettit
2019-08-28 15:14:21 -07:00
parent 24d128ed0c
commit 61a5264d60
2 changed files with 277 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
vswitchd/vswitch.ovsschema
View File

@@ -1,9 +1,14 @@
{"name": "Open_vSwitch",
"version": "8.0.0",
"cksum": "3962141869 23978",
"version": "8.1.0",
"cksum": "1635647160 26090",
"tables": {
"Open_vSwitch": {
"columns": {
"datapaths": {
"type": {"key": {"type": "string"},
"value": {"type": "uuid",
"refTable": "Datapath"},
"min": 0, "max": "unlimited"}},
"bridges": {
"type": {"key": {"type": "uuid",
"refTable": "Bridge"},
@@ -629,6 +634,48 @@
"min": 0, "max": "unlimited"},
"ephemeral": true}},
"indexes": [["target"]]},
"Datapath": {
"columns": {
"datapath_version": {
"type": "string"},
"ct_zones": {
"type": {"key": {"type": "integer",
"minInteger": 0,
"maxInteger": 65535},
"value": {"type": "uuid",
"refTable": "CT_Zone"},
"min": 0, "max": "unlimited"}},
"external_ids": {
"type": {"key": "string", "value": "string",
"min": 0, "max": "unlimited"}}}},
"CT_Zone": {
"columns": {
"timeout_policy": {
"type": {"key": {"type": "uuid",
"refTable": "CT_Timeout_Policy"},
"min": 0, "max": 1}},
"external_ids": {
"type": {"key": "string", "value": "string",
"min": 0, "max": "unlimited"}}}},
"CT_Timeout_Policy": {
"columns": {
"timeouts": {
"type": {"key": {"type" : "string",
"enum": ["set", ["tcp_syn_sent", "tcp_syn_recv",
"tcp_established", "tcp_fin_wait",
"tcp_close_wait", "tcp_last_ack",
"tcp_time_wait", "tcp_close",
"tcp_syn_sent2", "tcp_retransmit",
"tcp_unack", "udp_first",
"udp_single", "udp_multiple",
"icmp_first", "icmp_reply"]]},
"value": {"type" : "integer",
"minInteger" : 0,
"maxInteger" : 4294967295},
"min": 0, "max": "unlimited"}},
"external_ids": {
"type": {"key": "string", "value": "string",
"min": 0, "max": "unlimited"}}}},
"SSL": {
"columns": {
"private_key": {

275
vswitchd/vswitch.xml
View File

@@ -52,6 +52,13 @@
one record in the <ref table="Open_vSwitch"/> table.
<group title="Configuration">
<column name="datapaths">
Map of datapath types to datapaths. The
<ref column="datapath_type"/> column of the <ref table="Bridge"/>
table is used as a key for this map. The value points to a row in
the <ref table="Datapath"/> table.
</column>
<column name="bridges">
Set of bridges managed by the daemon.
</column>
@@ -1217,53 +1224,11 @@
</column>
<column name="datapath_version">
<p>
Reports the version number of the Open vSwitch datapath in use.
This allows management software to detect and report discrepancies
between Open vSwitch userspace and datapath versions. (The <ref
column="ovs_version" table="Open_vSwitch"/> column in the <ref
table="Open_vSwitch"/> reports the Open vSwitch userspace version.)
The version reported depends on the datapath in use:
</p>
<ul>
<li>
When the kernel module included in the Open vSwitch source tree is
used, this column reports the Open vSwitch version from which the
module was taken.
</li>
<li>
When the kernel module that is part of the upstream Linux kernel is
used, this column reports <code>&lt;unknown&gt;</code>.
</li>
<li>
When the datapath is built into the <code>ovs-vswitchd</code>
binary, this column reports <code>&lt;built-in&gt;</code>. A
built-in datapath is by definition the same version as the rest of
the Open VSwitch userspace.
</li>
<li>
Other datapaths (such as the Hyper-V kernel datapath) currently
report <code>&lt;unknown&gt;</code>.
</li>
</ul>
<p>
A version discrepancy between <code>ovs-vswitchd</code> and the
datapath in use is not normally cause for alarm. The Open vSwitch
kernel datapaths for Linux and Hyper-V, in particular, are designed
for maximum inter-version compatibility: any userspace version works
with with any kernel version. Some reasons do exist to insist on
particular user/kernel pairings. First, newer kernel versions add
new features, that can only be used by new-enough userspace, e.g.
VXLAN tunneling requires certain minimal userspace and kernel
versions. Second, as an extension to the first reason, some newer
kernel versions add new features for enhancing performance that only
new-enough userspace versions can take advantage of.
</p>
Reports the datapath version. This column is maintained for
backwards compatibility. The preferred locatation is the
<ref column="datapath_id" table="Datapath"/> column of the
<ref table="Datapath"/> table. The full documentation for this
column is there.
</column>
<column name="other_config" key="datapath-id">
@@ -5585,6 +5550,222 @@ ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
</group>
</table>
<table name="Datapath">
<p>
Configuration for a datapath within <ref table="Open_vSwitch"/>.
</p>
<p>
A datapath is responsible for providing the packet handling in Open
vSwitch. There are two primary datapath implementations used by
Open vSwitch: kernel and userspace. Kernel datapath
implementations are available for Linux and Hyper-V, and selected
as <code>system</code> in the <ref column="datapath_type"/> column
of the <ref table="Bridge"/> table. The userspace datapath is used
by DPDK and AF-XDP, and is selected as <code>netdev</code> in the
<ref column="datapath_type"/> column of the <ref table="Bridge"/>
table.
</p>
<p>
A datapath of a particular type is shared by all the bridges that use
that datapath. Thus, configurations applied to this table affect
all bridges that use this datapath.
</p>
<column name="datapath_version">
<p>
Reports the version number of the Open vSwitch datapath in use.
This allows management software to detect and report discrepancies
between Open vSwitch userspace and datapath versions. (The <ref
column="ovs_version" table="Open_vSwitch"/> column in the <ref
table="Open_vSwitch"/> reports the Open vSwitch userspace version.)
The version reported depends on the datapath in use:
</p>
<ul>
<li>
When the kernel module included in the Open vSwitch source tree is
used, this column reports the Open vSwitch version from which the
module was taken.
</li>
<li>
When the kernel module that is part of the upstream Linux kernel is
used, this column reports <code>&lt;unknown&gt;</code>.
</li>
<li>
When the datapath is built into the <code>ovs-vswitchd</code>
binary, this column reports <code>&lt;built-in&gt;</code>. A
built-in datapath is by definition the same version as the rest of
the Open vSwitch userspace.
</li>
<li>
Other datapaths (such as the Hyper-V kernel datapath) currently
report <code>&lt;unknown&gt;</code>.
</li>
</ul>
<p>
A version discrepancy between <code>ovs-vswitchd</code> and the
datapath in use is not normally cause for alarm. The Open vSwitch
kernel datapaths for Linux and Hyper-V, in particular, are designed
for maximum inter-version compatibility: any userspace version works
with with any kernel version. Some reasons do exist to insist on
particular user/kernel pairings. First, newer kernel versions add
new features, that can only be used by new-enough userspace, e.g.
VXLAN tunneling requires certain minimal userspace and kernel
versions. Second, as an extension to the first reason, some newer
kernel versions add new features for enhancing performance that only
new-enough userspace versions can take advantage of.
</p>
</column>
<column name="ct_zones">
Configuration for connection tracking zones. Each pair maps from a
zone id to a configuration for that zone. Zone <code>0</code> applies
to the default zone (ie, the one used if a zone is not specified in
connection tracking-related OpenFlow matches and actions).
</column>
<group title="Common Columns">
The overall purpose of these columns is described under <code>Common
Columns</code> at the beginning of this document.
<column name="external_ids"/>
</group>
</table>
<table name="CT_Zone">
Connection tracking zone configuration
<column name="timeout_policy">
Connection tracking timeout policy for this zone. If a timeout policy
is not specified, it defaults to the timeout policy in the system.
</column>
<group title="Common Columns">
The overall purpose of these columns is described under <code>Common
Columns</code> at the beginning of this document.
<column name="external_ids"/>
</group>
</table>
<table name="CT_Timeout_Policy">
Connection tracking timeout policy configuration
<group title="Timeouts">
<column name="timeouts">
The <code>timeouts</code> column contains key-value pairs used
to configure connection tracking timeouts in a datapath.
Key-value pairs that are not supported by a datapath are
ignored. The timeout value is in seconds.
</column>
<group title="TCP Timeouts">
<column name="timeouts" key="tcp_syn_sent">
The timeout for the connection after the first TCP SYN packet has
been seen by conntrack.
</column>
<column name="timeouts" key="tcp_syn_recv">
The timeout of the connection after the first TCP SYN-ACK packet
has been seen by conntrack.
</column>
<column name="timeouts" key="tcp_established">
The timeout of the connection after the connection has been fully
established.
</column>
<column name="timeouts" key="tcp_fin_wait">
The timeout of the connection after the first TCP FIN packet
has been seen by conntrack.
</column>
<column name="timeouts" key="tcp_close_wait">
The timeout of the connection after the first TCP ACK packet
has been seen after it receives TCP FIN packet. This timeout
is only supported by the Linux kernel datapath.
</column>
<column name="timeouts" key="tcp_last_ack">
The timeout of the connection after TCP FIN packets have been
seen by conntrack from both directions. This timeout is only
supported by the Linux kernel datapath.
</column>
<column name="timeouts" key="tcp_time_wait">
The timeout of the connection after conntrack has seen the
TCP ACK packet for the second TCP FIN packet.
</column>
<column name="timeouts" key="tcp_close">
The timeout of the connection after the first TCP RST packet
has been seen by conntrack.
</column>
<column name="timeouts" key="tcp_syn_sent2">
The timeout of the connection when only a TCP SYN packet has been
seen by conntrack from both directions (simultaneous open).
This timeout is only supported by the Linux kernel datapath.
</column>
<column name="timeouts" key="tcp_retransmit">
The timeout of the connection when it exceeds the maximum
number of retransmissions. This timeout is only supported by
the Linux kernel datapath.
</column>
<column name="timeouts" key="tcp_unack">
The timeout of the connection when non-SYN packets create an
established connection in TCP loose tracking mode. This timeout
is only supported by the Linux kernel datapath.
</column>
</group>
<group title="UDP Timeouts">
<column name="timeouts" key="udp_first">
The timeout of the connection after the first UDP packet has
been seen by conntrack. This timeout is only supported by the
userspace datapath.
</column>
<column name="timeouts" key="udp_single">
The timeout of the connection when conntrack only seen UDP
packet from the source host, but the destination host has never
sent one back.
</column>
<column name="timeouts" key="udp_multiple">
The timeout of the connection when UDP packets have been seen in
both directions.
</column>
</group>
<group title="ICMP Timeouts">
<column name="timeouts" key="icmp_first">
The timeout of the connection after the first ICMP packet has
been seen by conntrack.
</column>
<column name="timeouts" key="icmp_reply">
The timeout of the connection after an ICMP error is replied in
response to an ICMP packet. This timeout is only supported by
the userspace datapath.
</column>
</group>
</group>
<group title="Common Columns">
The overall purpose of these columns is described under <code>Common
Columns</code> at the beginning of this document.
<column name="external_ids"/>
</group>
</table>
<table name="SSL">
SSL configuration for an Open_vSwitch.