Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
ovs-vswitchd(8)		      Open vSwitch Manual	       ovs-vswitchd(8)

NAME
       ovs-vswitchd - Open vSwitch daemon

SYNOPSIS
       ovs-vswitchd [database]

DESCRIPTION
       A  daemon that manages and controls any number of Open vSwitch switches
       on the local machine.

       The  database  argument	specifies   how	  ovs-vswitchd	 connects   to
       ovsdb-server.   The  default is unix:/var/run/openvswitch/db.sock.  The
       following forms are accepted:

       ssl:ip:port
	      The specified SSL	port on	the host at the	given ip,  which  must
	      be  expressed  as	an IP address (not a DNS name) in IPv4 or IPv6
	      address format.  If ip is	an IPv6	address,  then	wrap  ip  with
	      square   brackets,  e.g.:	 ssl:[::1]:6632.   The	--private-key,
	      --certificate, and --ca-cert options  are	 mandatory  when  this
	      form is used.

       tcp:ip:port
	      Connect  to  the	given  TCP port	on ip, where ip	can be IPv4 or
	      IPv6 address. If ip is an	IPv6 address, then wrap	ip with	square
	      brackets,	e.g.: tcp:[::1]:6632.

       unix:file
	      On POSIX,	connect	to the Unix domain server socket named file.

	      On Windows, connect to a localhost TCP port whose	value is writ-
	      ten in file.

       pssl:port[:ip]
	      Listen on	the given SSL port for a connection.  By default, con-
	      nections	are  not bound to a particular local IP	address	and it
	      listens only on IPv4 (but	not IPv6) addresses, but specifying ip
	      limits  connections  to  those from the given ip,	either IPv4 or
	      IPv6 address.  If	ip is an  IPv6	address,  then	wrap  ip  with
	      square  brackets,	 e.g.:	pssl:6632:[::1].   The	--private-key,
	      --certificate, and --ca-cert options  are	 mandatory  when  this
	      form is used.

       ptcp:port[:ip]
	      Listen on	the given TCP port for a connection.  By default, con-
	      nections are not bound to	a particular local IP address  and  it
	      listens  only  on	 IPv4  (but not	IPv6) addresses, but ip	may be
	      specified	to listen only for connections to the given ip,	either
	      IPv4  or	IPv6  address.	If ip is an IPv6 address, then wrap ip
	      with square brackets, e.g.: ptcp:6632:[::1].

       punix:file
	      On POSIX,	listen on the Unix domain server socket	named file for
	      a	connection.

	      On Windows, listen on a kernel chosen TCP	port on	the localhost.
	      The kernel chosen	TCP port value is written in file.

       ovs-vswitchd retrieves its configuration	from database at startup.   It
       sets  up	Open vSwitch datapaths and then	operates switching across each
       bridge described	in its configuration files.  As	the database  changes,
       ovs-vswitchd automatically updates its configuration to match.

       ovs-vswitchd  switches may be configured	with any of the	following fea-
       tures:

       o      L2 switching with	MAC learning.

       o      NIC bonding with automatic fail-over  and	 source	 MAC-based  TX
	      load balancing ("SLB").

       o      802.1Q VLAN support.

       o      Port mirroring, with optional VLAN tagging.

       o      NetFlow v5 flow logging.

       o      sFlow(R) monitoring.

       o      Connectivity to an external OpenFlow controller, such as NOX.

       Only a single instance of ovs-vswitchd is intended to run at a time.  A
       single ovs-vswitchd can manage any number of switch  instances,	up  to
       the maximum number of supported Open vSwitch datapaths.

       ovs-vswitchd  does  all	the necessary management of Open vSwitch data-
       paths itself.  Thus, external tools, such ovs-dpctl(8), are not	needed
       for  managing datapaths in conjunction with ovs-vswitchd, and their use
       to modify datapaths when	ovs-vswitchd is	running	can interfere with its
       operation.  (ovs-dpctl may still	be useful for diagnostics.)

       An  Open	vSwitch	datapath kernel	module must be loaded for ovs-vswitchd
       to be useful.  Please refer to the INSTALL.Linux	file included  in  the
       Open vSwitch distribution for instructions on how to build and load the
       Open vSwitch kernel module.

OPTIONS
       --mlockall
	      Causes ovs-vswitchd to call the mlockall() function, to  attempt
	      to  lock all of its process memory into physical RAM, preventing
	      the kernel from paging any of its	memory to disk.	 This helps to
	      avoid networking interruptions due to system memory pressure.

	      Some systems do not support mlockall() at	all, and other systems
	      only allow privileged users, such	as the superuser, to  use  it.
	      ovs-vswitchd emits a log message if mlockall() is	unavailable or
	      unsuccessful.

   Daemon Options
       The following options are valid on POSIX	based platforms.

       --pidfile[=pidfile]
	      Causes a file (by	default, ovs-vswitchd.pid) to be created indi-
	      cating  the PID of the running process.  If the pidfile argument
	      is not specified,	or if it does not begin	with  /,  then	it  is
	      created in /var/run/openvswitch.

	      If --pidfile is not specified, no	pidfile	is created.

       --overwrite-pidfile
	      By  default,  when --pidfile is specified	and the	specified pid-
	      file  already  exists  and  is  locked  by  a  running  process,
	      ovs-vswitchd  refuses  to	start.	Specify	--overwrite-pidfile to
	      cause it to instead overwrite the	pidfile.

	      When --pidfile is	not specified, this option has no effect.

       --detach
	      Causes ovs-vswitchd to detach itself from	the foreground session
	      and  run as a background process.	ovs-vswitchd detaches only af-
	      ter it has connected to the database, retrieved the initial con-
	      figuration, and set up that configuration.

       --monitor
	      Creates  an  additional process to monitor the ovs-vswitchd dae-
	      mon.  If the daemon dies due to a	signal that indicates  a  pro-
	      gramming	error  (SIGABRT, SIGALRM, SIGBUS, SIGFPE, SIGILL, SIG-
	      PIPE, SIGSEGV, SIGXCPU, or SIGXFSZ)  then	 the  monitor  process
	      starts  a	 new  copy of it.  If the daemon dies or exits for an-
	      other reason, the	monitor	process	exits.

	      This option is normally used with	--detach, but  it  also	 func-
	      tions without it.

       --no-chdir
	      By default, when --detach	is specified, ovs-vswitchd changes its
	      current working directory	to the root  directory	after  it  de-
	      taches.  Otherwise, invoking ovs-vswitchd	from a carelessly cho-
	      sen directory would prevent the  administrator  from  unmounting
	      the file system that holds that directory.

	      Specifying   --no-chdir  suppresses  this	 behavior,  preventing
	      ovs-vswitchd from	changing its current working directory.	  This
	      may  be useful for collecting core files,	since it is common be-
	      havior to	write core dumps into the  current  working  directory
	      and the root directory is	not a good directory to	use.

	      This option has no effect	when --detach is not specified.

   Service Options
       The following options are valid only on Windows platform.

       --service
	      Causes  ovs-vswitchd  to run as a	service	in the background. The
	      service should already have been created through external	 tools
	      like SC.exe.

       --service-monitor
	      Causes the ovs-vswitchd service to be automatically restarted by
	      the Windows services manager if the service dies	or  exits  for
	      unexpected reasons.

	      When --service is	not specified, this option has no effect.

   Public Key Infrastructure Options
       -p privkey.pem
       --private-key=privkey.pem
	      Specifies	 a  PEM	 file  containing  the	private	 key  used  as
	      ovs-vswitchd's identity for outgoing SSL connections.

       -c cert.pem
       --certificate=cert.pem
	      Specifies	a PEM file containing a	certificate that certifies the
	      private  key specified on	-p or --private-key to be trustworthy.
	      The certificate must be signed by	the certificate	authority (CA)
	      that the peer in SSL connections will use	to verify it.

       -C cacert.pem
       --ca-cert=cacert.pem
	      Specifies	  a  PEM  file	containing  the	 CA  certificate  that
	      ovs-vswitchd should use to verify	certificates presented	to  it
	      by  SSL peers.  (This may	be the same certificate	that SSL peers
	      use to verify the	certificate specified on -c or	--certificate,
	      or  it  may  be  a different one,	depending on the PKI design in
	      use.)

       -C none
       --ca-cert=none
	      Disables verification of certificates presented  by  SSL	peers.
	      This  introduces a security risk,	because	it means that certifi-
	      cates cannot be verified to be those of known trusted hosts.

       --bootstrap-ca-cert=cacert.pem
	      When cacert.pem exists, this option has the same effect as -C or
	      --ca-cert.  If it	does not exist,	then ovs-vswitchd will attempt
	      to obtain	the CA certificate from	the SSL	peer on	its first  SSL
	      connection and save it to	the named PEM file.  If	it is success-
	      ful, it will immediately drop the	connection and reconnect,  and
	      from then	on all SSL connections must be authenticated by	a cer-
	      tificate signed by the CA	certificate thus obtained.

	      This option exposes the SSL connection  to  a  man-in-the-middle
	      attack  obtaining	the initial CA certificate, but	it may be use-
	      ful for bootstrapping.

	      This option is only useful if the	SSL peer sends its CA certifi-
	      cate  as	part  of  the SSL certificate chain.  The SSL protocol
	      does not require the server to send the CA certificate.

	      This option is mutually exclusive	with -C	and --ca-cert.

       -v[spec]
       --verbose=[spec]
	      Sets logging levels.  Without any	spec, sets the log  level  for
	      every  module and	facility to dbg.  Otherwise, spec is a list of
	      words separated by spaces	or commas or colons, up	 to  one  from
	      each category below:

	      o	     A	valid  module name, as displayed by the	vlog/list com-
		     mand on ovs-appctl(8), limits the log level change	to the
		     specified module.

	      o	     syslog,  console,	or file, to limit the log level	change
		     to	only to	the system log,	to the console,	or to a	 file,
		     respectively.

		     On	 Windows platform, syslog is accepted as a word	and is
		     only useful along with the	 --syslog-target  option  (the
		     word has no effect	otherwise).

	      o	     off,  emer,  err,	warn, info, or dbg, to control the log
		     level.  Messages of the given severity or higher will  be
		     logged,  and  messages of lower severity will be filtered
		     out.  off filters out all	messages.   See	 ovs-appctl(8)
		     for a definition of each log level.

	      Case is not significant within spec.

	      Regardless  of  the  log	levels set for file, logging to	a file
	      will not take place unless --log-file is also specified (see be-
	      low).

	      For compatibility	with older versions of OVS, any	is accepted as
	      a	word but has no	effect.

       -v
       --verbose
	      Sets the maximum logging verbosity level,	equivalent  to	--ver-
	      bose=dbg.

       -vPATTERN:facility:pattern
       --verbose=PATTERN:facility:pattern
	      Sets  the	log pattern for	facility to pattern.  Refer to ovs-ap-
	      pctl(8) for a description	of the valid syntax for	pattern.

       --log-file[=file]
	      Enables logging to a file.  If file is  specified,  then	it  is
	      used  as	the exact name for the log file.  The default log file
	      name   used   if	 file	 is    omitted	  is	/var/log/open-
	      vswitch/ovs-vswitchd.log.

       --syslog-target=host:port
	      Send  syslog  messages  to  UDP port on host, in addition	to the
	      system syslog.  The host must be a numerical IP address,	not  a
	      hostname.

       -h
       --help Prints a brief help message to the console.

       -V
       --version
	      Prints version information to the	console.

RUNTIME	MANAGEMENT COMMANDS
       ovs-appctl(8) can send commands to a running ovs-vswitchd process.  The
       currently supported commands are	described below.  The command descrip-
       tions assume an understanding of	how to configure Open vSwitch.

   GENERAL COMMANDS
       exit   Causes ovs-vswitchd to gracefully	terminate.

       qos/show	interface
	      Queries the kernel for Quality of	Service	configuration and sta-
	      tistics associated with the given	interface.

       bfd/show	[interface]
	      Displays detailed	information about Bidirectional	Forwarding De-
	      tection configured on interface.	If interface is	not specified,
	      then displays detailed information about all interfaces with BFD
	      enabled.

       bfd/set-forwarding [interface] status
	      Force  the  fault	 status	of the BFD module on interface (or all
	      interfaces if none is  given)  to	 be  status.   status  can  be
	      "true",  "false",	 or "normal" which reverts to the standard be-
	      havior.

       cfm/show	[interface]
	      Displays detailed	information about Connectivity	Fault  Manage-
	      ment  configured	on  interface.	If interface is	not specified,
	      then displays detailed information about all interfaces with CFM
	      enabled.

       cfm/set-fault [interface] status
	      Force  the  fault	 status	of the CFM module on interface (or all
	      interfaces if none is  given)  to	 be  status.   status  can  be
	      "true",  "false",	 or "normal" which reverts to the standard be-
	      havior.

       stp/tcn [bridge]
	      Forces a topology	change event on	bridge if  it's	 running  STP.
	      This  may	 cause it to send Topology Change Notifications	to its
	      peers and	flush its MAC table..  If no bridge is given, forces a
	      topology change event on all bridges.

   BRIDGE COMMANDS
       These commands manage bridges.

       fdb/flush [bridge]
	      Flushes  bridge  MAC address learning table, or all learning ta-
	      bles if no bridge	is given.

       fdb/show	bridge
	      Lists each  MAC  address/VLAN  pair  learned  by	the  specified
	      bridge,  along with the port on which it was learned and the age
	      of the entry, in seconds.

       bridge/reconnect	[bridge]
	      Makes bridge drop	all of its OpenFlow controller connections and
	      reconnect.   If  bridge  is not specified, then all bridges drop
	      their controller connections and reconnect.

	      This command might be useful for debugging  OpenFlow  controller
	      issues.

       bridge/dump-flows bridge
	      Lists  all  flows	 in bridge, including those normally hidden to
	      commands such as ovs-ofctl dump-flows.  Flows set	up  by	mecha-
	      nisms  such as in-band control and fail-open are hidden from the
	      controller since it is not allowed to modify or override them.

   BOND	COMMANDS
       These commands manage bonded ports on an	Open  vSwitch's	 bridges.   To
       understand  some	of these commands, it is important to understand a de-
       tail of the bonding implementation  called  ``source  load  balancing''
       (SLB).	Instead	 of  directly  assigning  Ethernet source addresses to
       slaves, the bonding implementation computes a  function	that  maps  an
       48-bit  Ethernet	 source	 addresses into	an 8-bit value (a ``MAC	hash''
       value).	All of the Ethernet addresses that map to a single 8-bit value
       are then	assigned to a single slave.

       bond/list
	      Lists all	of the bonds, and their	slaves,	on each	bridge.

       bond/show [port]
	      Lists  all of the	bond-specific information (updelay, downdelay,
	      time until the next rebalance) about the given bonded  port,  or
	      all  bonded  ports  if no	port is	given.	Also lists information
	      about each slave:	whether	it is enabled or disabled, the time to
	      completion  of  an  updelay  or downdelay	if one is in progress,
	      whether it is the	active	slave,	the  hashes  assigned  to  the
	      slave.   Any  LACP information related to	this bond may be found
	      using the	lacp/show command.

       bond/migrate port hash slave
	      Only valid for SLB bonds.	 Assigns a given MAC  hash  to	a  new
	      slave.   port  specifies	the bond port, hash the	MAC hash to be
	      migrated (as a decimal number between 0 and 255),	and slave  the
	      new slave	to be assigned.

	      The reassignment is not permanent: rebalancing or	fail-over will
	      cause the	MAC hash to be shifted to a new	 slave	in  the	 usual
	      manner.

	      A	MAC hash cannot	be migrated to a disabled slave.

       bond/set-active-slave port slave
	      Sets slave as the	active slave on	port.  slave must currently be
	      enabled.

	      The setting is not permanent: a new active  slave	 will  be  se-
	      lected if	slave becomes disabled.

       bond/enable-slave port slave
       bond/disable-slave port slave
	      Enables (or disables) slave on the given bond port, skipping any
	      updelay (or downdelay).

	      This setting is not permanent: it	persists only until  the  car-
	      rier status of slave changes.

       bond/hash mac [vlan] [basis]
	      Returns the hash value which would be used for mac with vlan and
	      basis if specified.

       lacp/show [port]
	      Lists all	of the LACP related information	about the given	 port:
	      active or	passive, aggregation key, system id, and system	prior-
	      ity.  Also lists information about each slave: whether it	is en-
	      abled  or	 disabled, whether it is attached or detached, port id
	      and priority, actor information, and  partner  information.   If
	      port  is not specified, then displays detailed information about
	      all interfaces with CFM enabled.

   DATAPATH COMMANDS
       These commands manage logical datapaths.	 They are are similar  to  the
       equivalent ovs-dpctl commands.

       dpif/dump-dps
	      Prints the name of each configured datapath on a separate	line.

       dpif/show
	      Prints  a	 summary of configured datapaths, including statistics
	      and a list of connected ports.  The  port	 information  includes
	      the  OpenFlow  port  number, datapath port number, and the type.
	      (The local port is identified as OpenFlow	port 65534.)

       dpif/dump-flows [-m] dp
	      Prints to	the console all	flow entries in	datapath dp's flow ta-
	      ble. Without -m, output omits match fields that a	flow wildcards
	      entirely;	with -m	output includes	all wildcarded fields.

	      This command is primarily	useful	for  debugging	Open  vSwitch.
	      The  flow	 table	entries	that it	displays are not OpenFlow flow
	      entries.	Instead, they are different and	 considerably  simpler
	      flows maintained by the datapath module.	If you wish to see the
	      OpenFlow flow entries, use ovs-ofctl dump-flows.

       dpif/del-flows dp
	      Deletes all flow entries from datapath dp's flow table  and  un-
	      derlying datapath	implementation (e.g., kernel datapath module).

	      This command is primarily	useful for debugging Open vSwitch.  As
	      discussed	in dpif/dump-flows, these  entries  are	 not  OpenFlow
	      flow entries.

   OFPROTO COMMANDS
       These  commands	manage the core	OpenFlow switch	implementation (called
       ofproto).

       ofproto/list
	      Lists the	names of the running ofproto instances.	 These are the
	      names that may be	used on	ofproto/trace.

       ofproto/trace [dpname] odp_flow [-generate | packet]
       ofproto/trace bridge br_flow [-generate | packet]
       ofproto/trace-packet-out	 [-consistent]	[dpname] odp_flow [-generate |
       packet] actions
       ofproto/trace-packet-out	 [-consistent]	bridge	br_flow	 [-generate  |
       packet] actions
	      Traces  the  path	 of an imaginary packet	through	switch and re-
	      ports the	path that it  took.   The  initial  treatment  of  the
	      packet varies based on the command:

	      o	     ofproto/trace  looks  the	packet up in the OpenFlow flow
		     table, as if the packet had arrived on an OpenFlow	port.

	      o	     ofproto/trace-packet-out applies the  specified  OpenFlow
		     actions,  as  if  the  packet, flow, and actions had been
		     specified in an OpenFlow ``packet-out'' request.

	      The packet's headers (e.g. source	and destination) and  metadata
	      (e.g. input port), together called its ``flow,'' are usually all
	      that matter for the purpose of tracing a packet.	You can	 spec-
	      ify the flow in the following ways:

	      dpname odp_flow
		     odp_flow  is a flow in the	form printed by	ovs-dpctl(8)'s
		     dump-flows	command.  If all of your bridges have the same
		     type, which is the	common case, then you can omit dpname,
		     but if you	have bridges of	 different  types  (say,  both
		     ovs-netdev	 and  ovs-system),  then you need to specify a
		     dpname to disambiguate.

	      bridge br_flow
		     br_flow is	a flow in the form similar to that accepted by
		     ovs-ofctl(8)'s  add-flow  command.	 (This is not an Open-
		     Flow flow:	besides	other differences, it  never  contains
		     wildcards.)   bridge  names  of  the bridge through which
		     br_flow should be traced.

	      Most commonly, one specifies only	a flow,	using one of the forms
	      above,  but sometimes one	might need to specify an actual	packet
	      instead of just a	flow:

	      Side effects.
		     Some actions have side effects.  For example, the	normal
		     action  can  update the MAC learning table, and the learn
		     action can	change OpenFlow	tables.	  The  trace  commands
		     only perform side effects when a packet is	specified.  If
		     you want side effects to take place, then you must	supply
		     a packet.

		     (Output  actions  are obviously side effects too, but the
		     trace commands never execute them,	even when  one	speci-
		     fies a packet.)

	      Incomplete information.
		     Most  of the time,	Open vSwitch can figure	out everything
		     about the path of a packet	using just the	flow,  but  in
		     some  special  circumstances it needs to look at parts of
		     the packet	that are not included in the flow.  When  this
		     is	the case, and you do not supply	a packet, then a trace
		     command will tell you it needs a packet.

	      If you wish to include a packet as part of  a  trace  operation,
	      there are	two ways to do it:

	      -generate
		     This  option,  added to one of the	ways to	specify	a flow
		     already described,	causes Open vSwitch to internally gen-
		     erate  a  packet  with the	flow described and then	to use
		     that packet.  If your goal	is to  execute	side  effects,
		     then -generate is the easiest way to do it, but -generate
		     is	not a good way to fill in incomplete information,  be-
		     cause  it generates packets based on only the flow	infor-
		     mation, which means that the packets really do  not  have
		     any more information than the flow.

	      packet This  form	 supplies  an explicit packet as a sequence of
		     hex digits.  An Ethernet frame is at least	14 bytes long,
		     so	 there	must be	at least 28 hex	digits.	 Obviously, it
		     is	inconvenient to	type in	the hex	digits by hand,	so the
		     ovs-pcap(1) and ovs-tcpundump(1) utilities	provide	easier
		     ways.

		     With this form, packet  headers  are  extracted  directly
		     from  packet,  so	the odp_flow or	br_flow	should specify
		     only metadata. The	metadata can be:

		     skb_priority
			    Packet QoS priority.

		     pkt_mark
			    Mark of the	packet.

		     tun_id The	tunnel ID on which the packet arrived.

		     in_port
			    The	port on	which the packet arrived.

	      The in_port value	is kernel datapath port	number for  the	 first
	      format  and OpenFlow port	number for the second format. The num-
	      bering of	these two types	of port	usually	differs	and  there  is
	      no relationship.

	      ofproto-trace-packet-out	accepts	 an additional -consistent op-
	      tion.  With this option specified, the command  rejects  actions
	      that are inconsistent with the specified packet.	(An example of
	      an inconsistency is attempting to	strip  the  VLAN  tag  from  a
	      packet  that  does  not  have a VLAN tag.)  Open vSwitch ignores
	      most forms of inconsistency in OpenFlow 1.0 and  rejects	incon-
	      sistencies  in later versions of OpenFlow.  The option is	neces-
	      sary because the command does not	ordinarily imply a  particular
	      OpenFlow	version.  One exception	is that, when actions includes
	      an action	that only OpenFlow 1.1 and  later  supports  (such  as
	      push_vlan), -consistent is automatically enabled.

       ofproto/self-check [switch]
	      Runs an internal consistency check on switch, if specified, oth-
	      erwise on	all ofproto instances, and responds with a brief  sum-
	      mary  of	the  results.  If the summary reports any errors, then
	      the Open vSwitch logs should contain more	detailed  information.
	      Please  pass  along  errors reported by this command to the Open
	      vSwitch developers as bugs.

   VLOG	COMMANDS
       These commands manage ovs-vswitchd's logging settings.

       vlog/set	[spec]
	      Sets logging levels.  Without any	spec, sets the log  level  for
	      every  module and	facility to dbg.  Otherwise, spec is a list of
	      words separated by spaces	or commas or colons, up	 to  one  from
	      each category below:

	      o	     A	valid  module name, as displayed by the	vlog/list com-
		     mand on ovs-appctl(8), limits the log level change	to the
		     specified module.

	      o	     syslog,  console,	or file, to limit the log level	change
		     to	only to	the system log,	to the console,	or to a	 file,
		     respectively.

		     On	 Windows platform, syslog is accepted as a word	and is
		     only useful along with the	 --syslog-target  option  (the
		     word has no effect	otherwise).

	      o	     off,  emer,  err,	warn, info, or dbg, to control the log
		     level.  Messages of the given severity or higher will  be
		     logged,  and  messages of lower severity will be filtered
		     out.  off filters out all	messages.   See	 ovs-appctl(8)
		     for a definition of each log level.

	      Case is not significant within spec.

	      Regardless  of  the  log	levels set for file, logging to	a file
	      will not take place unless ovs-vswitchd  was  invoked  with  the
	      --log-file option.

	      For compatibility	with older versions of OVS, any	is accepted as
	      a	word but has no	effect.

       vlog/set	PATTERN:facility:pattern
	      Sets the log pattern for facility	to pattern.  Refer to  ovs-ap-
	      pctl(8) for a description	of the valid syntax for	pattern.

       vlog/list
	      Lists the	supported logging modules and their current levels.

       vlog/reopen
	      Causes  ovs-vswitchd to close and	reopen its log file.  (This is
	      useful after rotating log	files, to cause	a new log file	to  be
	      used.)

	      This  has	 no  effect  unless  ovs-vswitchd was invoked with the
	      --log-file option.

       vlog/disable-rate-limit [module]...
       vlog/enable-rate-limit [module]...
	      By default, ovs-vswitchd limits the rate at which	 certain  mes-
	      sages  can  be  logged.	When  a	message	would appear more fre-
	      quently than the limit,  it  is  suppressed.   This  saves  disk
	      space,  makes  logs easier to read, and speeds up	execution, but
	      occasionally troubleshooting requires more  detail.   Therefore,
	      vlog/disable-rate-limit allows rate limits to be disabled	at the
	      level of an individual log module.  Specify one or  more	module
	      names, as	displayed by the vlog/list command.  Specifying	either
	      no module	names at all or	the keyword any	disables  rate	limits
	      for every	log module.

	      The  vlog/enable-rate-limit command, whose syntax	is the same as
	      vlog/disable-rate-limit, can be used to re-enable	a  rate	 limit
	      that was previously disabled.

   MEMORY COMMANDS
       These commands report memory usage.

       memory/show
	      Displays	some  basic statistics about ovs-vswitchd's memory us-
	      age.  ovs-vswitchd also logs this	information soon after startup
	      and periodically as its memory consumption grows.

   COVERAGE COMMANDS
       These commands manage ovs-vswitchd's ``coverage counters,'' which count
       the number of times particular events occur during a daemon's  runtime.
       In addition to these commands, ovs-vswitchd automatically logs coverage
       counter values, at INFO level, when it detects that the	daemon's  main
       loop takes unusually long to run.

       Coverage	counters are useful mainly for performance analysis and	debug-
       ging.

       coverage/show
	      Displays the averaged per-second rates for the last few seconds,
	      the  last	 minute	and the	last hour, and the total counts	of all
	      of the coverage counters.

OPENFLOW IMPLEMENTATION
       This section documents aspects of OpenFlow for which the	OpenFlow spec-
       ification requires documentation.

   Packet buffering.
       The OpenFlow specification, version 1.2,	says:

	      Switches	that  implement	 buffering  are	 expected  to  expose,
	      through documentation, both the amount of	 available  buffering,
	      and the length of	time before buffers may	be reused.

       Open  vSwitch  maintains	 a separate set	of 256 packet buffers for each
       OpenFlow	connection.  Any given packet buffer is	preserved until	it  is
       referenced by an	OFPT_FLOW_MOD or OFPT_PACKET_OUT request or for	5 sec-
       onds, whichever comes first.

LIMITS
       We believe these	limits to be accurate as of this writing.  These  lim-
       its assume the use of the Linux kernel datapath.

       o      ovs-vswitchd started through ovs-ctl(8) provides a limit of 7500
	      file descriptors.	 The limits on the number of bridges and ports
	      is  decided  by  the availability	of file	descriptors.  With the
	      Linux kernel datapath, creation of a single  bridge  consumes  3
	      file  descriptors	 and adding a port consumes 1 file descriptor.
	      Performance will degrade beyond 1,024 ports per  bridge  due  to
	      fixed  hash  table  sizing.   Other platforms may	have different
	      limitations.

       o      2,048 MAC	learning entries per bridge,  by  default.   (This  is
	      configurable  via	 other-config:mac-table-size in	the Bridge ta-
	      ble.  See	ovs-vswitchd.conf.db(5)	for details.)

       o      Kernel flows are limited only by memory available	to the kernel.
	      Performance  will	 degrade  beyond  1,048,576  kernel  flows per
	      bridge with a 32-bit kernel, beyond 262,144 with a  64-bit  ker-
	      nel.  (ovs-vswitchd should never install anywhere	near that many
	      flows.)

       o      OpenFlow flows are limited only by  available  memory.   Perfor-
	      mance is linear in the number of unique wildcard patterns.  That
	      is, an OpenFlow table that contains many flows that all match on
	      the  same	fields in the same way has a constant-time lookup, but
	      a	table that contains many flows that match on different	fields
	      requires lookup time linear in the number	of flows.

       o      255  ports per bridge participating in 802.1D Spanning Tree Pro-
	      tocol.

       o      32 mirrors per bridge.

       o      15 bytes for the name of a port.	(This is a Linux kernel	 limi-
	      tation.)

SEE ALSO
       ovs-appctl(8),  ovsdb-server(1),	INSTALL.Linux in the Open vSwitch dis-
       tribution.

Open vSwitch			     2.3.3		       ovs-vswitchd(8)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | RUNTIME MANAGEMENT COMMANDS | OPENFLOW IMPLEMENTATION | LIMITS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ovs-vswitchd&sektion=8&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help