NM-OPENVSWITCH(7) OpenVSwitch support overview NM-OPENVSWITCH(7)
nm-openvswitch - overview of NetworkManager OpenVSwitch support
NetworkManager includes basic OpenVSwitch support, good enough to be
capable of setting up simple OpenVSwitch configurations. It is not
extensive and does not expose all functionality of OpenVSwitch
provides. For large or complicated deployments users are advised to use
native tools shipped with OpenVSwitch. This document seeks to provide
overview of functionality currently provided by NetworkManager, its
capabilities and limitations.
First and foremost: NetworkManager applies the configuration by
modifying the OVSDB directly. Its configuration model follows the OVSDB
database model closely and it does not provide the level of abstraction
In practical terms it means the following:
· NetworkManager only ever talks to a single OVSDB instance via an
UNIX domain socket.
· The configuration is made up of Bridges, Ports and Interfaces.
Interfaces are always enslaved to Ports, and Ports are always
enslaved to Bridges.
· NetworkManager only creates Bridges, Ports and Interfaces you ask
it to. Unlike ovs-vsctl, it doesn't create the local interface nor
its port automatically.
· You can't enslave Interface directly to a Bridge. You always need a
Port, even if it has just one interface.
· There are no VLANs. The VLAN tagging is enabled by setting a
ovs-port.tag property on a Port.
· There are no bonds either. The bonding is enabled by enslaving
multiple Interfaces to a Port and configured by setting properties
on a port.
Bridges are represented by connections of ovs-bridge type. Due to the
limitations of OVSDB, "empty" Bridges (with no Ports) can't exist.
NetworkManager inserts the records for Bridges into OVSDB when a Port
Ports are represented by connections of ovs-port type. Due to the
limitations of OVSDB, "empty" Ports (with no Interfaces) can't exist.
Ports can also be configured to do VLAN tagging or Bonding.
NetworkManager inserts the records for Ports into OVSDB when an
Interface is enslaved. Ports must be enslaved to a Bridge.
Interfaces are represented by a connections enslaved to a Port. The
system interfaces (that have a corresponding Linux link) have a
respective connection.type of the link (e.g. "wired", "bond", "dummy",
etc.). Other interfaces ("internal" or "patch" interfaces) are of
ovs-interface type. The OVSDB entries are inserted upon enslavement to
Example 1. Creating a Bridge with a single internal Interface
$ nmcli conn add type ovs-bridge conn.interface bridge0
Connection 'ovs-bridge-bridge0' (d10fc64d-1d48-4394-a1b8-e1aea72f27d5) successfully added.
$ nmcli conn add type ovs-port conn.interface port0 master bridge0
Connection 'ovs-port-port0' (5ae22bae-bba4-4815-9ade-7e635633e1f0) successfully added.
$ nmcli conn add type ovs-interface conn.interface iface0 master port0 \
ipv4.method manual ipv4.address 192.0.2.1/24
Connection 'ovs-interface-iface0' (3640d2a1-a2fd-4718-92f1-cffadb5b6cdc) successfully added.
As said above, you need to create a Port even for a single interface.
Also, before you add the Interface, the Bridge and Port devices appear
active, but are not configured in OVSDB yet. You can inspect the
results with ovs-vsctl show.
Example 2. Adding a Linux interface to a Bridge
$ nmcli conn add type ovs-port conn.interface port1 master bridge0
Connection 'ovs-port-port1' (67d041eb-8e7b-4458-afee-a1d07c9c4552) successfully added.
$ nmcli conn add type ethernet conn.interface eth0 master port1
Connection 'ovs-slave-eth0' (d459c45c-cf78-4c1c-b4b7-505e71379624) successfully added.
Again, you need a port.
Example 3. Creating a VLAN
$ nmcli conn add type ovs-port conn.interface port2 master bridge0 ovs-port.tag 120
Connection 'ovs-port-port2' (3994c093-4ef7-4549-a4fd-627b831c3cb8) successfully added.
$ nmcli conn add type ethernet conn.interface eth1 master port2
Connection 'ovs-slave-eth1' (099be06e-71ad-484d-8d5a-fcadc5f207f5) successfully added.
It's just a port with a tag.
Example 4. Creating a Bond
$ nmcli conn add type ovs-port conn.interface bond0 master bridge0
Connection 'ovs-port-bond0' (d154ebf9-e999-4e1b-a084-a3de53d25d8a) successfully added.
$ nmcli conn add type ethernet conn.interface eth2 master bond0
Connection 'ovs-slave-eth2' (475ac1bf-30b2-4534-a877-27f33f58b082) successfully added.
$ nmcli conn add type ethernet conn.interface eth3 master bond0
Connection 'ovs-slave-eth3' (8dedeecb-ed12-482b-b77a-24a4fb835136) successfully added.
It's just a Port with multiple interfaces. See nm-settings manual for
Bonding options you can use with "nmcli c add" or "nmcli c modify". You
could even set a VLAN tag on the same Port to do VLAN tagging and
bonding at the same time.
· Not all OpenVSwitch capabilities are supported.
· OpenVSwitch devices don't expose many useful properties on D-Bus.
Probably many more.
RFC 7047: The Open vSwitch Database Management Protocol, ovs-
vsctl(8), ovs-vswitchd.conf.db(5), nm-settings(5), nmcli(1)
1. RFC 7047: The Open vSwitch Database Management Protocol
NetworkManager 1.14.0 NM-OPENVSWITCH(7)