From patchwork Sat Oct 10 04:20:37 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Pfaff X-Patchwork-Id: 528538 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (unknown [IPv6:2600:3c00::f03c:91ff:fe6e:bdf7]) by ozlabs.org (Postfix) with ESMTP id 66B2F1401F0 for ; Sat, 10 Oct 2015 15:21:24 +1100 (AEDT) Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id 13D6010B87; Fri, 9 Oct 2015 21:21:18 -0700 (PDT) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx3v1.cudamail.com (mx3.cudamail.com [64.34.241.5]) by archives.nicira.com (Postfix) with ESMTPS id 8A3CE10B4F for ; Fri, 9 Oct 2015 21:21:16 -0700 (PDT) Received: from bar4.cudamail.com (bar2 [192.168.15.2]) by mx3v1.cudamail.com (Postfix) with ESMTP id 8CF10D48B8 for ; Fri, 9 Oct 2015 22:21:15 -0600 (MDT) X-ASG-Debug-ID: 1444450875-03dc213abd8e910001-byXFYA Received: from mx3-pf1.cudamail.com ([192.168.14.2]) by bar4.cudamail.com with ESMTP id hD9kClgASdlMjPgL (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 09 Oct 2015 22:21:15 -0600 (MDT) X-Barracuda-Envelope-From: blp@nicira.com X-Barracuda-RBL-Trusted-Forwarder: 192.168.14.2 Received: from unknown (HELO mail-pa0-f47.google.com) (209.85.220.47) by mx3-pf1.cudamail.com with ESMTPS (RC4-SHA encrypted); 10 Oct 2015 04:21:14 -0000 Received-SPF: unknown (mx3-pf1.cudamail.com: Multiple SPF records returned) X-Barracuda-RBL-Trusted-Forwarder: 209.85.220.47 Received: by pablk4 with SMTP id lk4so104033181pab.3 for ; Fri, 09 Oct 2015 21:21:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=1qbr8nI67HSENoRXFljCMUN4oWkYoHsydskAJmIO9Gw=; b=BRaM3Y31GbWohAVSWbq/67CnCyKEevJrphIwbiaBoN9ufH2a9O0l6ZRWbaBtgiqcMi YflOF1bshWc8dgQnFsWSeqJzGsuuiQhPfaN59S/+dNzxP4TgsF+47Zn4XCOw+rxUkEXC q4xXBfYGPPhxXRR2SZzzzyicJrlnKBiiSwVFQSPepQ9YPs5t32XnLBTe1QCvTwb6qnej p+Twt9wWAOI/mhGPyRQv/ndC46YLbm5bde3+mBBHBJa32teO5VomUykxtnc/JeEevwfZ qvgrD4PYKnfqMsQK6dszfXFJ4EwjI2/PgGbBEBKcmsJ/SW2qUeILbKz02F8ViUbBua1e UMlA== X-Gm-Message-State: ALoCoQkHMxM6IHevRA9yiqX8PLcmpkZiJpu5+ZRjH9pF+YsaZ0cDZx7GBqu6/H35DGzbkmn6n6Ze X-Received: by 10.68.228.101 with SMTP id sh5mr7868684pbc.157.1444450874539; Fri, 09 Oct 2015 21:21:14 -0700 (PDT) Received: from sigabrt.gateway.sonic.net (173-228-112-112.dsl.dynamic.fusionbroadband.com. [173.228.112.112]) by smtp.gmail.com with ESMTPSA id o3sm5365390pap.37.2015.10.09.21.21.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 09 Oct 2015 21:21:13 -0700 (PDT) X-CudaMail-Envelope-Sender: blp@nicira.com X-Barracuda-Apparent-Source-IP: 173.228.112.112 From: Ben Pfaff To: dev@openvswitch.org X-CudaMail-Whitelist-To: dev@openvswitch.org X-CudaMail-MID: CM-V1-1008077709 X-CudaMail-DTE: 100915 X-CudaMail-Originating-IP: 209.85.220.47 Date: Fri, 9 Oct 2015 21:20:37 -0700 X-ASG-Orig-Subj: [##CM-V1-1008077709##][PATCH 18/23] ovn-nb.xml: Reorganize documentation for Logical_Port table. Message-Id: <1444450838-12150-7-git-send-email-blp@nicira.com> X-Mailer: git-send-email 2.1.3 In-Reply-To: <1444450838-12150-1-git-send-email-blp@nicira.com> References: <1444450838-12150-1-git-send-email-blp@nicira.com> X-Barracuda-Connect: UNKNOWN[192.168.14.2] X-Barracuda-Start-Time: 1444450875 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?= X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 Cc: Ben Pfaff Subject: [ovs-dev] [PATCH 18/23] ovn-nb.xml: Reorganize documentation for Logical_Port table. X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dev-bounces@openvswitch.org Sender: "dev" This uses the column grouping feature and the ability to document an individual key within a column to better, in my opinion, organize the documentation for the Logical_Port table. This will make it easier to document a new port type that a future commit will add. Signed-off-by: Ben Pfaff Acked-by: Justin Pettit --- ovn/ovn-nb.xml | 382 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 202 insertions(+), 180 deletions(-) diff --git a/ovn/ovn-nb.xml b/ovn/ovn-nb.xml index 78b146e..37556cf 100644 --- a/ovn/ovn-nb.xml +++ b/ovn/ovn-nb.xml @@ -86,207 +86,229 @@ A port within an L2 logical switch.

- -

- The logical port name. -

+ + +

+ The logical port name. +

-

- For entities (VMs or containers) that are spawned in the hypervisor, - the name used here must match those used in the in the - database's table, because hypervisors use as a lookup - key to identify the network interface of that entity. -

+

+ For entities (VMs or containers) that are spawned in the hypervisor, + the name used here must match those used in the in the + database's table, because hypervisors use as a lookup + key to identify the network interface of that entity. +

-

- For containers that are spawned inside a VM, the name can be - any unique identifier. In such a case, - must be populated. -

-
+

+ For containers that share a VIF within a VM, the name can be any + unique identifier. See Containers, below, for more + information. +

+
- -

- Specify a type for this logical port. Logical ports can be used to model - other types of connectivity into an OVN logical switch. Leaving this - column blank maintains the default logical port behavior, which is - for a VM (or VIF) interface. The following other types are defined: -

+ +

+ Specify a type for this logical port. Logical ports can be used to + model other types of connectivity into an OVN logical switch. The + following types are defined: +

-
-
localnet
-
A connection to a locally accessible network from each - ovn-controller instance. A logical switch can only - have a single localnet port attached and at most one - regular logical port. This is used to model direct connectivity - to an existing network.
-
- -
-
vtep
-
A port to a logical switch on a VTEP gateway. In order - to get this port correctly recognized by the OVN controller, the - :vtep-physical-switch - and :vtep-logical-switch - must also be defined.
-
-
+
+
(empty string)
+
+ A VM (or VIF) interface. +
+ +
localnet
+
+ A connection to a locally accessible network from each + ovn-controller instance. A logical switch can only + have a single localnet port attached and at most one + regular logical port. This is used to model direct connectivity to + an existing network. +
+ +
vtep
+
+ A port to a logical switch on a VTEP gateway. +
+
+
+ - -

+ + This column provides key/value settings specific to the logical port - . The following options are defined: -

+ . The type-specific options are described + individually below. +
-
-
network_name
-
- Must be set when is localnet. - ovn-controller uses local configuration to determine - exactly how to connect to this locally accessible network. -
-
- -
-
vtep-physical-switch
-
- The name of the VTEP gateway. Must be set when - is vtep. -
-
- -
-
vtep-logical-switch
-
- A logical switch name connected by the VTEP gateway. Must be - set when is vtep. -
-
- + +

+ These options apply when is + localnet. +

- - When identifies the interface of a container - spawned inside a tenant VM, this column represents the VM interface - through which the container interface sends its network traffic. - The name used here must match those used in the in the - table, because hypervisors in this case use - as a lookup key to identify the network interface - of the tenant VM. - + + Required. The name of the network to which the localnet + port is connected. Each hypervisor, via ovn-controller, + uses its local configuration to determine exactly how to connect to + this locally accessible network. + +
- -

- When is empty and identifies - the interface of a container spawned inside a tenant VM, this column - identifies the VLAN tag in the network traffic associated with that - container's network interface. When there are multiple container - interfaces inside a VM, all of them send their network traffic through a - single VM network interface and this value helps OVN identify the correct - container interface. -

- -

- When is set to localnet, this can be - set to indicate that the port represents a connection to a specific - VLAN on a locally accessible network. The VLAN ID is used to match - incoming traffic and is also added to outgoing traffic. -

-
+ +

+ These options apply when is vtep. +

- - This column is populated by ovn-northd, rather than by - the CMS plugin as is most of this database. When a logical port is bound - to a physical location in the OVN Southbound database table, ovn-northd - sets this column to true; otherwise, or if the port - becomes unbound later, it sets it to false. This - allows the CMS to wait for a VM's (or container's) networking to - become active before it allows the VM (or container) to start. - + + Required. The name of the VTEP gateway. + - - This column is used to administratively set port state. If this column is - empty or is set to true, the port is enabled. If this column - is set to false, the port is disabled. A disabled port has all - ingress and egress traffic dropped. - + + Required. A logical switch name connected by the VTEP gateway. + +
+ - +

- Addresses owned by the logical port. + When a large number of containers are nested within a VM, it may be too + expensive to dedicate a VIF to each container. OVN can use VLAN tags + to support such cases. Each container is assigned a VLAN ID and each + packet that passes between the hypervisor and the VM is tagged with the + appropriate ID for the container. Such VLAN IDs never appear on a + physical wire, even inside a tunnel, so they need not be unique except + relative to a single VM on a hypervisor.

- Each element in the set must take one of the following forms: + These columns are used for VIFs that represent nested containers using + shared VIFs. For VMs and for containers that have dedicated VIFs, they + are empty.

-
-
xx:xx:xx:xx:xx:xx
-
-

- An Ethernet address owned by the logical port. Like a physical - Ethernet NIC, a logical port ordinarily has a single fixed Ethernet - address. -

- -

- When a OVN logical switch processes a unicast Ethernet frame whose - destination MAC address is in a logical port's column, it delivers it only to that port, as - if a MAC learning process had learned that MAC address on the port. -

-
- -
xx:xx:xx:xx:xx:xx a.b.c.d
-
-

- This form has all the effects of the previous form. It also - indicates that the logical port owns the given IPv4 address. -

- -

- The OVN logical switch uses this information to synthesize - responses to ARP requests without traversing the physical network. - The OVN logical router connected to the logical switch, if any, - uses this information to avoid issuing ARP requests for logical - switch ports. -

-
- -
unknown
-
- This indicates that the logical port has an unknown set of Ethernet - addresses. When an OVN logical switch processes a unicast Ethernet - frame whose destination MAC address is not in any logical port's column, it delivers it to the port (or ports) - whose columns include unknown. -
-
-
+ + The VM interface through which the nested container sends its network + traffic. This must match the column for some + other . + - -

- A set of L2 (Ethernet) addresses - from which the logical port is allowed to send packets and to which it - is allowed to receive packets. If this column is empty, all addresses - are permitted. Logical ports are always allowed to receive packets - addressed to multicast and broadcast addresses. -

+ +

+ The VLAN tag in the network traffic associated with a container's + network interface. +

-

- Each member of the set is an Ethernet address in the form - xx:xx:xx:xx:xx:xx. -

+

+ When is set to localnet, this can + be set to indicate that the port represents a connection to a + specific VLAN on a locally accessible network. The VLAN ID is used to + match incoming traffic and is also added to outgoing traffic. +

+
+ -

- This specification will be extended to support L3 port security. -

-
+ + + This column is populated by ovn-northd, rather than by the + CMS plugin as is most of this database. When a logical port is bound + to a physical location in the OVN Southbound database table, ovn-northd + sets this column to true; otherwise, or if the port + becomes unbound later, it sets it to false. This allows + the CMS to wait for a VM's (or container's) networking to become active + before it allows the VM (or container) to start. + + + + This column is used to administratively set port state. If this column + is empty or is set to true, the port is enabled. If this + column is set to false, the port is disabled. A disabled + port has all ingress and egress traffic dropped. + + + + + + +

+ Addresses owned by the logical port. +

+ +

+ Each element in the set must take one of the following forms: +

+ +
+
xx:xx:xx:xx:xx:xx
+
+

+ An Ethernet address owned by the logical port. Like a physical + Ethernet NIC, a logical port ordinarily has a single fixed + Ethernet address. +

+ +

+ When a OVN logical switch processes a unicast Ethernet frame + whose destination MAC address is in a logical port's column, it delivers it only to that port, as + if a MAC learning process had learned that MAC address on the + port. +

+
+ +
xx:xx:xx:xx:xx:xx a.b.c.d
+
+

+ This form has all the effects of the previous form. It also + indicates that the logical port owns the given IPv4 address. +

+ +

+ The OVN logical switch uses this information to synthesize + responses to ARP requests without traversing the physical + network. The OVN logical router connected to the logical switch, + if any, uses this information to avoid issuing ARP requests for + logical switch ports. +

+
+ +
unknown
+
+ This indicates that the logical port has an unknown set of Ethernet + addresses. When an OVN logical switch processes a unicast Ethernet + frame whose destination MAC address is not in any logical port's + column, it delivers it to the port (or + ports) whose columns include + unknown. +
+
+
+ + +

+ A set of L2 (Ethernet) addresses from which the logical port is + allowed to send packets and to which it is allowed to receive + packets. If this column is empty, all addresses are permitted. + Logical ports are always allowed to receive packets addressed to + multicast and broadcast addresses. +

+ +

+ Each member of the set is an Ethernet address in the form + xx:xx:xx:xx:xx:xx. +

+ +

+ This specification will be extended to support L3 port security. +

+
+