1ovn-nb(5)                     Open vSwitch Manual                    ovn-nb(5)
2
3
4

NAME

6       ovn-nb - OVN_Northbound database schema
7
8       This  database  is  the  interface between OVN and the cloud management
9       system (CMS), such as OpenStack, running above  it.  The  CMS  produces
10       almost all of the contents of the database. The ovn-northd program mon‐
11       itors the database contents, transforms it,  and  stores  it  into  the
12       OVN_Southbound database.
13
14       We  generally  speak  of  ``the’’ CMS, but one can imagine scenarios in
15       which multiple CMSes manage different parts of an OVN deployment.
16
17   External IDs
18       Each of the tables in this database contains a  special  column,  named
19       external_ids.  This  column has the same form and purpose each place it
20       appears.
21
22              external_ids: map of string-string pairs
23                     Key-value pairs for use by the CMS.  The  CMS  might  use
24                     certain  pairs,  for example, to identify entities in its
25                     own configuration that correspond to those in this  data‐
26                     base.
27

TABLE SUMMARY

29       The  following list summarizes the purpose of each of the tables in the
30       OVN_Northbound database.  Each table is described in more detail  on  a
31       later page.
32
33       Table     Purpose
34       NB_Global Northbound configuration
35       Logical_Switch
36                 L2 logical switch
37       Logical_Switch_Port
38                 L2 logical switch port
39       Forwarding_Group
40                 forwarding group
41       Address_Set
42                 Address Sets
43       Port_Group
44                 Port Groups
45       Load_Balancer
46                 load balancer
47       Load_Balancer_Health_Check
48                 load balancer
49       ACL       Access Control List (ACL) rule
50       Logical_Router
51                 L3 logical router
52       QoS       QoS rule
53       Meter     Meter entry
54       Meter_Band
55                 Band for meter entries
56       Logical_Router_Port
57                 L3 logical router port
58       Logical_Router_Static_Route
59                 Logical router static routes
60       Logical_Router_Policy
61                 Logical router policies
62       NAT       NAT rules
63       DHCP_Options
64                 DHCP options
65       Connection
66                 OVSDB client connections.
67       DNS       Native DNS resolution
68       SSL       SSL configuration.
69       Gateway_Chassis
70                 Gateway_Chassis configuration.
71       HA_Chassis_Group
72                 HA_Chassis_Group configuration.
73       HA_Chassis
74                 HA_Chassis configuration.
75       BFD       BFD configuration.
76

NB_Global TABLE

78       Northbound  configuration  for  an  OVN  system.  This  table must have
79       exactly one row.
80
81   Summary:
82       Identity:
83         name                        string
84       Status:
85         nb_cfg                      integer
86         nb_cfg_timestamp            integer
87         sb_cfg                      integer
88         sb_cfg_timestamp            integer
89         hv_cfg                      integer
90         hv_cfg_timestamp            integer
91       Common Columns:
92         external_ids                map of string-string pairs
93       Common options:
94         options                     map of string-string pairs
95         Options for configuring BFD:
96            options : bfd-min-rx     optional string
97            options : bfd-decay-min-rx
98                                     optional string
99            options : bfd-min-tx     optional string
100            options : bfd-mult       optional string
101         options : mac_prefix        optional string
102         options : controller_event  optional string, either true or false
103         options : northd_probe_interval
104                                     optional string
105         options : use_logical_dp_groups
106                                     optional string
107         options : ignore_lsp_down   optional string
108         Options for configuring interconnection route advertisement:
109            options : ic-route-adv   optional string
110            options : ic-route-learn optional string
111            options : ic-route-adv-default
112                                     optional string
113            options : ic-route-learn-default
114                                     optional string
115            options : ic-route-blacklist
116                                     optional string
117       Connection Options:
118         connections                 set of Connections
119         ssl                         optional SSL
120       Security Configurations:
121         ipsec                       boolean
122       Read-only Options:
123         options : max_tunid         optional string
124
125   Details:
126     Identity:
127
128       name: string
129              The name of the OVN cluster, which uniquely identifies  the  OVN
130              cluster  throughout  all  OVN  clusters supposed to interconnect
131              with each other.
132
133     Status:
134
135       These columns allow a client to track the overall  configuration  state
136       of the system.
137
138       nb_cfg: integer
139              Sequence  number for client to increment. When a client modifies
140              any part of the northbound database configuration and wishes  to
141              wait  for ovn-northd and possibly all of the hypervisors to fin‐
142              ish applying the changes, it may increment this sequence number.
143
144       nb_cfg_timestamp: integer
145              The timestamp, in milliseconds since the epoch, when  ovn-northd
146              sees the latest nb_cfg and starts processing.
147
148              To print the timestamp as a human-readable date:
149
150                        date -d "@$(ovn-nbctl get NB_Global . nb_cfg_timestamp | sed ’s/...$//’)"
151
152
153       sb_cfg: integer
154              Sequence  number  that  ovn-northd  sets  to the value of nb_cfg
155              after  it  finishes  applying  the  corresponding  configuration
156              changes to the OVN_Southbound database.
157
158       sb_cfg_timestamp: integer
159              The  timestamp, in milliseconds since the epoch, when ovn-northd
160              finishes applying the corresponding configuration changes to the
161              OVN_Southbound database successfully.
162
163       hv_cfg: integer
164              Sequence  number  that  ovn-northd sets to the smallest sequence
165              number of all the chassis in the  system,  as  reported  in  the
166              Chassis_Private  table  in the southbound database. Thus, hv_cfg
167              equals nb_cfg if all chassis are caught up with  the  northbound
168              configuration  (which may never happen, if any chassis is down).
169              This value can regress, if a chassis was removed from the system
170              and rejoins before catching up.
171
172              If  there  are  no  chassis,  then  ovn-northd  copies nb_cfg to
173              hv_cfg. Thus, in this case, the  (nonexistent)  hypervisors  are
174              always  considered  to be caught up. This means that hypervisors
175              can be "caught up" even in cases where sb_cfg  would  show  that
176              the southbound database is not. To detect when both the hypervi‐
177              sors and the southbound database are caught up, a client  should
178              take the smaller of sb_cfg and hv_cfg.
179
180       hv_cfg_timestamp: integer
181              The  largest  timestamp, in milliseconds since the epoch, of the
182              smallest sequence number of all the chassis in  the  system,  as
183              reported  in  the  Chassis_Private table in the southbound data‐
184              base. In other words, this timestamp reflects the time when  the
185              slowest  chassis  catches  up with the northbound configuration,
186              which is useful for end-to-end control  plane  latency  measure‐
187              ment.
188
189     Common Columns:
190
191       external_ids: map of string-string pairs
192              See External IDs at the beginning of this document.
193
194     Common options:
195
196       options: map of string-string pairs
197              This  column  provides general key/value settings. The supported
198              options are described individually below.
199
200     Options for configuring BFD:
201
202       These options apply  when  ovn-controller  configures  BFD  on  tunnels
203       interfaces.
204
205       options : bfd-min-rx: optional string
206              BFD  option  min-rx  value to use when configuring BFD on tunnel
207              interfaces.
208
209       options : bfd-decay-min-rx: optional string
210              BFD option decay-min-rx value to use  when  configuring  BFD  on
211              tunnel interfaces.
212
213       options : bfd-min-tx: optional string
214              BFD  option  min-tx  value to use when configuring BFD on tunnel
215              interfaces.
216
217       options : bfd-mult: optional string
218              BFD option mult value to use  when  configuring  BFD  on  tunnel
219              interfaces.
220
221       options : mac_prefix: optional string
222              Configure  a  given  OUI to be used as prefix when L2 address is
223              dynamically assigned, e.g. 00:11:22
224
225       options : controller_event: optional string, either true or false
226              Value set by the  CMS  to  enable/disable  ovn-controller  event
227              reporting.  Traffic into OVS can raise a ’controller’ event that
228              results  in  a  Controller_Event  being  written  to  the   Con‐
229              troller_Event table in SBDB. When the CMS has seen the event and
230              taken appropriate action, it can remove the correponding row  in
231              Controller_Event  table.  The  intention is for a CMS to see the
232              events and take  some  sort  of  action.  Please  see  the  Con‐
233              troller_Event table in SBDB. It is possible to associate a meter
234              to each controller event type in order to not overload the pinc‐
235              trl  thread  under heavy load. Each event type relies on a meter
236              with a defined name:
237
238              ·      empty_lb_backends: event-elb
239
240       options : northd_probe_interval: optional string
241              The inactivity probe interval  of  the  connection  to  the  OVN
242              Northbound  and  Southbound  databases  from ovn-northd, in mil‐
243              liseconds. If the value is  zero,  it  disables  the  connection
244              keepalive feature.
245
246              If the value is nonzero, then it will be forced to a value of at
247              least 1000 ms.
248
249       options : use_logical_dp_groups: optional string
250              If set to true, ovn-northd will combine logical flows that  dif‐
251              fers  only  by  logical datapath into a single logical flow with
252              logical datapath group attached.
253
254              While this should significantly reduce number of  logical  flows
255              stored  in Southbound database this could also increase process‐
256              ing complexity on the ovn-controller side, e.g.,  ovn-controller
257              will  re-consider  logical  flow  for all logical datapaths in a
258              group. If the option set to false, there will be separate  logi‐
259              cal flow per logical datapath and only this flow will be re-con‐
260              sidered.
261
262              The default value is false.
263
264       options : ignore_lsp_down: optional string
265              If set to false, ARP/ND reply flows  for  logical  switch  ports
266              will  be  installed  only  if  the port is up, i.e. claimed by a
267              Chassis. If set to true, these flows are installed regardless of
268              the status of the port, which can result in a situation that ARP
269              request to an IP is resolved even before  the  relevant  VM/con‐
270              tainer  is running. For environments where this is not an issue,
271              setting it to true can reduce the load and latency of  the  con‐
272              trol plane. The default value is false.
273
274     Options for configuring interconnection route advertisement:
275
276       These options control how routes are advertised between OVN deployments
277       for interconnection. If enabled, ovn-ic from different OVN  deployments
278       exchanges  routes  between  each other through the global OVN_IC_South‐
279       bound database. Only routers with ports  connected  to  interconnection
280       transit  switches participate in route advertisement. For each of these
281       routers, there are two types of routes to be advertised:
282
283       Firstly, the static routes configured in the router are advertised.
284
285       Secondly, the networks configured in the logical router ports that  are
286       not  on  the  transit  switches are advertised. These are considered as
287       directly connected subnets on the router.
288
289       Link local prefixes (IPv4 169.254.0.0/16 and IPv6 FE80::/10) are  never
290       advertised.
291
292       The  learned  routes are added to the static_routes column of the Logi‐
293       cal_Router table, with external_ids:ic-learned-route set to the uuid of
294       the row in Route table of the OVN_IC_Southbound database.
295
296       options : ic-route-adv: optional string
297              A  boolean  value that enables route advertisement to the global
298              OVN_IC_Southbound database. Default is false.
299
300       options : ic-route-learn: optional string
301              A boolean value that enables  route  learning  from  the  global
302              OVN_IC_Southbound database. Default is false.
303
304       options : ic-route-adv-default: optional string
305              A  boolean  value  that enables advertising default route to the
306              global OVN_IC_Southbound database. Default is false. This option
307              takes effect only when option ic-route-adv is true.
308
309       options : ic-route-learn-default: optional string
310              A  boolean  value  that  enables learning default route from the
311              global OVN_IC_Southbound database. Default is false. This option
312              takes effect only when option ic-route-learn is true.
313
314       options : ic-route-blacklist: optional string
315              A  string  value  contains  a  list of CIDRs delimited by ",". A
316              route will not be advertised or learned if  the  route’s  prefix
317              belongs to any of the CIDRs listed.
318
319     Connection Options:
320
321       connections: set of Connections
322              Database  clients  to  which  the  Open  vSwitch database server
323              should connect or on which it should listen, along with  options
324              for  how these connections should be configured. See the Connec‐
325              tion table for more information.
326
327       ssl: optional SSL
328              Global SSL configuration.
329
330     Security Configurations:
331
332       ipsec: boolean
333              Tunnel encryption configuration. If this column  is  set  to  be
334              true, all OVN tunnels will be encrypted with IPsec.
335
336     Read-only Options:
337
338       options : max_tunid: optional string
339              The  maximum supported tunnel ID. Depends on types of encapsula‐
340              tion enabled in the cluster.
341

Logical_Switch TABLE

343       Each row represents one L2 logical switch.
344
345       There are two kinds of logical switches, that is, ones that fully  vir‐
346       tualize  the  network  (overlay logical switches) and ones that provide
347       simple connectivity to physical networks  (bridged  logical  switches).
348       They  work  in the same way when providing connectivity between logical
349       ports on same chassis, but differently when connecting  remote  logical
350       ports.  Overlay  logical  switches connect remote logical ports by tun‐
351       nels, while bridged logical switches  provide  connectivity  to  remote
352       ports  by  bridging  the packets to directly connected physical L2 seg‐
353       ments with the help of localnet ports. Each bridged logical switch  has
354       one  or  more  localnet  ports,  which  have  only  one special address
355       unknown.
356
357   Summary:
358       ports                         set of Logical_Switch_Ports
359       load_balancer                 set of weak reference to Load_Balancers
360       acls                          set of ACLs
361       qos_rules                     set of QoSes
362       dns_records                   set of weak reference to DNSes
363       forwarding_groups             set of Forwarding_Groups
364       Naming:
365         name                        string
366         external_ids : neutron:network_name
367                                     optional string
368       IP Address Assignment:
369         other_config : subnet       optional string
370         other_config : exclude_ips  optional string
371         other_config : ipv6_prefix  optional string
372         other_config : mac_only     optional string, either true or false
373       IP Multicast Snooping Options:
374         other_config : mcast_snoop  optional string, either true or false
375         other_config : mcast_querier
376                                     optional string, either true or false
377         other_config : mcast_flood_unregistered
378                                     optional string, either true or false
379         other_config : mcast_table_size
380                                     optional string, containing  an  integer,
381                                     in range 1 to 32,766
382         other_config : mcast_idle_timeout
383                                     optional  string,  containing an integer,
384                                     in range 15 to 3,600
385         other_config : mcast_query_interval
386                                     optional string, containing  an  integer,
387                                     in range 1 to 3,600
388         other_config : mcast_query_max_response
389                                     optional  string,  containing an integer,
390                                     in range 1 to 10
391         other_config : mcast_eth_src
392                                     optional string
393         other_config : mcast_ip4_src
394                                     optional string
395         other_config : mcast_ip6_src
396                                     optional string
397       Interconnection:
398         other_config : interconn-ts
399                                     optional string
400       Tunnel Key:
401         other_config : requested-tnl-key
402                                     optional string, containing  an  integer,
403                                     in range 1 to 16,777,215
404       Other options:
405         other_config : vlan-passthru
406                                     optional string, either true or false
407       Common Columns:
408         external_ids                map of string-string pairs
409
410   Details:
411       ports: set of Logical_Switch_Ports
412              The logical ports connected to the logical switch.
413
414              It is an error for multiple logical switches to include the same
415              logical port.
416
417       load_balancer: set of weak reference to Load_Balancers
418              Load balance a virtual ip address to a set of logical port  end‐
419              point ip addresses.
420
421       acls: set of ACLs
422              Access  control  rules  that apply to packets within the logical
423              switch.
424
425       qos_rules: set of QoSes
426              QoS marking and metering rules that apply to packets within  the
427              logical switch.
428
429       dns_records: set of weak reference to DNSes
430              This  column  defines  the  DNS records to be used for resolving
431              internal DNS queries within the logical switch by the native DNS
432              resolver. Please see the DNS table.
433
434       forwarding_groups: set of Forwarding_Groups
435              Groups  a set of logical port endpoints for traffic going out of
436              the logical switch.
437
438     Naming:
439
440       These columns provide names for the logical switch. From OVN’s perspec‐
441       tive, these names have no special meaning or purpose other than to pro‐
442       vide convenience for human interaction with the database. There  is  no
443       requirement  for  the name to be unique. (For a unique identifier for a
444       logical switch, use its row UUID.)
445
446       (Originally, name was intended to serve the purpose of a human-friendly
447       name,  but the Neutron integration used it to uniquely identify its own
448       switch object, in the format neutron-uuid. Later  on,  Neutron  started
449       propagating  the friendly name of a switch as external_ids:neutron:net‐
450       work_name. Perhaps this can be cleaned up someday.)
451
452       name: string
453              A name for the logical switch.
454
455       external_ids : neutron:network_name: optional string
456              Another name for the logical switch.
457
458     IP Address Assignment:
459
460       These options control automatic IP address management (IPAM) for  ports
461       attached to the logical switch. To enable IPAM for IPv4, set other_con‐
462       fig:subnet and optionally other_config:exclude_ips. To enable IPAM  for
463       IPv6,  set  other_config:ipv6_prefix.  IPv4  and  IPv6  may  be enabled
464       together or separately.
465
466       To request dynamic address assignment for a particular  port,  use  the
467       dynamic   keyword   in   the  addresses  column  of  the  port’s  Logi‐
468       cal_Switch_Port row. This requests both an IPv4 and an IPv6 address, if
469       IPAM for IPv4 and IPv6 are both enabled.
470
471       other_config : subnet: optional string
472              Set  this  to  an  IPv4  subnet,  e.g. 192.168.0.0/24, to enable
473              ovn-northd to automatically assign IP addresses within that sub‐
474              net.
475
476       other_config : exclude_ips: optional string
477              To  exclude some addresses from automatic IP address management,
478              set this to a list of the IPv4 addresses or ..-delimited  ranges
479              to  exclude. The addresses or ranges should be a subset of those
480              in other_config:subnet.
481
482              Whether listed or not, ovn-northd will never allocate the  first
483              or   last   address   in   a  subnet,  such  as  192.168.0.0  or
484              192.168.0.255 in 192.168.0.0/24.
485
486              Examples:
487
488              ·      192.168.0.2 192.168.0.10
489
490              ·      192.168.0.4                    192.168.0.30..192.168.0.60
491                     192.168.0.110..192.168.0.120
492
493              ·      192.168.0.110..192.168.0.120   192.168.0.25..192.168.0.30
494                     192.168.0.144
495
496       other_config : ipv6_prefix: optional string
497              Set this to an IPv6 prefix to enable ovn-northd to automatically
498              assign  IPv6  addresses  using  this  prefix.  The assigned IPv6
499              address will be generated using the  IPv6  prefix  and  the  MAC
500              address (converted to an IEEE EUI64 identifier) of the port. The
501              IPv6 prefix defined here should be a valid IPv6  address  ending
502              with ::.
503
504              Examples:
505
506              ·      aef0::
507
508              ·      bef0:1234:a890:5678::
509
510              ·      8230:5678::
511
512       other_config : mac_only: optional string, either true or false
513              Value  used to request to assign L2 address only if neither sub‐
514              net nor ipv6_prefix are specified
515
516     IP Multicast Snooping Options:
517
518       These options control IP Multicast Snooping configuration of the  logi‐
519       cal   switch.   To   enable   IP   Multicast  Snooping  set  other_con‐
520       fig:mcast_snoop to true. To enable IP Multicast Querier set  other_con‐
521       fig:mcast_snoop  to true. If IP Multicast Querier is enabled other_con‐
522       fig:mcast_eth_src and other_config:mcast_ip4_src must be set.
523
524       other_config : mcast_snoop: optional string, either true or false
525              Enables/disables IP Multicast Snooping on the logical switch.
526
527       other_config : mcast_querier: optional string, either true or false
528              Enables/disables IP Multicast Querier on the logical switch.
529
530       other_config : mcast_flood_unregistered: optional string,  either  true
531       or false
532              Determines  whether  unregistered  multicast  traffic  should be
533              flooded or not. Only applicable if  other_config:mcast_snoop  is
534              enabled.
535
536       other_config  :  mcast_table_size: optional string, containing an inte‐
537       ger, in range 1 to 32,766
538              Number of multicast groups to be stored. Default: 2048.
539
540       other_config : mcast_idle_timeout: optional string, containing an inte‐
541       ger, in range 15 to 3,600
542              Configures the IP Multicast Snooping group idle timeout (in sec‐
543              onds). Default: 300 seconds.
544
545       other_config : mcast_query_interval:  optional  string,  containing  an
546       integer, in range 1 to 3,600
547              Configures the IP Multicast Querier interval between queries (in
548              seconds). Default: other_config:mcast_idle_timeout / 2.
549
550       other_config : mcast_query_max_response: optional string, containing an
551       integer, in range 1 to 10
552              Configures  the  value of the "max-response" field in the multi‐
553              cast queries originated by the logical switch. Default:  1  sec‐
554              ond.
555
556       other_config : mcast_eth_src: optional string
557              Configures the source Ethernet address for queries originated by
558              the logical switch.
559
560       other_config : mcast_ip4_src: optional string
561              Configures the source IPv4 address for queries originated by the
562              logical switch.
563
564       other_config : mcast_ip6_src: optional string
565              Configures the source IPv6 address for queries originated by the
566              logical switch.
567
568     Interconnection:
569
570       other_config : interconn-ts: optional string
571              The name of corresponding transit  switch  in  OVN_IC_Northbound
572              database.  This kind of logical switch is created and controlled
573              by ovn-ic.
574
575     Tunnel Key:
576
577       other_config : requested-tnl-key: optional string, containing an  inte‐
578       ger, in range 1 to 16,777,215
579              Configures  the datapath tunnel key for the logical switch. Usu‐
580              ally this is not needed because ovn-northd will assign an unique
581              key  for  each datapath by itself. However, if it is configured,
582              ovn-northd honors the configured value. The typical use case  is
583              for  interconnection:  the tunnel keys for transit switches need
584              to be unique globally, so they  are  maintained  in  the  global
585              OVN_IC_Southbound  database,  and  ovn-ic simply syncs the value
586              from OVN_IC_Southbound through this config.
587
588     Other options:
589
590       other_config : vlan-passthru: optional string, either true or false
591              Determines  whether  VLAN  tagged  incoming  traffic  should  be
592              allowed.
593
594     Common Columns:
595
596       external_ids: map of string-string pairs
597              See External IDs at the beginning of this document.
598

Logical_Switch_Port TABLE

600       A port within an L2 logical switch.
601
602   Summary:
603       Core Features:
604         name                        string (must be unique within table)
605         type                        string
606       Options:
607         options                     map of string-string pairs
608         Options for router ports:
609            options : router-port    optional string
610            options : nat-addresses  optional string
611         Options for localnet ports:
612            options : network_name   optional string
613         Options for l2gateway ports:
614            options : network_name   optional string
615            options : l2gateway-chassis
616                                     optional string
617         Options for vtep ports:
618            options : vtep-physical-switch
619                                     optional string
620            options : vtep-logical-switch
621                                     optional string
622         VMI (or VIF) Options:
623            options : requested-chassis
624                                     optional string
625            options : qos_max_rate   optional string
626            options : qos_burst      optional string
627         Virtual port Options:
628            options : virtual-ip     optional string
629            options : virtual-parents
630                                     optional string
631         IP Multicast Snooping Options:
632            options : mcast_flood    optional string, either true or false
633            options : mcast_flood_reports
634                                     optional string, either true or false
635       Containers:
636         parent_name                 optional string
637         tag_request                 optional integer, in range 0 to 4,095
638         tag                         optional integer, in range 1 to 4,095
639       Port State:
640         up                          optional boolean
641         enabled                     optional boolean
642       Addressing:
643         addresses                   set of strings
644         dynamic_addresses           optional string
645         port_security               set of strings
646       DHCP:
647         dhcpv4_options              optional weak reference to DHCP_Options
648         dhcpv6_options              optional weak reference to DHCP_Options
649       ha_chassis_group              optional HA_Chassis_Group
650       Naming:
651         external_ids : neutron:port_name
652                                     optional string
653       Tunnel Key:
654         options : requested-tnl-key
655                                     optional  string,  containing an integer,
656                                     in range 1 to 32,767
657       Common Columns:
658         external_ids                map of string-string pairs
659
660   Details:
661     Core Features:
662
663       name: string (must be unique within table)
664              The logical port name.
665
666              For entities (VMs or containers) that are spawned in the  hyper‐
667              visor,  the  name  used here must match those used in the exter‐
668              nal_ids:iface-id in the Open_vSwitch database’s Interface table,
669              because hypervisors use external_ids:iface-id as a lookup key to
670              identify the network interface of that entity.
671
672              For containers that share a VIF within a VM, the name can be any
673              unique identifier. See Containers, below, for more information.
674
675              A  logical  switch  port may not have the same name as a logical
676              router port, but the database schema cannot enforce this.
677
678       type: string
679              Specify a type for this logical port. Logical ports can be  used
680              to model other types of connectivity into an OVN logical switch.
681              The following types are defined:
682
683              (empty string)
684                     A VM (or VIF) interface.
685
686              router A  connection  to  a  logical  router.   The   value   of
687                     options:router-port  specifies  the  name  of  the  Logi‐
688                     cal_Router_Port to which this logical switch port is con‐
689                     nected.
690
691              localnet
692                     A   connection  to  a  locally  accessible  network  from
693                     ovn-controller instances that have a corresponding bridge
694                     mapping.  A  logical  switch  can  have multiple localnet
695                     ports attached. This type is used to model direct connec‐
696                     tivity  to  existing networks. In this case, each chassis
697                     should have a mapping for one of  the  physical  networks
698                     only.  Note:  nothing  said  above implies that a chassis
699                     cannot be plugged to multiple physical networks  as  long
700                     as they belong to different switches.
701
702              localport
703                     A  connection  to  a local VIF. Traffic that arrives on a
704                     localport is never forwarded over  a  tunnel  to  another
705                     chassis.  These  ports  are  present on every chassis and
706                     have the same address in all of them.  This  is  used  to
707                     model  connectivity  to  local services that run on every
708                     hypervisor.
709
710              l2gateway
711                     A connection to a physical network.
712
713              vtep   A port to a logical switch on a VTEP gateway.
714
715              external
716                     Represents a logical port which is external and not  hav‐
717                     ing an OVS port in the integration bridge. OVN will never
718                     receive any traffic from this port or send any traffic to
719                     this   port.   OVN   can  support  native  services  like
720                     DHCPv4/DHCPv6/DNS for this port. If  ha_chassis_group  is
721                     defined,  ovn-controller running in the master chassis of
722                     the HA chassis group will bind this port to provide these
723                     native  services. It is expected that this port belong to
724                     a bridged logical switch (with a localnet port).
725
726                     It is recommended to use the same HA  chassis  group  for
727                     all  the  external  ports of a logical switch. Otherwise,
728                     the physical switch might see MAC flap issue when differ‐
729                     ent chassis provide the native services. For example when
730                     supporting native DHCPv4 service, DHCPv4 server mac (con‐
731                     figured    in    options:server_mac   column   in   table
732                     DHCP_Options) originating from different ports can  cause
733                     MAC  flap  issue. The MAC of the logical router IP(s) can
734                     also flap if the same HA chassis group is not set for all
735                     the external ports of a logical switch.
736
737                     Below  are some of the use cases where external ports can
738                     be used.
739
740                     ·      VMs connected to SR-IOV nics - Traffic from  these
741                            VMs  by passes the kernel stack and local ovn-con‐
742                            troller do not bind these ports and  cannot  serve
743                            the native services.
744
745                     ·      When CMS supports provisioning baremetal servers.
746
747              virtual
748                     Represents a logical port which does not have an OVS port
749                     in the integration bridge and has a virtual ip configured
750                     in  the  options:virtual-ip  column.  This virtual ip can
751                     move around between the logical ports configured  in  the
752                     options:virtual-parents column.
753
754                     One of the use case where virtual ports can be used is.
755
756                     ·      The  virtual ip represents a load balancer vip and
757                            the virtual parents provide load balancer  service
758                            in an active-standby setup with the active virtual
759                            parent owning the virtual ip.
760
761              remote A remote port is to model a port that resides remotely on
762                     another OVN, which is on the other side of a transit log‐
763                     ical switch for OVN interconnection. This type  of  ports
764                     are  created  by  ovn-ic instead of by CMS. Any change to
765                     the port will be automatically overwritten by ovn-ic.
766
767     Options:
768
769       options: map of string-string pairs
770              This column provides key/value settings specific to the  logical
771              port  type. The type-specific options are described individually
772              below.
773
774     Options for router ports:
775
776       These options apply when type is router.
777
778       options : router-port: optional string
779              Required. The name of the Logical_Router_Port to which this log‐
780              ical switch port is connected.
781
782       options : nat-addresses: optional string
783              This  is  used  to  send  gratuitous  ARPs  for SNAT and DNAT IP
784              addresses via the localnet port that is  attached  to  the  same
785              logical  switch  as this type router port. This option is speci‐
786              fied on a logical switch port that is  connected  to  a  gateway
787              router, or a logical switch port that is connected to a distrib‐
788              uted gateway port on a logical router.
789
790              This must take one of the following forms:
791
792              router Gratuitous ARPs will be sent for all SNAT and DNAT exter‐
793                     nal  IP  addresses and for all load balancer IP addresses
794                     defined  on  the  options:router-port’s  logical  router,
795                     using the options:router-port’s MAC address.
796
797                     This  form  of options:nat-addresses is valid for logical
798                     switch ports where options:router-port is the name  of  a
799                     port  on  a  gateway router, or the name of a distributed
800                     gateway port.
801
802                     Supported only in OVN 2.8  and  later.  Earlier  versions
803                     required NAT addresses to be manually synchronized.
804
805              Ethernet address followed by one or more IPv4 addresses
806                     Example:   80:fa:5b:06:72:b7  158.36.44.22  158.36.44.24.
807                     This would result in generation of gratuitous ARPs for IP
808                     addresses   158.36.44.22  and  158.36.44.24  with  a  MAC
809                     address of 80:fa:5b:06:72:b7.
810
811                     This form of options:nat-addresses is only valid for log‐
812                     ical  switch  ports where options:router-port is the name
813                     of a port on a gateway router.
814
815     Options for localnet ports:
816
817       These options apply when type is localnet.
818
819       options : network_name: optional string
820              Required. The name of the network to which the localnet port  is
821              connected.  Each  hypervisor, via ovn-controller, uses its local
822              configuration to  determine  exactly  how  to  connect  to  this
823              locally accessible network, if at all.
824
825     Options for l2gateway ports:
826
827       These options apply when type is l2gateway.
828
829       options : network_name: optional string
830              Required. The name of the network to which the l2gateway port is
831              connected. The L2 gateway, via ovn-controller,  uses  its  local
832              configuration  to  determine exactly how to connect to this net‐
833              work.
834
835       options : l2gateway-chassis: optional string
836              Required. The chassis on which the l2gateway logical port should
837              be  bound to. ovn-controller running on the defined chassis will
838              connect this logical port to the physical network.
839
840     Options for vtep ports:
841
842       These options apply when type is vtep.
843
844       options : vtep-physical-switch: optional string
845              Required. The name of the VTEP gateway.
846
847       options : vtep-logical-switch: optional string
848              Required. A logical switch name connected by the VTEP gateway.
849
850     VMI (or VIF) Options:
851
852       These options apply to logical ports with type having (empty string)
853
854       options : requested-chassis: optional string
855              If set, identifies a specific chassis (by name or hostname) that
856              is  allowed  to  bind  this port. Using this option will prevent
857              thrashing between two chassis trying to bind the same port  dur‐
858              ing  a live migration. It can also prevent similar thrashing due
859              to a mis-configuration, if a port  is  accidentally  created  on
860              more than one chassis.
861
862       options : qos_max_rate: optional string
863              If  set,  indicates  the  maximum  rate  for data sent from this
864              interface, in bit/s. The traffic will  be  shaped  according  to
865              this limit.
866
867       options : qos_burst: optional string
868              If set, indicates the maximum burst size for data sent from this
869              interface, in bits.
870
871     Virtual port Options:
872
873       These options apply when type is virtual.
874
875       options : virtual-ip: optional string
876              This option represents the virtual IPv4 address.
877
878       options : virtual-parents: optional string
879              This options represents a set of logical port names (with in the
880              same  logical switch) which can own the virtual ip configured in
881              the options:virtual-ip. All these virtual parents should add the
882              virtual  ip  in the port_security if port security addressed are
883              enabled.
884
885     IP Multicast Snooping Options:
886
887       These options apply when the port is part of a logical switch which has
888       other_config :mcast_snoop set to true.
889
890       options : mcast_flood: optional string, either true or false
891              If  set to true, multicast packets (except reports) are uncondi‐
892              tionally forwarded to the specific port.
893
894       options : mcast_flood_reports: optional string, either true or false
895              If set to true, multicast reports are unconditionally  forwarded
896              to the specific port.
897
898     Containers:
899
900       When a large number of containers are nested within a VM, it may be too
901       expensive to dedicate a VIF to each container. OVN can use VLAN tags to
902       support  such  cases.  Each  container  is  assigned a VLAN ID and each
903       packet that passes between the hypervisor and the VM is tagged with the
904       appropriate ID for the container. Such VLAN IDs never appear on a phys‐
905       ical wire, even inside a tunnel, so they need not be unique except rel‐
906       ative to a single VM on a hypervisor.
907
908       These  columns are used for VIFs that represent nested containers using
909       shared VIFs. For VMs and for containers that have dedicated VIFs,  they
910       are empty.
911
912       parent_name: optional string
913              The  VM  interface  through which the nested container sends its
914              network traffic. This must match the name column for some  other
915              Logical_Switch_Port.
916
917       tag_request: optional integer, in range 0 to 4,095
918              The  VLAN  tag  in  the  network  traffic associated with a con‐
919              tainer’s network interface. The client can request ovn-northd to
920              allocate  a  tag  that  is unique within the scope of a specific
921              parent (specified in parent_name) by setting a  value  of  0  in
922              this column. The allocated value is written by ovn-northd in the
923              tag column. (Note that these  tags  are  allocated  and  managed
924              locally  in  ovn-northd,  so they cannot be reconstructed in the
925              event that the database is lost.) The client can also request  a
926              specific non-zero tag and ovn-northd will honor it and copy that
927              value to the tag column.
928
929              When type is set to localnet or l2gateway, this can  be  set  to
930              indicate  that  the  port  represents a connection to a specific
931              VLAN on a locally accessible network. The VLAN  ID  is  used  to
932              match incoming traffic and is also added to outgoing traffic.
933
934       tag: optional integer, in range 1 to 4,095
935              The  VLAN  tag  allocated by ovn-northd based on the contents of
936              the tag_request column.
937
938     Port State:
939
940       up: optional boolean
941              This column is populated by ovn-northd, rather than by  the  CMS
942              plugin as is most of this database. When a logical port is bound
943              to a physical location in the OVN  Southbound  database  Binding
944              table, ovn-northd sets this column to true; otherwise, or if the
945              port becomes unbound later, it sets it to false. If this  column
946              is  empty, the port is not considered up. This allows the CMS to
947              wait for a VM’s (or container’s)  networking  to  become  active
948              before it allows the VM (or container) to start.
949
950              Logical ports of router type are an exception to this rule. They
951              are considered to be always up, that is this  column  is  always
952              set to true.
953
954       enabled: optional boolean
955              This  column is used to administratively set port state. If this
956              column is empty or is set to true, the port is enabled. If  this
957              column  is  set  to false, the port is disabled. A disabled port
958              has all ingress and egress traffic dropped.
959
960     Addressing:
961
962       addresses: set of strings
963              Addresses owned by the logical port.
964
965              Each element in the set must take one of the following forms:
966
967              Ethernet address followed by zero or more IPv4 or IPv6 addresses
968              (or both)
969                     An Ethernet address defined is owned by the logical port.
970                     Like a physical Ethernet NIC, a logical  port  ordinarily
971                     has a single fixed Ethernet address.
972
973                     When  a  OVN  logical switch processes a unicast Ethernet
974                     frame whose destination  MAC  address  is  in  a  logical
975                     port’s  addresses  column,  it  delivers  it only to that
976                     port, as if a MAC learning process had learned  that  MAC
977                     address on the port.
978
979                     If  IPv4  or  IPv6  address(es) (or both) are defined, it
980                     indicates  that  the  logical  port  owns  the  given  IP
981                     addresses.
982
983                     If  IPv4  address(es) are defined, the OVN logical switch
984                     uses this information  to  synthesize  responses  to  ARP
985                     requests without traversing the physical network. The OVN
986                     logical router connected to the logical switch,  if  any,
987                     uses  this  information to avoid issuing ARP requests for
988                     logical switch ports.
989
990                     Note that the  order  here  is  important.  The  Ethernet
991                     address  must  be  listed  before  the  IP address(es) if
992                     defined.
993
994                     Examples:
995
996                     80:fa:5b:06:72:b7
997                            This indicates that  the  logical  port  owns  the
998                            above mac address.
999
1000                     80:fa:5b:06:72:b7 10.0.0.4 20.0.0.4
1001                            This  indicates that the logical port owns the mac
1002                            address and two IPv4 addresses.
1003
1004                     80:fa:5b:06:72:b7 fdaa:15f2:72cf:0:f816:3eff:fe20:3f41
1005                            This indicates that the logical port owns the  mac
1006                            address and 1 IPv6 address.
1007
1008                     80:fa:5b:06:72:b7                                10.0.0.4
1009                     fdaa:15f2:72cf:0:f816:3eff:fe20:3f41
1010                            This indicates that the logical port owns the  mac
1011                            address and 1 IPv4 address and 1 IPv6 address.
1012
1013              unknown
1014                     This  indicates  that the logical port has an unknown set
1015                     of Ethernet addresses. When an OVN  logical  switch  pro‐
1016                     cesses  a  unicast  Ethernet  frame whose destination MAC
1017                     address is not in any logical port’s addresses column, it
1018                     delivers  it  to the port (or ports) whose addresses col‐
1019                     umns include unknown.
1020
1021              dynamic
1022                     Use dynamic to make ovn-northd generate a globally unique
1023                     MAC address, choose an unused IPv4 address with the logi‐
1024                     cal port’s subnet (if other_config:subnet is set  in  the
1025                     port’s Logical_Switch), and generate an IPv6 address from
1026                     the MAC address (if other_config:ipv6_prefix  is  set  in
1027                     the  port’s  Logical_Switch) and store them in the port’s
1028                     dynamic_addresses column.
1029
1030                     Only  one  element  containing  dynamic  may  appear   in
1031                     addresses.
1032
1033              dynamic ip
1034              dynamic ipv6
1035              dynamic ip ipv6
1036                   These act like dynamic alone but specify particular IPv4 or
1037                   IPv6 addresses to use. OVN IPAM  will  still  automatically
1038                   allocate  the  other  address  if configured appropriately.
1039                   Example: dynamic 192.168.0.1 2001::1.
1040
1041              mac dynamic
1042                   This acts like dynamic alone but specifies a particular MAC
1043                   address  to use. OVN IPAM will still automatically allocate
1044                   IPv4 or IPv6 addresses, or both,  if  configured  appropri‐
1045                   ately. Example: 80:fa:5b:06:72:b7 dynamic
1046
1047              router
1048                   Accepted  only when type is router. This indicates that the
1049                   Ethernet, IPv4, and IPv6 addresses for this logical  switch
1050                   port  should  be obtained from the connected logical router
1051                   port, as specified by router-port in options.
1052
1053                   The resulting addresses are used to  populate  the  logical
1054                   switch’s  destination  lookup,  and  also  for  the logical
1055                   switch to generate ARP and ND replies.
1056
1057                   If the connected logical  router  port  has  a  distributed
1058                   gateway  port  specified  and  the logical router has rules
1059                   specified in nat with external_mac,  then  those  addresses
1060                   are also used to populate the switch’s destination lookup.
1061
1062                   Supported  only  in  OVN  2.7  and  later. Earlier versions
1063                   required router addresses to be manually synchronized.
1064
1065       dynamic_addresses: optional string
1066              Addresses assigned to the logical port by ovn-northd, if dynamic
1067              is  specified in addresses. Addresses will be of the same format
1068              as those that populate the addresses column. Note  that  dynami‐
1069              cally  assigned addresses are constructed and managed locally in
1070              ovn-northd, so they cannot be reconstructed in  the  event  that
1071              the database is lost.
1072
1073       port_security: set of strings
1074              This  column controls the addresses from which the host attached
1075              to the logical port (``the host’’) is allowed  to  send  packets
1076              and to which it is allowed to receive packets. If this column is
1077              empty, all addresses are permitted.
1078
1079              Each element in the set must begin with  one  Ethernet  address.
1080              This would restrict the host to sending packets from and receiv‐
1081              ing packets to the ethernet addresses  defined  in  the  logical
1082              port’s  port_security column. It also restricts the inner source
1083              MAC addresses that the host may send in ARP  and  IPv6  Neighbor
1084              Discovery packets. The host is always allowed to receive packets
1085              to multicast and broadcast Ethernet addresses.
1086
1087              Each element in the set may additionally  contain  one  or  more
1088              IPv4 or IPv6 addresses (or both), with optional masks. If a mask
1089              is given, it must be a CIDR mask. In addition  to  the  restric‐
1090              tions  described  for  Ethernet addresses above, such an element
1091              restricts the IPv4 or IPv6 addresses from  which  the  host  may
1092              send  and  to  which  it  may  receive  packets to the specified
1093              addresses. A masked address, if the host part is zero, indicates
1094              that  the  host  is allowed to use any address in the subnet; if
1095              the host part is nonzero, the mask simply indicates the size  of
1096              the subnet. In addition:
1097
1098              ·      If any IPv4 address is given, the host is also allowed to
1099                     receive packets  to  the  IPv4  local  broadcast  address
1100                     255.255.255.255   and   to   IPv4   multicast   addresses
1101                     (224.0.0.0/4). If an IPv4 address with a mask  is  given,
1102                     the host is also allowed to receive packets to the broad‐
1103                     cast address in that specified subnet.
1104
1105                     If any IPv4 address is given, the  host  is  additionally
1106                     restricted  to  sending  ARP  packets  with the specified
1107                     source IPv4 address. (RARP is not restricted.)
1108
1109              ·      If any IPv6 address is given, the host is also allowed to
1110                     receive packets to IPv6 multicast addresses (ff00::/8).
1111
1112                     If  any  IPv6  address is given, the host is additionally
1113                     restricted to sending IPv6 Neighbor  Discovery  Solicita‐
1114                     tion  or  Advertisement packets with the specified source
1115                     address or, for solicitations, the unspecified address.
1116
1117              If an element includes an IPv4 address, but no  IPv6  addresses,
1118              then IPv6 traffic is not allowed. If an element includes an IPv6
1119              address, but no IPv4 address, then IPv4 and ARP traffic  is  not
1120              allowed.
1121
1122              This  column uses the same lexical syntax as the match column in
1123              the OVN Southbound database’s Pipeline table. Multiple addresses
1124              within an element may be space or comma separated.
1125
1126              This  column  is  provided  as a convenience to cloud management
1127              systems, but all of the  features  that  it  implements  can  be
1128              implemented as ACLs using the ACL table.
1129
1130              Examples:
1131
1132              80:fa:5b:06:72:b7
1133                     The host may send traffic from and receive traffic to the
1134                     specified MAC address, and to receive traffic to Ethernet
1135                     multicast and broadcast addresses, but not otherwise. The
1136                     host may not send ARP or IPv6 Neighbor Discovery  packets
1137                     with  inner  source Ethernet addresses other than the one
1138                     specified.
1139
1140              80:fa:5b:06:72:b7 192.168.1.10/24
1141                     This adds further restrictions to the first example.  The
1142                     host  may  send IPv4 packets from or receive IPv4 packets
1143                     to only 192.168.1.10, except that  it  may  also  receive
1144                     IPv4 packets to 192.168.1.255 (based on the subnet mask),
1145                     255.255.255.255, and any address in 224.0.0.0/4. The host
1146                     may  not  send  ARPs with a source Ethernet address other
1147                     than 80:fa:5b:06:72:b7 or source IPv4 address other  than
1148                     192.168.1.10.  The  host may not send or receive any IPv6
1149                     (including IPv6 Neighbor Discovery) traffic.
1150
1151              "80:fa:5b:12:42:ba", "80:fa:5b:06:72:b7 192.168.1.10/24"
1152                     The host may send traffic from and receive traffic to the
1153                     specified MAC addresses, and to receive traffic to Ether‐
1154                     net multicast and broadcast addresses, but not otherwise.
1155                     With  MAC  80:fa:5b:12:42:ba,  the  host may send traffic
1156                     from and receive traffic to  any  L3  address.  With  MAC
1157                     80:fa:5b:06:72:b7, the host may send IPv4 packets from or
1158                     receive IPv4 packets to only 192.168.1.10, except that it
1159                     may  also receive IPv4 packets to 192.168.1.255 (based on
1160                     the subnet mask), 255.255.255.255,  and  any  address  in
1161                     224.0.0.0/4.  The  host  may not send or receive any IPv6
1162                     (including IPv6 Neighbor Discovery) traffic.
1163
1164     DHCP:
1165
1166       dhcpv4_options: optional weak reference to DHCP_Options
1167              This column defines the DHCPv4 Options to  be  included  by  the
1168              ovn-controller  when  it  replies to the DHCPv4 requests. Please
1169              see the DHCP_Options table.
1170
1171       dhcpv6_options: optional weak reference to DHCP_Options
1172              This column defines the DHCPv6 Options to  be  included  by  the
1173              ovn-controller  when  it  replies to the DHCPv6 requests. Please
1174              see the DHCP_Options table.
1175
1176       ha_chassis_group: optional HA_Chassis_Group
1177              References a row  in  the  OVN  Northbound  database’s  HA_Chas‐
1178              sis_Group table. It indicates the HA chassis group to use if the
1179              type is set to external. If type is not external, this column is
1180              ignored.
1181
1182     Naming:
1183
1184       external_ids : neutron:port_name: optional string
1185              This  column gives an optional human-friendly name for the port.
1186              This name has no special meaning or purpose other than  to  pro‐
1187              vide convenience for human interaction with the northbound data‐
1188              base.
1189
1190              Neutron copies this from its own port  object’s  name.  (Neutron
1191              ports do are not assigned human-friendly names by default, so it
1192              will often be empty.)
1193
1194     Tunnel Key:
1195
1196       options : requested-tnl-key: optional string, containing an integer, in
1197       range 1 to 32,767
1198              Configures  the  port  binding  tunnel key for the port. Usually
1199              this is not needed because ovn-northd will assign an unique  key
1200              for   each  port  by  itself.  However,  if  it  is  configured,
1201              ovn-northd honors the configured value. The typical use case  is
1202              for  interconnection:  the  tunnel  keys  for  ports  on transit
1203              switches need to be unique globally, so they are  maintained  in
1204              the  global  OVN_IC_Southbound database, and ovn-ic simply syncs
1205              the value from OVN_IC_Southbound through this config.
1206
1207     Common Columns:
1208
1209       external_ids: map of string-string pairs
1210              See External IDs at the beginning of this document.
1211
1212              The ovn-northd program copies all these pairs  into  the  exter‐
1213              nal_ids column of the Port_Binding table in OVN_Southbound data‐
1214              base.
1215

Forwarding_Group TABLE

1217       Each row represents one forwarding group.
1218
1219   Summary:
1220       name                          string
1221       vip                           string
1222       vmac                          string
1223       liveness                      boolean
1224       child_port                    set of 1 or more strings
1225       Common Columns:
1226         external_ids                map of string-string pairs
1227
1228   Details:
1229       name: string
1230              A name for the forwarding group. This name has no special  mean‐
1231              ing  or  purpose  other  than  to  provide convenience for human
1232              interaction with the ovn-nb database.
1233
1234       vip: string
1235              The virtual IP address assigned to the forwarding group. It will
1236              respond with vmac when an ARP request is sent for vip.
1237
1238       vmac: string
1239              The virtual MAC address assigned to the forwarding group.
1240
1241       liveness: boolean
1242              If set to true, liveness is enabled for child ports otherwise it
1243              is disabled.
1244
1245       child_port: set of 1 or more strings
1246              List of child ports in the forwarding group.
1247
1248     Common Columns:
1249
1250       external_ids: map of string-string pairs
1251              See External IDs at the beginning of this document.
1252

Address_Set TABLE

1254       Each row in this table represents a named set of addresses. An  address
1255       set may contain Ethernet, IPv4, or IPv6 addresses with optional bitwise
1256       or CIDR masks. Address set may ultimately be used in  ACLs  to  compare
1257       against  fields  such  as ip4.src or ip6.src. A single address set must
1258       contain addresses of the same type. As an example, the following  would
1259       create an address set with three IP addresses:
1260
1261             ovn-nbctl create Address_Set name=set1 addresses=’10.0.0.1 10.0.0.2 10.0.0.3’
1262
1263
1264       Address sets may be used in the match column of the ACL table. For syn‐
1265       tax information, see the details of the expression  language  used  for
1266       the  match column in the Logical_Flow table of the OVN_Southbound data‐
1267       base.
1268
1269   Summary:
1270       name                          string (must be unique within table)
1271       addresses                     set of strings
1272       Common Columns:
1273         external_ids                map of string-string pairs
1274
1275   Details:
1276       name: string (must be unique within table)
1277              A name for the address set.  Names  are  ASCII  and  must  match
1278              [a-zA-Z_.][a-zA-Z_.0-9]*.
1279
1280       addresses: set of strings
1281              The set of addresses in string form.
1282
1283     Common Columns:
1284
1285       external_ids: map of string-string pairs
1286              See External IDs at the beginning of this document.
1287

Port_Group TABLE

1289       Each  row  in  this  table  represents  a named group of logical switch
1290       ports.
1291
1292       Port groups may be used in the match column of the ACL table. For  syn‐
1293       tax  information,  see  the details of the expression language used for
1294       the match column in the Logical_Flow table of the OVN_Southbound  data‐
1295       base.
1296
1297       For  each  port  group,  there  are  two  address sets generated to the
1298       Address_Set table of the OVN_Southbound  database,  containing  the  IP
1299       addresses  of the group of ports, one for IPv4, and the other for IPv6,
1300       with name being the name of the Port_Group followed by  a  suffix  _ip4
1301       for  IPv4  and _ip6 for IPv6. The generated address sets can be used in
1302       the same way as regular address sets in the match column of the ACL ta‐
1303       ble. For syntax information, see the details of the expression language
1304       used for the match column in the Logical_Flow table of  the  OVN_South‐
1305       bound database.
1306
1307   Summary:
1308       name                          string (must be unique within table)
1309       ports                         set    of   weak   reference   to   Logi‐
1310                                     cal_Switch_Ports
1311       acls                          set of ACLs
1312       Common Columns:
1313         external_ids                map of string-string pairs
1314
1315   Details:
1316       name: string (must be unique within table)
1317              A name for the port  group.  Names  are  ASCII  and  must  match
1318              [a-zA-Z_.][a-zA-Z_.0-9]*.
1319
1320       ports: set of weak reference to Logical_Switch_Ports
1321              The logical switch ports belonging to the group in uuids.
1322
1323       acls: set of ACLs
1324              Access  control  rules that apply to the port group. Applying an
1325              ACL to a port group has the same effect as applying the  ACL  to
1326              all  logical  lswitches  that the ports of the port group belong
1327              to.
1328
1329     Common Columns:
1330
1331       external_ids: map of string-string pairs
1332              See External IDs at the beginning of this document.
1333

Load_Balancer TABLE

1335       Each row represents one load balancer.
1336
1337   Summary:
1338       name                          string
1339       vips                          map of string-string pairs
1340       protocol                      optional string, one of sctp, tcp, or udp
1341       Health Checks:
1342         health_check                set of Load_Balancer_Health_Checks
1343         ip_port_mappings            map of string-string pairs
1344       selection_fields              set of strings, one of eth_dst,  eth_src,
1345                                     ip_dst, ip_src, tp_dst, or tp_src
1346       Common Columns:
1347         external_ids                map of string-string pairs
1348       Load_Balancer options:
1349         options : reject            optional string, either true or false
1350         options : hairpin_snat_ip   optional string
1351
1352   Details:
1353       name: string
1354              A  name  for the load balancer. This name has no special meaning
1355              or purpose other than to provide convenience for human  interac‐
1356              tion with the ovn-nb database.
1357
1358       vips: map of string-string pairs
1359              A  map of virtual IP addresses (and an optional port number with
1360              : as a separator) associated with this load balancer  and  their
1361              corresponding  endpoint  IP addresses (and optional port numbers
1362              with : as separators) separated by commas. If the destination IP
1363              address  (and  port number) of a packet leaving a container or a
1364              VM matches the virtual IP address  (and  port  number)  provided
1365              here  as a key, then OVN will statefully replace the destination
1366              IP address by one of the provided IP address (and  port  number)
1367              in  this  map  as a value. IPv4 and IPv6 addresses are supported
1368              for load balancing; however a VIP of one address family may  not
1369              be  mapped to a destination IP address of a different family. If
1370              specifying an IPv6 address with a port, the address portion must
1371              be   enclosed   in   square  brackets.  Examples  for  keys  are
1372              "192.168.1.4"  and  "[fd0f::1]:8800".  Examples  for  value  are
1373              "10.0.0.1, 10.0.0.2" and "20.0.0.10:8800, 20.0.0.11:8800".
1374
1375              When  the  Load_Balancer is added to the logical_switch, the VIP
1376              has to be in a different subnet than the one used for the  logi‐
1377              cal_switch.  Since VIP is in a different subnet, you should con‐
1378              nect your logical switch to either a OVN  logical  router  or  a
1379              real  router  (this  is because the client can now send a packet
1380              with VIP as the destination IP address and router’s mac  address
1381              as the destination MAC address).
1382
1383       protocol: optional string, one of sctp, tcp, or udp
1384              Valid  protocols  are  tcp,  udp, or sctp. This column is useful
1385              when a port number is provided as part of the  vips  column.  If
1386              this  column  is  empty and a port number is provided as part of
1387              vips column, OVN assumes the protocol to be tcp.
1388
1389     Health Checks:
1390
1391       OVN supports health checks for load balancer endpoints, for  IPv4  load
1392       balancers  only. When health checks are enabled, the load balancer uses
1393       only healthy endpoints.
1394
1395       Suppose     that     vips      contains      a      key-value      pair
1396       10.0.0.10:80=10.0.0.4:8080,20.0.0.4:8080.  To  enable health checks for
1397       this virtual’s endpoints, add two key-value pairs to  ip_port_mappings,
1398       with keys 10.0.0.4 and 20.0.0.4, and add to health_check a reference to
1399       a Load_Balancer_Health_Check row whose vip is set to 10.0.0.10.
1400
1401       health_check: set of Load_Balancer_Health_Checks
1402              Load balancer health checks associated with this load balancer.
1403
1404       ip_port_mappings: map of string-string pairs
1405              Maps from endpoint IP to a colon-separated pair of logical  port
1406              name  and  source IP, e.g. port_name:sourc_ip. Health checks are
1407              sent to this port with the specified source IP.
1408
1409              For example, in the example above, IP to port mappings might  be
1410              defined          as         10.0.0.4=sw0-p1:10.0.0.2         and
1411              20.0.0.4=sw1-p1:20.0.0.2, if  the  values  given  were  suitable
1412              ports and IP addresses.
1413
1414       selection_fields:  set  of  strings,  one  of eth_dst, eth_src, ip_dst,
1415       ip_src, tp_dst, or tp_src
1416              OVN native load  balancers  are  supported  using  the  OpenFlow
1417              groups  of  type  select.  OVS  supports  two selection methods:
1418              dp_hash and hash (with optional fields specified)  in  selecting
1419              the  buckets  of  a group. Please see the OVS documentation (man
1420              ovs-ofctl) for more details on the selection methods. Each  end‐
1421              point  IP  (and  port if set) is mapped to a bucket in the group
1422              flow.
1423
1424              CMS can choose the hash selection method by setting  the  selec‐
1425              tion  fields  in  this  column.  ovs-vswitchd uses the specified
1426              fields in generating the hash.
1427
1428              dp_hash selection method uses the assistance of datapath to cal‐
1429              culate the hash and it is expected to be faster than hash selec‐
1430              tion method. So CMS should take this into  consideration  before
1431              using  the hash method. Please consult the OVS documentation and
1432              OVS sources for the implementation details.
1433
1434     Common Columns:
1435
1436       external_ids: map of string-string pairs
1437              See External IDs at the beginning of this document.
1438
1439     Load_Balancer options:
1440
1441       options : reject: optional string, either true or false
1442              If the load balancer is created with --reject option and it  has
1443              no  active  backends,  a  TCP reset segment (for tcp) or an ICMP
1444              port unreachable packet (for all other kind of traffic) will  be
1445              sent  whenever an incoming packet is received for this load-bal‐
1446              ancer. Please note using --reject option will  disable  empty_lb
1447              SB controller event for this load balancer.
1448
1449       options : hairpin_snat_ip: optional string
1450              IP  to  be  used  as  source IP for packets that have been hair-
1451              pinned after load  balancing.  The  default  behavior  when  the
1452              option  is not set is to use the load balancer VIP as source IP.
1453              This option may have exactly one IPv4 and/or one IPv6 address on
1454              it, separated by a space character.
1455

Load_Balancer_Health_Check TABLE

1457       Each  row  represents one load balancer health check. Health checks are
1458       supported for IPv4 load balancers only.
1459
1460   Summary:
1461       vip                           string
1462       Health check options:
1463         options : interval          optional string, containing an integer
1464         options : timeout           optional string, containing an integer
1465         options : success_count     optional string, containing an integer
1466         options : failure_count     optional string, containing an integer
1467       Common Columns:
1468         external_ids                map of string-string pairs
1469
1470   Details:
1471       vip: string
1472              vip whose endpoints should be monitored for health check.
1473
1474     Health check options:
1475
1476       options : interval: optional string, containing an integer
1477              The interval, in seconds, between health checks.
1478
1479       options : timeout: optional string, containing an integer
1480              The time, in seconds, after which a health check times out.
1481
1482       options : success_count: optional string, containing an integer
1483              The number of successful checks after which the endpoint is con‐
1484              sidered online.
1485
1486       options : failure_count: optional string, containing an integer
1487              The number of failure checks after which the endpoint is consid‐
1488              ered offline.
1489
1490     Common Columns:
1491
1492       external_ids: map of string-string pairs
1493              See External IDs at the beginning of this document.
1494

ACL TABLE

1496       Each row in this table represents one ACL rule for a logical switch  or
1497       a port group that points to it through its acls column. The action col‐
1498       umn for the highest-priority matching row in this  table  determines  a
1499       packet’s  treatment. If no row matches, packets are allowed by default.
1500       (Default-deny treatment is possible: add a rule with priority 0,  1  as
1501       match, and deny as action.)
1502
1503   Summary:
1504       priority                      integer, in range 0 to 32,767
1505       direction                     string, either from-lport or to-lport
1506       match                         string
1507       action                        string,   one  of  allow-related,  allow,
1508                                     drop, or reject
1509       Logging:
1510         log                         boolean
1511         name                        optional string, at  most  63  characters
1512                                     long
1513         severity                    optional  string,  one  of  alert, debug,
1514                                     info, notice, or warning
1515         meter                       optional string
1516       Common Columns:
1517         external_ids                map of string-string pairs
1518
1519   Details:
1520       priority: integer, in range 0 to 32,767
1521              The ACL rule’s priority. Rules with numerically higher  priority
1522              take precedence over those with lower. If two ACL rules with the
1523              same priority both match, then the one  actually  applied  to  a
1524              packet is undefined.
1525
1526              Return  traffic from an allow-related flow is always allowed and
1527              cannot be changed through an ACL.
1528
1529       direction: string, either from-lport or to-lport
1530              Direction of the traffic to which this rule should apply:
1531
1532              ·      from-lport: Used to implement filters on traffic arriving
1533                     from a logical port. These rules are applied to the logi‐
1534                     cal switch’s ingress pipeline.
1535
1536              ·      to-lport: Used to implement filters on traffic  forwarded
1537                     to a logical port. These rules are applied to the logical
1538                     switch’s egress pipeline.
1539
1540       match: string
1541              The packets that the ACL should match, in  the  same  expression
1542              language  used  for the match column in the OVN Southbound data‐
1543              base’s Logical_Flow table. The  outport  logical  port  is  only
1544              available  in the to-lport direction (the inport is available in
1545              both directions).
1546
1547              By default all traffic is allowed. When writing a more  restric‐
1548              tive  policy, it is important to remember to allow flows such as
1549              ARP and IPv6 neighbor discovery packets.
1550
1551              Note that you can not create an ACL  matching  on  a  port  with
1552              type=router or type=localnet.
1553
1554       action: string, one of allow-related, allow, drop, or reject
1555              The action to take when the ACL rule matches:
1556
1557              ·      allow: Forward the packet.
1558
1559              ·      allow-related:  Forward  the  packet  and related traffic
1560                     (e.g. inbound replies to an outbound connection).
1561
1562              ·      drop: Silently drop the packet.
1563
1564              ·      reject: Drop the packet, replying with a RST for  TCP  or
1565                     ICMPv4/ICMPv6     unreachable     message    for    other
1566                     IPv4/IPv6-based protocols.
1567
1568     Logging:
1569
1570       These columns control whether and how OVN logs packets  that  match  an
1571       ACL.
1572
1573       log: boolean
1574              If  set  to  true, packets that match the ACL will trigger a log
1575              message on the transport node or nodes that perform ACL process‐
1576              ing. Logging may be combined with any action.
1577
1578              If  set  to  false,  the remaining columns in this group have no
1579              significance.
1580
1581       name: optional string, at most 63 characters long
1582              This name, if it is provided, is included  in  log  records.  It
1583              provides the administrator and the cloud management system a way
1584              to associate a log record with a particular ACL.
1585
1586       severity: optional string, one of alert, debug, info, notice, or  warn‐
1587       ing
1588              The severity of the ACL. The severity levels match those of sys‐
1589              log, in decreasing level of severity:  alert,  warning,  notice,
1590              info, or debug. When the column is empty, the default is info.
1591
1592       meter: optional string
1593              The  name of a meter to rate-limit log messages for the ACL. The
1594              string must match the name column of a row in the  Meter  table.
1595              By  default,  log  messages  are  not  rate-limited. In order to
1596              ensure that the same Meter rate limits multiple ACL  logs  sepa‐
1597              rately, set the fair column.
1598
1599     Common Columns:
1600
1601       external_ids: map of string-string pairs
1602              See External IDs at the beginning of this document.
1603

Logical_Router TABLE

1605       Each row represents one L3 logical router.
1606
1607   Summary:
1608       ports                         set of Logical_Router_Ports
1609       static_routes                 set of Logical_Router_Static_Routes
1610       policies                      set of Logical_Router_Policys
1611       enabled                       optional boolean
1612       nat                           set of NATs
1613       load_balancer                 set of weak reference to Load_Balancers
1614       Naming:
1615         name                        string
1616         external_ids : neutron:router_name
1617                                     optional string
1618       Options:
1619         options : chassis           optional string
1620         options : dnat_force_snat_ip
1621                                     optional string
1622         options : lb_force_snat_ip  optional string
1623         options : mcast_relay       optional string, either true or false
1624         options : dynamic_neigh_routers
1625                                     optional string, either true or false
1626         options : always_learn_from_arp_request
1627                                     optional string, either true or false
1628         options : requested-tnl-key
1629                                     optional  string,  containing an integer,
1630                                     in range 1 to 16,777,215
1631         options : snat-ct-zone      optional string, containing  an  integer,
1632                                     in range 0 to 65,535
1633       Common Columns:
1634         external_ids                map of string-string pairs
1635
1636   Details:
1637       ports: set of Logical_Router_Ports
1638              The router’s ports.
1639
1640       static_routes: set of Logical_Router_Static_Routes
1641              Zero or more static routes for the router.
1642
1643       policies: set of Logical_Router_Policys
1644              Zero or more routing policies for the router.
1645
1646       enabled: optional boolean
1647              This  column  is  used  to administratively set router state. If
1648              this column is empty or is set to true, the router  is  enabled.
1649              If  this  column is set to false, the router is disabled. A dis‐
1650              abled router has all ingress and egress traffic dropped.
1651
1652       nat: set of NATs
1653              One or more NAT rules for the router. NAT  rules  only  work  on
1654              Gateway routers, and on distributed routers with logical gateway
1655              ports.
1656
1657       load_balancer: set of weak reference to Load_Balancers
1658              Load balance a virtual ip address to a set of  logical  port  ip
1659              addresses.  Load balancer rules only work on the Gateway routers
1660              or routers with distributed gateway ports.
1661
1662     Naming:
1663
1664       These columns provide names for the logical router. From OVN’s perspec‐
1665       tive, these names have no special meaning or purpose other than to pro‐
1666       vide convenience for human interaction with  the  northbound  database.
1667       There  is no requirement for the name to be unique. (For a unique iden‐
1668       tifier for a logical router, use its row UUID.)
1669
1670       (Originally, name was intended to serve the purpose of a human-friendly
1671       name,  but the Neutron integration used it to uniquely identify its own
1672       router object, in the format neutron-uuid. Later  on,  Neutron  started
1673       propagating   the  friendly  name  of  a  router  as  external_ids:neu‐
1674       tron:router_name. Perhaps this can be cleaned up someday.)
1675
1676       name: string
1677              A name for the logical router.
1678
1679       external_ids : neutron:router_name: optional string
1680              Another name for the logical router.
1681
1682     Options:
1683
1684       Additional options for the logical router.
1685
1686       options : chassis: optional string
1687              If set, indicates that the logical router in question is a Gate‐
1688              way  router  (which is centralized) and resides in the set chas‐
1689              sis. The same value is also used by ovn-controller  to  uniquely
1690              identify the chassis in the OVN deployment and comes from exter‐
1691              nal_ids:system-id in  the  Open_vSwitch  table  of  Open_vSwitch
1692              database.
1693
1694              The Gateway router can only be connected to a distributed router
1695              via a switch if SNAT and DNAT are to be configured in the  Gate‐
1696              way router.
1697
1698       options : dnat_force_snat_ip: optional string
1699              If  set,  indicates a set of IP addresses to use to force SNAT a
1700              packet that has already been DNATed in the gateway router.  When
1701              multiple  gateway  routers  are  configured, a packet can poten‐
1702              tially enter any of the gateway router, get DNATted and  eventu‐
1703              ally reach the logical switch port. For the return traffic to go
1704              back to the same gateway  router  (for  unDNATing),  the  packet
1705              needs a SNAT in the first place. This can be achieved by setting
1706              the above option with a gateway specific set  of  IP  addresses.
1707              This option may have exactly one IPv4 and/or one IPv6 address on
1708              it, separated by a a space.
1709
1710       options : lb_force_snat_ip: optional string
1711              If set, indicates a set of IP addresses to use to force  SNAT  a
1712              packet  that  has  already  been  load-balanced  in  the gateway
1713              router. When multiple gateway routers are configured,  a  packet
1714              can potentially enter any of the gateway routers, get DNATted as
1715              part of the load- balancing and  eventually  reach  the  logical
1716              switch port. For the return traffic to go back to the same gate‐
1717              way router (for unDNATing), the packet needs a SNAT in the first
1718              place.  This  can be achieved by setting the above option with a
1719              gateway specific set of  IP  addresses.  This  option  may  have
1720              exactly  one  IPv4 and/or one IPv6 address on it, separated by a
1721              space character.
1722
1723       options : mcast_relay: optional string, either true or false
1724              Enables/disables IP multicast  relay  between  logical  switches
1725              connected to the logical router. Default: False.
1726
1727       options : dynamic_neigh_routers: optional string, either true or false
1728              If  set  to  true, the router will resolve neighbor routers’ MAC
1729              addresses only  by  dynamic  ARP/ND,  instead  of  prepopulating
1730              static  mappings  for all neighbor routers in the ARP/ND Resolu‐
1731              tion stage. This reduces number of flows,  but  requires  ARP/ND
1732              messages to resolve the IP-MAC bindings when needed. It is false
1733              by default. It is recommended to set to true when a large number
1734              of  logical routers are connected to the same logical switch but
1735              most of them never need to send traffic between each other.
1736
1737       options : always_learn_from_arp_request: optional string,  either  true
1738       or false
1739              This  option  controls  the  behavior  when  handling  IPv4  ARP
1740              requests or IPv6 ND-NS packets - whether a dynamic neighbor (MAC
1741              binding) entry is added/updated.
1742
1743              true  -  Always learn the MAC-IP binding, and add/update the MAC
1744              binding entry.
1745
1746              false - If there is a MAC binding for that IP  and  the  MAC  is
1747              different,  or, if TPA of ARP request belongs to any router port
1748              on this router, then update/add that MAC-IP binding.  Otherwise,
1749              don’t update/add entries.
1750
1751              It  is true by default. It is recommended to set to false when a
1752              large number of logical routers are connected to the same  logi‐
1753              cal  switch  but most of them never need to send traffic between
1754              each other, to reduce the size of the MAC binding table.
1755
1756       options : requested-tnl-key: optional string, containing an integer, in
1757       range 1 to 16,777,215
1758              Configures  the datapath tunnel key for the logical router. This
1759              is not needed because ovn-northd will assign an unique  key  for
1760              each   datapath   by  itself.  However,  if  it  is  configured,
1761              ovn-northd honors the configured value.
1762
1763       options : snat-ct-zone: optional  string,  containing  an  integer,  in
1764       range 0 to 65,535
1765              Use the requested conntrack zone for SNAT with this router. This
1766              can be useful if egress traffic from the host running OVN  comes
1767              from  both  OVN  and  other sources. This way, OVN and the other
1768              sources can make use of the same conntrack zone.
1769
1770     Common Columns:
1771
1772       external_ids: map of string-string pairs
1773              See External IDs at the beginning of this document.
1774

QoS TABLE

1776       Each row in this table represents one QoS rule  for  a  logical  switch
1777       that  points  to  it through its qos_rules column. Two types of QoS are
1778       supported: DSCP marking and metering. A match with the highest-priority
1779       will  have  QoS  applied to it. If the action column is specified, then
1780       matching packets will have DSCP marking applied. If the bandwdith  col‐
1781       umn  is  specified,  then  matching packets will have metering applied.
1782       action and bandwdith are not exclusive, so both marking and metering by
1783       defined  for  the  same  QoS entry. If no row matches, packets will not
1784       have any QoS applied.
1785
1786   Summary:
1787       priority                      integer, in range 0 to 32,767
1788       direction                     string, either from-lport or to-lport
1789       match                         string
1790       action                        map of string-integer pairs, key must  be
1791                                     dscp, value in range 0 to 63
1792       bandwidth                     map  of  string-integer pairs, key either
1793                                     burst  or  rate,  value  in  range  1  to
1794                                     4,294,967,295
1795       external_ids                  map of string-string pairs
1796
1797   Details:
1798       priority: integer, in range 0 to 32,767
1799              The  QoS rule’s priority. Rules with numerically higher priority
1800              take precedence over those with lower. If two QoS rules with the
1801              same  priority  both  match,  then the one actually applied to a
1802              packet is undefined.
1803
1804       direction: string, either from-lport or to-lport
1805              The value of this field is similar to  ACL  column  in  the  OVN
1806              Northbound database’s ACL table.
1807
1808       match: string
1809              The packets that the QoS rules should match, in the same expres‐
1810              sion language used for the match column in  the  OVN  Southbound
1811              database’s  Logical_Flow table. The outport logical port is only
1812              available in the to-lport direction (the inport is available  in
1813              both directions).
1814
1815       action: map of string-integer pairs, key must be dscp, value in range 0
1816       to 63
1817              When specified, matching flows will have DSCP marking applied.
1818
1819              ·      dscp: The value of this action should be in the range  of
1820                     0 to 63 (inclusive).
1821
1822       bandwidth: map of string-integer pairs, key either burst or rate, value
1823       in range 1 to 4,294,967,295
1824              When specified, matching packets will  have  bandwidth  metering
1825              applied. Traffic over the limit will be dropped.
1826
1827              ·      rate: The value of rate limit in kbps.
1828
1829              ·      burst: The value of burst rate limit in kilobits. This is
1830                     optional and needs to specify the rate.
1831
1832       external_ids: map of string-string pairs
1833              See External IDs at the beginning of this document.
1834

Meter TABLE

1836       Each row in this table represents a meter that can be used for  QoS  or
1837       rate-limiting.
1838
1839   Summary:
1840       name                          string (must be unique within table)
1841       unit                          string, either kbps or pktps
1842       bands                         set of 1 or more Meter_Bands
1843       fair                          optional boolean
1844       external_ids                  map of string-string pairs
1845
1846   Details:
1847       name: string (must be unique within table)
1848              A name for this meter.
1849
1850              Names  that  begin  with "__" (two underscores) are reserved for
1851              OVN internal use and should not be added manually.
1852
1853       unit: string, either kbps or pktps
1854              The unit for rate and burst_rate parameters in the bands  entry.
1855              kbps  specifies kilobits per second, and pktps specifies packets
1856              per second.
1857
1858       bands: set of 1 or more Meter_Bands
1859              The bands associated with this meter. Each band specifies a rate
1860              above  which  the band is to take the action action. If multiple
1861              bands’ rates are exceeded, then the band with the  highest  rate
1862              among the exceeded bands is selected.
1863
1864       fair: optional boolean
1865              This  column is used to further describe the desired behavior of
1866              the meter when there are multiple references to it. If this col‐
1867              umn  is empty or is set to false, the rate will be shared across
1868              all rows that refer to the same  Meter  name.  Conversely,  when
1869              this  column is set to true, each user of the same Meter will be
1870              rate-limited on its own.
1871
1872       external_ids: map of string-string pairs
1873              See External IDs at the beginning of this document.
1874

Meter_Band TABLE

1876       Each row in this table represents a meter band which specifies the rate
1877       above  which  the  configured action should be applied. These bands are
1878       referenced by the bands column in the Meter table.
1879
1880   Summary:
1881       action                        string, must be drop
1882       rate                          integer, in range 1 to 4,294,967,295
1883       burst_size                    integer, in range 0 to 4,294,967,295
1884       external_ids                  map of string-string pairs
1885
1886   Details:
1887       action: string, must be drop
1888              The action to execute when this band matches. The only supported
1889              action is drop.
1890
1891       rate: integer, in range 1 to 4,294,967,295
1892              The rate limit for this band, in kilobits per second or bits per
1893              second, depending on whether the parent Meter entry’s unit  col‐
1894              umn specified kbps or pktps.
1895
1896       burst_size: integer, in range 0 to 4,294,967,295
1897              The  maximum  burst allowed for the band in kilobits or packets,
1898              depending on whether kbps or pktps was selected  in  the  parent
1899              Meter  entry’s  unit  column. If the size is zero, the switch is
1900              free to select some reasonable value depending on its configura‐
1901              tion.
1902
1903       external_ids: map of string-string pairs
1904              See External IDs at the beginning of this document.
1905

Logical_Router_Port TABLE

1907       A port within an L3 logical router.
1908
1909       Exactly  one  Logical_Router  row must reference a given logical router
1910       port.
1911
1912   Summary:
1913       name                          string (must be unique within table)
1914       networks                      set of 1 or more strings
1915       mac                           string
1916       enabled                       optional boolean
1917       Distributed Gateway Ports:
1918         ha_chassis_group            optional HA_Chassis_Group
1919         gateway_chassis             set of Gateway_Chassises
1920         Options for Physical VLAN MTU Issues:
1921            options : reside-on-redirect-chassis
1922                                     optional string, either true or false
1923            options : redirect-type  optional string, either bridged or  over‐
1924                                     lay
1925       ipv6_prefix                   set of strings
1926       ipv6_ra_configs:
1927         ipv6_ra_configs : address_mode
1928                                     optional string
1929         ipv6_ra_configs : router_preference
1930                                     optional string
1931         ipv6_ra_configs : route_info
1932                                     optional string
1933         ipv6_ra_configs : mtu       optional string
1934         ipv6_ra_configs : send_periodic
1935                                     optional string
1936         ipv6_ra_configs : max_interval
1937                                     optional string
1938         ipv6_ra_configs : min_interval
1939                                     optional string
1940         ipv6_ra_configs : rdnss     optional string
1941         ipv6_ra_configs : dnssl     optional string
1942       Options:
1943         options : mcast_flood       optional string, either true or false
1944         options : requested-tnl-key
1945                                     optional  string,  containing an integer,
1946                                     in range 1 to 32,767
1947         options : prefix_delegation
1948                                     optional string, either true or false
1949         options : prefix            optional string, either true or false
1950       Attachment:
1951         peer                        optional string
1952       Common Columns:
1953         external_ids                map of string-string pairs
1954
1955   Details:
1956       name: string (must be unique within table)
1957              A name for the logical router port.
1958
1959              In addition to provide convenience for  human  interaction  with
1960              the northbound database, this column is used as reference by its
1961              patch port in Logical_Switch_Port or another logical router port
1962              in Logical_Router_Port.
1963
1964              A  logical  router  port may not have the same name as a logical
1965              switch port, but the database schema cannot enforce this.
1966
1967       networks: set of 1 or more strings
1968              The IP addresses  and  netmasks  of  the  router.  For  example,
1969              192.168.0.1/24   indicates  that  the  router’s  IP  address  is
1970              192.168.0.1 and that packets destined to 192.168.0.x  should  be
1971              routed to this port.
1972
1973              A  logical  router  port  always  adds a link-local IPv6 address
1974              (fe80::/64) automatically generated  from  the  interface’s  MAC
1975              address using the modified EUI-64 format.
1976
1977       mac: string
1978              The Ethernet address that belongs to this router port.
1979
1980       enabled: optional boolean
1981              This  column is used to administratively set port state. If this
1982              column is empty or is set to true, the port is enabled. If  this
1983              column  is  set  to false, the port is disabled. A disabled port
1984              has all ingress and egress traffic dropped.
1985
1986     Distributed Gateway Ports:
1987
1988       Gateways, as documented under Gateways in the OVN  architecture  guide,
1989       provide  limited  connectivity  between  logical  networks and physical
1990       ones. OVN support multiple kinds of gateways.  The  Logical_Router_Port
1991       table  can  be used two different ways to configure distributed gateway
1992       ports, which are one kind of gateway. These two forms of  configuration
1993       exist for historical reasons. Both of them produce the same kind of OVN
1994       southbound records and the same behavior in practice.
1995
1996       If either of these are set, this logical router port represents a  dis‐
1997       tributed  gateway  port  that  connects this router to a logical switch
1998       with a localnet port or a connection to another OVN  deployment.  There
1999       may be at most one such logical router port on each logical router.
2000
2001       The preferred way to configure a gateway is ha_chassis_group, but gate‐
2002       way_chassis is also supported for backward compatibility. Only  one  of
2003       these  should be set at a time on a given LRP, since they configure the
2004       same features.
2005
2006       Even when a gateway is configured, the logical router port still effec‐
2007       tively resides on each chassis. However, due to the implications of the
2008       use of L2 learning in the physical network, as well as the need to sup‐
2009       port advanced features such as one-to-many NAT (aka IP masquerading), a
2010       subset of the logical router processing is  handled  in  a  centralized
2011       manner on the gateway chassis.
2012
2013       When more than one gateway chassis is specified, OVN only uses one at a
2014       time. OVN uses BFD to  monitor  gateway  connectivity,  preferring  the
2015       highest-priority  gateway  that  is online. Priorities are specified in
2016       the priority column of Gateway_Chassis or HA_Chassis.
2017
2018       ovn-northd programs the external_mac rules specified in  the  LRP’s  LR
2019       into  the peer logical switch’s destination lookup on the chassis where
2020       the logical_port resides. In addition, the logical router’s MAC address
2021       is  automatically  programmed  in the peer logical switch’s destination
2022       lookup flow on the gateway chasssis. If it is desired to generate  gra‐
2023       tuitous  ARPs  for  NAT addresses, then set the peer LSP’s options:nat-
2024       addresses to router.
2025
2026       OVN 20.03 and earlier supported a third way  to  configure  distributed
2027       gateway  ports  using  options:redirect-chassis  to specify the gateway
2028       chassis. This method is no longer supported. Any remaining users should
2029       switch  to  one  of the newer methods instead. A gateway_chassis may be
2030       easily configured from the command line, e.g.  ovn-nbctl  lrp-set-gate‐
2031       way-chassis lrp chassis.
2032
2033       ha_chassis_group: optional HA_Chassis_Group
2034              Designates  an  HA_Chassis_Group  to provide gateway high avail‐
2035              ability.
2036
2037       gateway_chassis: set of Gateway_Chassises
2038              Designates one or more Gateway_Chassis for  the  logical  router
2039              port.
2040
2041     Options for Physical VLAN MTU Issues:
2042
2043       MTU  issues  arise  in  mixing  tunnels  with logical networks that are
2044       bridged to a physical VLAN. For an explanation of the MTU  issues,  see
2045       Physical  VLAN MTU Issues in the OVN architecture document. The follow‐
2046       ing options, which are alternatives, provide solutions.  Both  of  them
2047       cause  packets  to  be  sent over localnet instead of tunnels, but they
2048       differ in whether some or all packets are sent this way. The most prom‐
2049       inent tradeoff between these options is that reside-on-redirect-chassis
2050       is easier to configure and that redirect-type performs better for east-
2051       west traffic.
2052
2053       options  :  reside-on-redirect-chassis: optional string, either true or
2054       false
2055              If set to true, this option forces all traffic across the  logi‐
2056              cal  router port to pass through the gateway chassis using a hop
2057              across a localnet port. This changes behavior in two ways:
2058
2059              ·      Without this option, east-west  traffic  passes  directly
2060                     between  source and destination chassis (or even within a
2061                     single chassis, for co-located VMs).  With  this  option,
2062                     all east-west traffic passes through the gateway chassis.
2063
2064              ·      Without  this option, traffic between the gateway chassis
2065                     and other chassis is encapsulated in tunnels.  With  this
2066                     option, traffic passes over a localnet interface.
2067
2068              This  option  may  usefully  be set only on logical router ports
2069              that connect a distributed logical router to  a  logical  switch
2070              with VIFs. It should not be set on a distributed gateway port.
2071
2072              OVN honors this option only if the logical router has a distrib‐
2073              uted gateway port and if the LRP’s peer switch  has  a  localnet
2074              port.
2075
2076       options : redirect-type: optional string, either bridged or overlay
2077              If  set  to  bridged  on a distributed gateway port, this option
2078              causes OVN to redirect packets to the  gateway  chassis  over  a
2079              localnet  port  instead  of  a tunnel. The relevant chassis must
2080              share a localnet port.
2081
2082              This feature requires the administrator or the CMS to  configure
2083              each  participating  chassis  with a unique Ethernet address for
2084              the logical router by setting  ovn-chassis-mac-mappings  in  the
2085              Open vSwitch database, for use by ovn-controller.
2086
2087              Setting  this  option  to  overlay  or  leaving  it unset has no
2088              effect. This option may usefully be set only  on  a  distributed
2089              gateway port. It is otherwise ignored.
2090
2091       ipv6_prefix: set of strings
2092              This  column  contains IPv6 prefix obtained by prefix delegation
2093              router according to RFC 3633
2094
2095     ipv6_ra_configs:
2096
2097       This column defines the IPv6 ND RA address mode and ND MTU Option to be
2098       included by ovn-controller when it replies to the IPv6 Router solicita‐
2099       tion requests.
2100
2101       ipv6_ra_configs : address_mode: optional string
2102              The address mode to be used for IPv6 address configuration.  The
2103              supported values are:
2104
2105              ·      slaac:  Address  configuration using Router Advertisement
2106                     (RA) packet. The  IPv6  prefixes  defined  in  the  Logi‐
2107                     cal_Router_Port  table’s networks column will be included
2108                     in the RA’s ICMPv6 option - Prefix information.
2109
2110              ·      dhcpv6_stateful: Address configuration using DHCPv6.
2111
2112              ·      dhcpv6_stateless:  Address  configuration  using   Router
2113                     Advertisement  (RA)  packet.  Other IPv6 options are pro‐
2114                     vided by DHCPv6.
2115
2116       ipv6_ra_configs : router_preference: optional string
2117              Default Router Preference (PRF) indicates whether to prefer this
2118              router  over  other  default routers (RFC 4191). Possible values
2119              are:
2120
2121              ·      HIGH: mapped to 0x01 in RA PRF field
2122
2123              ·      MEDIUM: mapped to 0x00 in RA PRF field
2124
2125              ·      LOW: mapped to 0x11 in RA PRF field
2126
2127       ipv6_ra_configs : route_info: optional string
2128              Route Info is used to configure Route Info Option sent in Router
2129              Advertisment  according to RFC 4191. Route Info is a comma sepa‐
2130              rated string where each field provides  PRF  and  prefix  for  a
2131              given route (e.g: HIGH-aef1::11/48,LOW-aef2::11/96) Possible PRF
2132              values are:
2133
2134              ·      HIGH: mapped to 0x01 in RA PRF field
2135
2136              ·      MEDIUM: mapped to 0x00 in RA PRF field
2137
2138              ·      LOW: mapped to 0x11 in RA PRF field
2139
2140       ipv6_ra_configs : mtu: optional string
2141              The recommended MTU for the link. Default is 0, which  means  no
2142              MTU  Option  will  be  included in RA packet replied by ovn-con‐
2143              troller. Per RFC 2460, the mtu value is recommended no less than
2144              1280,  so  any mtu value less than 1280 will be considered as no
2145              MTU Option.
2146
2147       ipv6_ra_configs : send_periodic: optional string
2148              If set to true, then this  router  interface  will  send  router
2149              advertisements periodically. The default is false.
2150
2151       ipv6_ra_configs : max_interval: optional string
2152              The  maximum  number of seconds to wait between sending periodic
2153              router advertisements. This option has no effect if ipv6_ra_con‐
2154              figs:send_periodic is false. The default is 600.
2155
2156       ipv6_ra_configs : min_interval: optional string
2157              The  minimum  number of seconds to wait between sending periodic
2158              router advertisements. This option has no effect if ipv6_ra_con‐
2159              figs:send_periodic   is  false.  The  default  is  one-third  of
2160              ipv6_ra_configs:max_interval, i.e. 200 seconds if  that  key  is
2161              unset.
2162
2163       ipv6_ra_configs : rdnss: optional string
2164              IPv6  address  of  RDNSS  server announced in RA packets. At the
2165              moment OVN supports just one RDNSS server.
2166
2167       ipv6_ra_configs : dnssl: optional string
2168              DNS Search List announced in RA  packets.  Multiple  DNS  Search
2169              List must be ’comma’ separated (e.g. "a.b.c, d.e.f")
2170
2171     Options:
2172
2173       Additional options for the logical router port.
2174
2175       options : mcast_flood: optional string, either true or false
2176              If set to true, multicast traffic (including reports) are uncon‐
2177              ditionally forwarded to the specific port.
2178
2179              This option applies when the port is part of  a  logical  router
2180              which has options:mcast_relay set to true.
2181
2182       options : requested-tnl-key: optional string, containing an integer, in
2183       range 1 to 32,767
2184              Configures the port binding tunnel key  for  the  port.  Usually
2185              this  is not needed because ovn-northd will assign an unique key
2186              for  each  port  by  itself.  However,  if  it  is   configured,
2187              ovn-northd honors the configured value.
2188
2189       options : prefix_delegation: optional string, either true or false
2190              If  set  to true, enable IPv6 prefix delegation state machine on
2191              this logical router port (RFC3633). IPv6  prefix  delegation  is
2192              available just on a gateway router or on a gateway router port.
2193
2194       options : prefix: optional string, either true or false
2195              If  set  to  true,  this  interface  will receive an IPv6 prefix
2196              according to RFC3663
2197
2198     Attachment:
2199
2200       A given router port serves one of two purposes:
2201
2202              ·      To attach a logical switch to a logical router. A logical
2203                     router  port  of  this  type is referenced by exactly one
2204                     Logical_Switch_Port of type router. The value of name  is
2205                     set   as   router-port   in   column   options  of  Logi‐
2206                     cal_Switch_Port. In this case peer column is empty.
2207
2208              ·      To connect one logical router to another. This requires a
2209                     pair of logical router ports, each connected to a differ‐
2210                     ent router. Each router port in the  pair  specifies  the
2211                     other in its peer column. No Logical_Switch refers to the
2212                     router port.
2213
2214       peer: optional string
2215              For a router port used to  connect  two  logical  routers,  this
2216              identifies the other router port in the pair by name.
2217
2218              For  a  router port attached to a logical switch, this column is
2219              empty.
2220
2221     Common Columns:
2222
2223       external_ids: map of string-string pairs
2224              See External IDs at the beginning of this document.
2225

Logical_Router_Static_Route TABLE

2227       Each record represents a static route.
2228
2229       When multiple routes match a packet, the longest-prefix match  is  cho‐
2230       sen.  For  a  given  prefix  length, a dst-ip route is preferred over a
2231       src-ip route.
2232
2233       When there are ECMP routes, i.e. multiple routes with same  prefix  and
2234       policy,  one  of  them will be selected based on the 5-tuple hashing of
2235       the packet header.
2236
2237   Summary:
2238       ip_prefix                     string
2239       policy                        optional string, either dst-ip or src-ip
2240       nexthop                       string
2241       output_port                   optional string
2242       bfd                           optional weak reference to BFD
2243       external_ids : ic-learned-route
2244                                     optional string
2245       Common Columns:
2246         external_ids                map of string-string pairs
2247       Common options:
2248         options                     map of string-string pairs
2249         options : ecmp_symmetric_reply
2250                                     optional string
2251
2252   Details:
2253       ip_prefix: string
2254              IP prefix of this route (e.g. 192.168.100.0/24).
2255
2256       policy: optional string, either dst-ip or src-ip
2257              If it is specified, this setting describes the  policy  used  to
2258              make  routing decisions. This setting must be one of the follow‐
2259              ing strings:
2260
2261              ·      src-ip: This policy sends the packet to the nexthop  when
2262                     the packet’s source IP address matches ip_prefix.
2263
2264              ·      dst-ip:  This policy sends the packet to the nexthop when
2265                     the packet’s destination IP address matches ip_prefix.
2266
2267              If not specified, the default is dst-ip.
2268
2269       nexthop: string
2270              Nexthop IP address for this route. Nexthop IP address should  be
2271              the IP address of a connected router port or the IP address of a
2272              logical port.
2273
2274       output_port: optional string
2275              The name of the Logical_Router_Port via which the  packet  needs
2276              to  be  sent  out.  This is optional and when not specified, OVN
2277              will automatically figure this out based on  the  nexthop.  When
2278              this  is  specified  and  there are multiple IP addresses on the
2279              router port and none of them are in the same subnet of  nexthop,
2280              OVN  chooses  the first IP address as the one via which the nex‐
2281              thop is reachable.
2282
2283       bfd: optional weak reference to BFD
2284              Reference to BFD row if the route has associated a BFD session
2285
2286       external_ids : ic-learned-route: optional string
2287              ovn-ic populates this key if  the  route  is  learned  from  the
2288              global  OVN_IC_Southbound  database. In this case the value will
2289              be  set  to  the  uuid  of  the  row  in  Route  table  of   the
2290              OVN_IC_Southbound database.
2291
2292     Common Columns:
2293
2294       external_ids: map of string-string pairs
2295              See External IDs at the beginning of this document.
2296
2297     Common options:
2298
2299       options: map of string-string pairs
2300              This  column  provides general key/value settings. The supported
2301              options are described individually below.
2302
2303       options : ecmp_symmetric_reply: optional string
2304              It true, then new traffic that arrives over this route will have
2305              its  reply  traffic bypass ECMP route selection and will be sent
2306              out this route instead. Note  that  this  option  overrides  any
2307              rules  set  in the Logical_Router_policy table. This option only
2308              works on gateway  routers  (routers  that  have  options:chassis
2309              set).
2310

Logical_Router_Policy TABLE

2312       Each  row  in  this  table  represents one routing policy for a logical
2313       router that points to it through its policies column. The action column
2314       for  the  highest-priority  matching  row  in  this  table determines a
2315       packet’s treatment. If no row matches, packets are allowed by  default.
2316       (Default-deny  treatment  is possible: add a rule with priority 0, 1 as
2317       match, and drop as action.)
2318
2319   Summary:
2320       priority                      integer, in range 0 to 32,767
2321       match                         string
2322       action                        string, one of allow, drop, or reroute
2323       nexthop                       optional string
2324       nexthops                      set of strings
2325       options : pkt_mark            optional string
2326       Common Columns:
2327         external_ids                map of string-string pairs
2328
2329   Details:
2330       priority: integer, in range 0 to 32,767
2331              The routing policy’s priority.  Rules  with  numerically  higher
2332              priority  take  precedence  over  those  with  lower.  A rule is
2333              uniquely identified by the priority and match string.
2334
2335       match: string
2336              The packets that the routing policy should match,  in  the  same
2337              expression  language used for the match column in the OVN South‐
2338              bound database’s Logical_Flow table.
2339
2340              By default all traffic is allowed. When writing a more  restric‐
2341              tive  policy, it is important to remember to allow flows such as
2342              ARP and IPv6 neighbor discovery packets.
2343
2344       action: string, one of allow, drop, or reroute
2345              The action to take when the routing policy matches:
2346
2347              ·      allow: Forward the packet.
2348
2349              ·      drop: Silently drop the packet.
2350
2351              ·      reroute: Reroute packet to nexthop or nexthops.
2352
2353       nexthop: optional string
2354              Note: This column is deprecated in favor of nexthops.
2355
2356              Next-hop IP address for this  route,  which  should  be  the  IP
2357              address  of a connected router port or the IP address of a logi‐
2358              cal port.
2359
2360       nexthops: set of strings
2361              Next-hop ECMP IP addresses for this route. Each IP in  the  list
2362              should  be  the  IP address of a connected router port or the IP
2363              address of a logical port.
2364
2365              One IP from the list is selected as next hop.
2366
2367       options : pkt_mark: optional string
2368              Marks the packet with the value specified when the router policy
2369              is  applied.  CMS  can  inspect this packet marker and take some
2370              decisions if desired. This  value  is  not  preserved  when  the
2371              packet goes out on the wire.
2372
2373     Common Columns:
2374
2375       external_ids: map of string-string pairs
2376              See External IDs at the beginning of this document.
2377

NAT TABLE

2379       Each record represents a NAT rule.
2380
2381   Summary:
2382       type                          string,  one  of  dnat, dnat_and_snat, or
2383                                     snat
2384       external_ip                   string
2385       external_mac                  optional string
2386       external_port_range           string
2387       logical_ip                    string
2388       logical_port                  optional string
2389       allowed_ext_ips               optional Address_Set
2390       exempted_ext_ips              optional Address_Set
2391       options : stateless           optional string
2392       Common Columns:
2393         external_ids                map of string-string pairs
2394
2395   Details:
2396       type: string, one of dnat, dnat_and_snat, or snat
2397              Type of the NAT rule.
2398
2399              ·      When type is dnat,  the  externally  visible  IP  address
2400                     external_ip  is  DNATted  to the IP address logical_ip in
2401                     the logical space.
2402
2403              ·      When type is  snat,  IP  packets  with  their  source  IP
2404                     address  that either matches the IP address in logical_ip
2405                     or is in the network provided  by  logical_ip  is  SNATed
2406                     into the IP address in external_ip.
2407
2408              ·      When  type  is  dnat_and_snat,  the externally visible IP
2409                     address external_ip is DNATted to the  IP  address  logi‐
2410                     cal_ip in the logical space. In addition, IP packets with
2411                     the source IP address that matches logical_ip  is  SNATed
2412                     into the IP address in external_ip.
2413
2414       external_ip: string
2415              An IPv4 address.
2416
2417       external_mac: optional string
2418              A MAC address.
2419
2420              This  is  only  used on the gateway port on distributed routers.
2421              This must be specified in order for the NAT rule to be processed
2422              in a distributed manner on all chassis. If this is not specified
2423              for a NAT rule on a distributed router, then this NAT rule  will
2424              be  processed  in  a  centralized  manner  on  the  gateway port
2425              instance on the gateway chassis.
2426
2427              This MAC address must be unique on the logical switch  that  the
2428              gateway port is attached to. If the MAC address used on the log‐
2429              ical_port is globally unique, then that MAC address can be spec‐
2430              ified as this external_mac.
2431
2432       external_port_range: string
2433              L4 source port range
2434
2435              Range  of  ports,  from  which a port number will be picked that
2436              will replace the source port of to  be  NATed  packet.  This  is
2437              basically PAT (port address translation).
2438
2439              Value of the column is in the format, port_lo-port_hi. For exam‐
2440              ple: external_port_range : "1-30000"
2441
2442              Valid range of ports is 1-65535.
2443
2444       logical_ip: string
2445              An IPv4 network (e.g 192.168.1.0/24) or an IPv4 address.
2446
2447       logical_port: optional string
2448              The name of the logical port where the logical_ip resides.
2449
2450              This is only used on distributed routers. This must be specified
2451              in  order for the NAT rule to be processed in a distributed man‐
2452              ner on all chassis. If this is not specified for a NAT rule on a
2453              distributed  router,  then  this NAT rule will be processed in a
2454              centralized manner on the gateway port instance on  the  gateway
2455              chassis.
2456
2457       allowed_ext_ips: optional Address_Set
2458              It  represents  Address  Set  of  external  ips that NAT rule is
2459              applicable to. For SNAT type NAT rules, this refers to  destina‐
2460              tion  addresses.  For DNAT type NAT rules, this refers to source
2461              addresses.
2462
2463              This configuration overrides the default NAT behavior of  apply‐
2464              ing  a rule solely based on internal IP. Without this configura‐
2465              tion, NAT happens  without  considering  the  external  IP  (i.e
2466              dest/source  for  snat/dnat  type rule). With this configuration
2467              NAT rule is applied ONLY if external ip is in the input  Address
2468              Set.
2469
2470       exempted_ext_ips: optional Address_Set
2471              It  represents  Address Set of external ips that NAT rule is NOT
2472              applicable to. For SNAT type NAT rules, this refers to  destina‐
2473              tion  addresses.  For DNAT type NAT rules, this refers to source
2474              addresses.
2475
2476              This configuration overrides the default NAT behavior of  apply‐
2477              ing  a rule solely based on internal IP. Without this configura‐
2478              tion, NAT happens  without  considering  the  external  IP  (i.e
2479              dest/source  for  snat/dnat  type rule). With this configuration
2480              NAT rule is NOT applied if external ip is in the  input  Address
2481              Set.
2482
2483              If  there  are NAT rules in a logical router with overlapping IP
2484              prefixes (including /32), then usage of exempted_ext_ips  should
2485              be  avoided  in  following  scenario.  a.  SNAT rule (let us say
2486              RULE1) with logical_ip PREFIX/MASK (let us say 50.0.0.0/24).  b.
2487              SNAT  rule (let us say RULE2) with logical_ip PREFIX/MASK+1 (let
2488              us say 50.0.0.0/25). c. Now, if exempted_ext_ips  is  associated
2489              with RULE2, then a logical ip which matches both 50.0.0.0/24 and
2490              50.0.0.0/25 may get the RULE2 applied to it instead of RULE1.
2491
2492              allowed_ext_ips and exempted_ext_ips are mutually  exclusive  to
2493              each  other.  If  both Address Sets are set for a rule, then the
2494              NAT rule is not considered.
2495
2496       options : stateless: optional string
2497              Indicates if a dnat_and_snat  rule  should  lead  to  connection
2498              tracking state or not.
2499
2500     Common Columns:
2501
2502       external_ids: map of string-string pairs
2503              See External IDs at the beginning of this document.
2504

DHCP_Options TABLE

2506       OVN  implements  native  DHCPv4  support which caters to the common use
2507       case of providing an IPv4 address to a booting  instance  by  providing
2508       stateless  replies  to  DHCPv4  requests based on statically configured
2509       address mappings. To do this it allows a short list of  DHCPv4  options
2510       to  be  configured  and  applied  at each compute host running ovn-con‐
2511       troller.
2512
2513       OVN also implements native  DHCPv6  support  which  provides  stateless
2514       replies to DHCPv6 requests.
2515
2516   Summary:
2517       cidr                          string
2518       DHCPv4 options:
2519         Mandatory DHCPv4 options:
2520            options : server_id      optional string
2521            options : server_mac     optional string
2522            options : lease_time     optional  string,  containing an integer,
2523                                     in range 0 to 4,294,967,295
2524         IPv4 DHCP Options:
2525            options : router         optional string
2526            options : netmask        optional string
2527            options : dns_server     optional string
2528            options : log_server     optional string
2529            options : lpr_server     optional string
2530            options : swap_server    optional string
2531            options : policy_filter  optional string
2532            options : router_solicitation
2533                                     optional string
2534            options : nis_server     optional string
2535            options : ntp_server     optional string
2536            options : classless_static_route
2537                                     optional string
2538            options : ms_classless_static_route
2539                                     optional string
2540         Boolean DHCP Options:
2541            options : ip_forward_enable
2542                                     optional string, either 0 or 1
2543            options : router_discovery
2544                                     optional string, either 0 or 1
2545            options : ethernet_encap optional string, either 0 or 1
2546         Integer DHCP Options:
2547            options : default_ttl    optional string, containing  an  integer,
2548                                     in range 0 to 255
2549            options : tcp_ttl        optional  string,  containing an integer,
2550                                     in range 0 to 255
2551            options : mtu            optional string, containing  an  integer,
2552                                     in range 68 to 65,535
2553            options : T1             optional  string,  containing an integer,
2554                                     in range 68 to 4,294,967,295
2555            options : T2             optional string, containing  an  integer,
2556                                     in range 68 to 4,294,967,295
2557            options : arp_cache_timeout
2558                                     optional  string,  containing an integer,
2559                                     in range 0 to 255
2560            options : tcp_keepalive_interval
2561                                     optional string, containing  an  integer,
2562                                     in range 0 to 255
2563         String DHCP Options:
2564            options : wpad           optional string
2565            options : bootfile_name  optional string
2566            options : path_prefix    optional string
2567            options : tftp_server_address
2568                                     optional string
2569            options : domain_name    optional string
2570            options : bootfile_name_alt
2571                                     optional string
2572            options : broadcast_address
2573                                     optional string
2574         DHCP Options of type host_id:
2575            options : tftp_server    optional string
2576          DHCP Options of type domains:
2577            options : domain_search_list
2578                                     optional string
2579       DHCPv6 options:
2580         Mandatory DHCPv6 options:
2581            options : server_id      optional string
2582         IPv6 DHCPv6 options:
2583            options : dns_server     optional string
2584         String DHCPv6 options:
2585            options : domain_search  optional string
2586            options : dhcpv6_stateless
2587                                     optional string
2588       Common Columns:
2589         external_ids                map of string-string pairs
2590
2591   Details:
2592       cidr: string
2593              The  DHCPv4/DHCPv6  options will be included if the logical port
2594              has its IP address in this cidr.
2595
2596     DHCPv4 options:
2597
2598       The CMS should define the set of DHCPv4 options as key/value  pairs  in
2599       the  options  column of this table. For ovn-controller to include these
2600       DHCPv4 options, the dhcpv4_options of Logical_Switch_Port should  refer
2601       to an entry in this table.
2602
2603     Mandatory DHCPv4 options:
2604
2605       The following options must be defined.
2606
2607       options : server_id: optional string
2608              The IP address for the DHCP server to use. This should be in the
2609              subnet of the offered IP. This is  also  included  in  the  DHCP
2610              offer as option 54, ``server identifier.’’
2611
2612       options : server_mac: optional string
2613              The Ethernet address for the DHCP server to use.
2614
2615       options  : lease_time: optional string, containing an integer, in range
2616       0 to 4,294,967,295
2617              The offered lease time in seconds,
2618
2619              The DHCPv4 option code for this option is 51.
2620
2621     IPv4 DHCP Options:
2622
2623       Below are the  supported  DHCPv4  options  whose  values  are  an  IPv4
2624       address,  e.g. 192.168.1.1. Some options accept multiple IPv4 addresses
2625       enclosed within curly braces, e.g. {192.168.1.2,  192.168.1.3}.  Please
2626       refer to RFC 2132 for more details on DHCPv4 options and their codes.
2627
2628       options : router: optional string
2629              The  IP  address of a gateway for the client to use. This should
2630              be in the subnet of the offered IP. The DHCPv4 option  code  for
2631              this option is 3.
2632
2633       options : netmask: optional string
2634              The DHCPv4 option code for this option is 1.
2635
2636       options : dns_server: optional string
2637              The DHCPv4 option code for this option is 6.
2638
2639       options : log_server: optional string
2640              The DHCPv4 option code for this option is 7.
2641
2642       options : lpr_server: optional string
2643              The DHCPv4 option code for this option is 9.
2644
2645       options : swap_server: optional string
2646              The DHCPv4 option code for this option is 16.
2647
2648       options : policy_filter: optional string
2649              The DHCPv4 option code for this option is 21.
2650
2651       options : router_solicitation: optional string
2652              The DHCPv4 option code for this option is 32.
2653
2654       options : nis_server: optional string
2655              The DHCPv4 option code for this option is 41.
2656
2657       options : ntp_server: optional string
2658              The DHCPv4 option code for this option is 42.
2659
2660       options : classless_static_route: optional string
2661              The DHCPv4 option code for this option is 121.
2662
2663              This option can contain one or more static routes, each of which
2664              consists of a destination descriptor and the IP address  of  the
2665              router that should be used to reach that destination. Please see
2666              RFC 3442 for more details.
2667
2668              Example: {30.0.0.0/24,10.0.0.10, 0.0.0.0/0,10.0.0.1}
2669
2670       options : ms_classless_static_route: optional string
2671              The DHCPv4 option code for this option is 249.  This  option  is
2672              similar to classless_static_route supported by Microsoft Windows
2673              DHCPv4 clients.
2674
2675     Boolean DHCP Options:
2676
2677       These options accept a Boolean value, expressed as 0 for false or 1 for
2678       true.
2679
2680       options : ip_forward_enable: optional string, either 0 or 1
2681              The DHCPv4 option code for this option is 19.
2682
2683       options : router_discovery: optional string, either 0 or 1
2684              The DHCPv4 option code for this option is 31.
2685
2686       options : ethernet_encap: optional string, either 0 or 1
2687              The DHCPv4 option code for this option is 36.
2688
2689     Integer DHCP Options:
2690
2691       These options accept a nonnegative integer value.
2692
2693       options : default_ttl: optional string, containing an integer, in range
2694       0 to 255
2695              The DHCPv4 option code for this option is 23.
2696
2697       options : tcp_ttl: optional string, containing an integer, in  range  0
2698       to 255
2699              The DHCPv4 option code for this option is 37.
2700
2701       options  :  mtu: optional string, containing an integer, in range 68 to
2702       65,535
2703              The DHCPv4 option code for this option is 26.
2704
2705       options : T1: optional string, containing an integer, in  range  68  to
2706       4,294,967,295
2707              This  specifies  the time interval from address assignment until
2708              the client begins trying to renew its address. The DHCPv4 option
2709              code for this option is 58.
2710
2711       options  :  T2:  optional string, containing an integer, in range 68 to
2712       4,294,967,295
2713              This specifies the time interval from address  assignment  until
2714              the  client  begins  trying  to  rebind  its address. The DHCPv4
2715              option code for this option is 59.
2716
2717       options : arp_cache_timeout: optional string, containing an integer, in
2718       range 0 to 255
2719              The DHCPv4 option code for this option is 35. This option speci‐
2720              fies the timeout in seconds for ARP cache entries.
2721
2722       options : tcp_keepalive_interval: optional string, containing an  inte‐
2723       ger, in range 0 to 255
2724              The DHCPv4 option code for this option is 38. This option speci‐
2725              fies the interval that the client TCP should wait before sending
2726              a keepalive message on a TCP connection.
2727
2728     String DHCP Options:
2729
2730       These options accept a string value.
2731
2732       options : wpad: optional string
2733              The  DHCPv4  option  code for this option is 252. This option is
2734              used as part of web proxy auto discovery to provide a URL for  a
2735              web proxy.
2736
2737       options : bootfile_name: optional string
2738              The  DHCPv4  option  code  for this option is 67. This option is
2739              used to identify a bootfile.
2740
2741       options : path_prefix: optional string
2742              The DHCPv4 option code for this option is 210. In PXELINUX’ case
2743              this  option  is  used  to  set a common path prefix, instead of
2744              deriving it from the bootfile name.
2745
2746       options : tftp_server_address: optional string
2747              The DHCPv4 option code for this option is 150. The  option  con‐
2748              tains  one  or more IPv4 addresses that the client MAY use. This
2749              option is Cisco proprietary, the IEEE standard that matches with
2750              this requirement is option 66 (tftp_server).
2751
2752       options : domain_name: optional string
2753              The DHCPv4 option code for this option is 15. This option speci‐
2754              fies the domain name that client should use when resolving host‐
2755              names via the Domain Name System.
2756
2757       options : bootfile_name_alt: optional string
2758              "bootfile_name_alt"  option  is  used to support iPXE. When both
2759              "bootfile_name" and "bootfile_name_alt" are provided by the CMS,
2760              "bootfile_name"  will  be used for option 67 if the dhcp request
2761              contains etherboot option (175),  otherwise  "bootfile_name_alt"
2762              will be used.
2763
2764       options : broadcast_address: optional string
2765              The DHCPv4 option code for this option is 28. This option speci‐
2766              fies the IP address used as a broadcast address.
2767
2768     DHCP Options of type host_id:
2769
2770       These options accept either an IPv4 address or a string value.
2771
2772       options : tftp_server: optional string
2773              The DHCPv4 option code for this option is 66.
2774
2775      DHCP Options of type domains:
2776
2777       These options accept string value which is a comma  separated  list  of
2778       domain names. The domain names are encoded based on RFC 1035.
2779
2780       options : domain_search_list: optional string
2781              The DHCPv4 option code for this option is 119.
2782
2783     DHCPv6 options:
2784
2785       OVN  also  implements  native DHCPv6 support. The CMS should define the
2786       set of DHCPv6 options as key/value pairs.  The  define  DHCPv6  options
2787       will   be   included   in   the   DHCPv6   response   to   the   DHCPv6
2788       Solicit/Request/Confirm packet from the logical ports having  the  IPv6
2789       addresses in the cidr.
2790
2791     Mandatory DHCPv6 options:
2792
2793       The following options must be defined.
2794
2795       options : server_id: optional string
2796              The  Ethernet  address  for the DHCP server to use. This is also
2797              included in the DHCPv6 reply as option 2, ``Server  Identifier’’
2798              to  carry  a  DUID  identifying  a server between a client and a
2799              server. ovn-controller defines DUID based on Link-layer  Address
2800              [DUID-LL].
2801
2802     IPv6 DHCPv6 options:
2803
2804       Below  are  the  supported  DHCPv6  options  whose  values  are an IPv6
2805       address, e.g. aef0::4. Some  options  accept  multiple  IPv6  addresses
2806       enclosed  within curly braces, e.g. {aef0::4, aef0::5}. Please refer to
2807       RFC 3315 for more details on DHCPv6 options and their codes.
2808
2809       options : dns_server: optional string
2810              The DHCPv6 option code for this option is 23. This option speci‐
2811              fies the DNS servers that the VM should use.
2812
2813     String DHCPv6 options:
2814
2815       These options accept string values.
2816
2817       options : domain_search: optional string
2818              The DHCPv6 option code for this option is 24. This option speci‐
2819              fies the domain search list the client  should  use  to  resolve
2820              hostnames with DNS.
2821
2822              Example: "ovn.org".
2823
2824       options : dhcpv6_stateless: optional string
2825              This  option specifies the OVN native DHCPv6 will work in state‐
2826              less mode, which means OVN native DHCPv6  will  not  offer  IPv6
2827              addresses for VM/VIF ports, but only reply other configurations,
2828              such as DNS and domain search list.  When  setting  this  option
2829              with  string  value "true", VM/VIF will configure IPv6 addresses
2830              by stateless way. Default value for this option is false.
2831
2832     Common Columns:
2833
2834       external_ids: map of string-string pairs
2835              See External IDs at the beginning of this document.
2836

Connection TABLE

2838       Configuration for a database connection to  an  Open  vSwitch  database
2839       (OVSDB) client.
2840
2841       This  table  primarily  configures  the  Open  vSwitch  database server
2842       (ovsdb-server).
2843
2844       The Open vSwitch database server can initiate and maintain active  con‐
2845       nections  to  remote  clients.  It can also listen for database connec‐
2846       tions.
2847
2848   Summary:
2849       Core Features:
2850         target                      string (must be unique within table)
2851       Client Failure Detection and Handling:
2852         max_backoff                 optional integer, at least 1,000
2853         inactivity_probe            optional integer
2854       Status:
2855         is_connected                boolean
2856         status : last_error         optional string
2857         status : state              optional string, one of ACTIVE,  BACKOFF,
2858                                     CONNECTING, IDLE, or VOID
2859         status : sec_since_connect  optional  string,  containing an integer,
2860                                     at least 0
2861         status : sec_since_disconnect
2862                                     optional string, containing  an  integer,
2863                                     at least 0
2864         status : locks_held         optional string
2865         status : locks_waiting      optional string
2866         status : locks_lost         optional string
2867         status : n_connections      optional  string,  containing an integer,
2868                                     at least 2
2869         status : bound_port         optional string, containing an integer
2870       Common Columns:
2871         external_ids                map of string-string pairs
2872         other_config                map of string-string pairs
2873
2874   Details:
2875     Core Features:
2876
2877       target: string (must be unique within table)
2878              Connection methods for clients.
2879
2880              The following connection methods are currently supported:
2881
2882              ssl:host[:port]
2883                     The specified SSL port on the host  at  the  given  host,
2884                     which  can  either  be  a DNS name (if built with unbound
2885                     library) or an IP address. A valid SSL configuration must
2886                     be  provided  when  this form is used, this configuration
2887                     can be specified via command-line options or the SSL  ta‐
2888                     ble.
2889
2890                     If port is not specified, it defaults to 6640.
2891
2892                     SSL  support  is  an  optional feature that is not always
2893                     built as part of Open vSwitch.
2894
2895              tcp:host[:port]
2896                     The specified TCP port on the host  at  the  given  host,
2897                     which  can  either  be  a DNS name (if built with unbound
2898                     library) or an IP address. If host is  an  IPv6  address,
2899                     wrap it in square brackets, e.g. tcp:[::1]:6640.
2900
2901                     If port is not specified, it defaults to 6640.
2902
2903              pssl:[port][:host]
2904                     Listens  for  SSL  connections on the specified TCP port.
2905                     Specify 0 for  port  to  have  the  kernel  automatically
2906                     choose  an available port. If host, which can either be a
2907                     DNS name  (if  built  with  unbound  library)  or  an  IP
2908                     address, is specified, then connections are restricted to
2909                     the resolved or specified local IPaddress (either IPv4 or
2910                     IPv6 address). If host is an IPv6 address, wrap in square
2911                     brackets, e.g. pssl:6640:[::1]. If host is not  specified
2912                     then  it listens only on IPv4 (but not IPv6) addresses. A
2913                     valid SSL configuration must be provided when  this  form
2914                     is  used,  this  can be specified either via command-line
2915                     options or the SSL table.
2916
2917                     If port is not specified, it defaults to 6640.
2918
2919                     SSL support is an optional feature  that  is  not  always
2920                     built as part of Open vSwitch.
2921
2922              ptcp:[port][:host]
2923                     Listens  for connections on the specified TCP port. Spec‐
2924                     ify 0 for port to have the kernel automatically choose an
2925                     available  port.  If host, which can either be a DNS name
2926                     (if built with unbound library)  or  an  IP  address,  is
2927                     specified,   then   connections  are  restricted  to  the
2928                     resolved or specified local IP address  (either  IPv4  or
2929                     IPv6  address).  If  host  is an IPv6 address, wrap it in
2930                     square brackets, e.g. ptcp:6640:[::1].  If  host  is  not
2931                     specified then it listens only on IPv4 addresses.
2932
2933                     If port is not specified, it defaults to 6640.
2934
2935              When  multiple clients are configured, the target values must be
2936              unique. Duplicate target values yield unspecified results.
2937
2938     Client Failure Detection and Handling:
2939
2940       max_backoff: optional integer, at least 1,000
2941              Maximum  number  of  milliseconds  to  wait  between  connection
2942              attempts. Default is implementation-specific.
2943
2944       inactivity_probe: optional integer
2945              Maximum number of milliseconds of idle time on connection to the
2946              client before sending  an  inactivity  probe  message.  If  Open
2947              vSwitch  does  not communicate with the client for the specified
2948              number of seconds, it will send a probe. If a  response  is  not
2949              received  for  the  same additional amount of time, Open vSwitch
2950              assumes the connection has been broken and  attempts  to  recon‐
2951              nect.  Default is implementation-specific. A value of 0 disables
2952              inactivity probes.
2953
2954     Status:
2955
2956       Key-value pair of is_connected is always updated. Other key-value pairs
2957       in the status columns may be updated depends on the target type.
2958
2959       When target specifies a connection method that listens for inbound con‐
2960       nections (e.g. ptcp: or punix:), both  n_connections  and  is_connected
2961       may also be updated while the remaining key-value pairs are omitted.
2962
2963       On  the  other  hand, when target specifies an outbound connection, all
2964       key-value pairs may be updated, except  the  above-mentioned  two  key-
2965       value  pairs associated with inbound connection targets. They are omit‐
2966       ted.
2967
2968       is_connected: boolean
2969              true if currently connected to this client, false otherwise.
2970
2971       status : last_error: optional string
2972              A human-readable description of the last error on the connection
2973              to  the  manager; i.e. strerror(errno). This key will exist only
2974              if an error has occurred.
2975
2976       status : state: optional string, one of  ACTIVE,  BACKOFF,  CONNECTING,
2977       IDLE, or VOID
2978              The state of the connection to the manager:
2979
2980              VOID   Connection is disabled.
2981
2982              BACKOFF
2983                     Attempting to reconnect at an increasing period.
2984
2985              CONNECTING
2986                     Attempting to connect.
2987
2988              ACTIVE Connected, remote host responsive.
2989
2990              IDLE   Connection is idle. Waiting for response to keep-alive.
2991
2992              These  values  may  change in the future. They are provided only
2993              for human consumption.
2994
2995       status : sec_since_connect: optional string, containing an integer,  at
2996       least 0
2997              The amount of time since this client last successfully connected
2998              to the database (in seconds). Value is empty if client has never
2999              successfully been connected.
3000
3001       status  : sec_since_disconnect: optional string, containing an integer,
3002       at least 0
3003              The amount of time since this client last disconnected from  the
3004              database  (in  seconds). Value is empty if client has never dis‐
3005              connected.
3006
3007       status : locks_held: optional string
3008              Space-separated list of the names of OVSDB locks that  the  con‐
3009              nection  holds.  Omitted  if  the  connection  does not hold any
3010              locks.
3011
3012       status : locks_waiting: optional string
3013              Space-separated list of the names of OVSDB locks that  the  con‐
3014              nection  is currently waiting to acquire. Omitted if the connec‐
3015              tion is not waiting for any locks.
3016
3017       status : locks_lost: optional string
3018              Space-separated list of the names of OVSDB locks that  the  con‐
3019              nection  has  had  stolen by another OVSDB client. Omitted if no
3020              locks have been stolen from this connection.
3021
3022       status : n_connections: optional  string,  containing  an  integer,  at
3023       least 2
3024              When  target  specifies  a  connection  method  that listens for
3025              inbound connections (e.g. ptcp: or pssl:) and more than one con‐
3026              nection  is  actually  active, the value is the number of active
3027              connections. Otherwise, this key-value pair is omitted.
3028
3029       status : bound_port: optional string, containing an integer
3030              When target is ptcp: or pssl:, this is the TCP port on which the
3031              OVSDB  server  is  listening.  (This is particularly useful when
3032              target specifies a port of 0, allowing the kernel to choose  any
3033              available port.)
3034
3035     Common Columns:
3036
3037       The  overall purpose of these columns is described under Common Columns
3038       at the beginning of this document.
3039
3040       external_ids: map of string-string pairs
3041
3042       other_config: map of string-string pairs
3043

DNS TABLE

3045       Each row in this table stores the DNS records. The  Logical_Switch  ta‐
3046       ble’s dns_records references these records.
3047
3048   Summary:
3049       records                       map of string-string pairs
3050       external_ids                  map of string-string pairs
3051
3052   Details:
3053       records: map of string-string pairs
3054              Key-value pair of DNS records with DNS query name as the key and
3055              value as a string of IP address(es) separated by comma or space.
3056
3057              Example:  "vm1.ovn.org" = "10.0.0.4 aef0::4"
3058
3059       external_ids: map of string-string pairs
3060              See External IDs at the beginning of this document.
3061

SSL TABLE

3063       SSL configuration for ovn-nb database access.
3064
3065   Summary:
3066       private_key                   string
3067       certificate                   string
3068       ca_cert                       string
3069       bootstrap_ca_cert             boolean
3070       ssl_protocols                 string
3071       ssl_ciphers                   string
3072       Common Columns:
3073         external_ids                map of string-string pairs
3074
3075   Details:
3076       private_key: string
3077              Name of a PEM file  containing  the  private  key  used  as  the
3078              switch’s identity for SSL connections to the controller.
3079
3080       certificate: string
3081              Name  of a PEM file containing a certificate, signed by the cer‐
3082              tificate authority (CA) used by the controller and manager, that
3083              certifies  the  switch’s  private key, identifying a trustworthy
3084              switch.
3085
3086       ca_cert: string
3087              Name of a PEM file containing the CA certificate used to  verify
3088              that the switch is connected to a trustworthy controller.
3089
3090       bootstrap_ca_cert: boolean
3091              If  set to true, then Open vSwitch will attempt to obtain the CA
3092              certificate from the controller on its first SSL connection  and
3093              save  it  to  the  named  PEM file. If it is successful, it will
3094              immediately drop the connection and reconnect, and from then  on
3095              all  SSL  connections  must  be  authenticated  by a certificate
3096              signed by the CA certificate thus obtained. This option  exposes
3097              the  SSL  connection to a man-in-the-middle attack obtaining the
3098              initial CA certificate. It may still be  useful  for  bootstrap‐
3099              ping.
3100
3101       ssl_protocols: string
3102              List  of  SSL  protocols  to be enabled for SSL connections. The
3103              default when this option is omitted is TLSv1,TLSv1.1,TLSv1.2.
3104
3105       ssl_ciphers: string
3106              List of ciphers (in OpenSSL cipher string  format)  to  be  sup‐
3107              ported  for  SSL  connections.  The  default when this option is
3108              omitted is HIGH:!aNULL:!MD5.
3109
3110     Common Columns:
3111
3112       The overall purpose of these columns is described under Common  Columns
3113       at the beginning of this document.
3114
3115       external_ids: map of string-string pairs
3116

Gateway_Chassis TABLE

3118       Association  of  a  chassis to a logical router port. The traffic going
3119       out through an specific router port will be redirected to a chassis, or
3120       a set of them in high availability configurations.
3121
3122   Summary:
3123       name                          string (must be unique within table)
3124       chassis_name                  string
3125       priority                      integer, in range 0 to 32,767
3126       options                       map of string-string pairs
3127       Common Columns:
3128         external_ids                map of string-string pairs
3129
3130   Details:
3131       name: string (must be unique within table)
3132              Name of the Gateway_Chassis.
3133
3134              A   suggested,   but   not   required   naming   convention   is
3135              ${port_name}_${chassis_name}.
3136
3137       chassis_name: string
3138              Name of the chassis that we want to redirect traffic through for
3139              the  associated  logical  router  port. The value must match the
3140              name column of the Chassis table in the OVN_Southbound database.
3141
3142       priority: integer, in range 0 to 32,767
3143              This is the priority of  a  chassis  among  all  Gateway_Chassis
3144              belonging to the same logical router port.
3145
3146       options: map of string-string pairs
3147              Reserved for future use.
3148
3149     Common Columns:
3150
3151       external_ids: map of string-string pairs
3152              See External IDs at the beginning of this document.
3153

HA_Chassis_Group TABLE

3155       Table representing a group of chassis which can provide high availabil‐
3156       ity services. Each chassis in the group is  represented  by  the  table
3157       HA_Chassis.  The HA chassis with highest priority will be the master of
3158       this group. If the master chassis failover is detected, the HA  chassis
3159       with  the next higher priority takes over the responsibility of provid‐
3160       ing the HA. If a distributed gateway router port references  a  row  in
3161       this table, then the master HA chassis in this group provides the gate‐
3162       way functionality.
3163
3164   Summary:
3165       name                          string (must be unique within table)
3166       ha_chassis                    set of HA_Chassises
3167       Common Columns:
3168         external_ids                map of string-string pairs
3169
3170   Details:
3171       name: string (must be unique within table)
3172              Name of the HA_Chassis_Group. Name should be unique.
3173
3174       ha_chassis: set of HA_Chassises
3175              A list of HA chassis which belongs to this group.
3176
3177     Common Columns:
3178
3179       external_ids: map of string-string pairs
3180              See External IDs at the beginning of this document.
3181

HA_Chassis TABLE

3183   Summary:
3184       chassis_name                  string
3185       priority                      integer, in range 0 to 32,767
3186       Common Columns:
3187         external_ids                map of string-string pairs
3188
3189   Details:
3190       chassis_name: string
3191              Name of the chassis which is part of the HA chassis  group.  The
3192              value  must  match  the  name column of the Chassis table in the
3193              OVN_Southbound database.
3194
3195       priority: integer, in range 0 to 32,767
3196              Priority of the chassis. Chassis with highest priority  will  be
3197              the master.
3198
3199     Common Columns:
3200
3201       external_ids: map of string-string pairs
3202              See External IDs at the beginning of this document.
3203

BFD TABLE

3205       Contains BFD parameter for ovn-controller bfd configuration.
3206
3207   Summary:
3208       Configuration:
3209         logical_port                string
3210         dst_ip                      string
3211         min_tx                      optional integer, at least 1
3212         min_rx                      optional integer
3213         detect_mult                 optional integer, at least 1
3214         options                     map of string-string pairs
3215         external_ids                map of string-string pairs
3216       Status Reporting:
3217         status                      optional string, one of admin_down, down,
3218                                     init, or up
3219
3220   Details:
3221     Configuration:
3222
3223       logical_port: string
3224              OVN logical port when BFD engine is running.
3225
3226       dst_ip: string
3227              BFD peer IP address.
3228
3229       min_tx: optional integer, at least 1
3230              This is the minimum interval, in milliseconds,  that  the  local
3231              system  would like to use when transmitting BFD Control packets,
3232              less any jitter applied. The value  zero  is  reserved.  Default
3233              value is 1000 ms.
3234
3235       min_rx: optional integer
3236              This  is the minimum interval, in milliseconds, between received
3237              BFD Control packets that this system is capable  of  supporting,
3238              less  any  jitter  applied by the sender. If this value is zero,
3239              the transmitting system does not want the remote system to  send
3240              any periodic BFD Control packets.
3241
3242       detect_mult: optional integer, at least 1
3243              Detection  time  multiplier.  The  negotiated transmit interval,
3244              multiplied by this value, provides the Detection  Time  for  the
3245              receiving system in Asynchronous mode. Default value is 5.
3246
3247       options: map of string-string pairs
3248              Reserved for future use.
3249
3250       external_ids: map of string-string pairs
3251              See External IDs at the beginning of this document.
3252
3253     Status Reporting:
3254
3255       status: optional string, one of admin_down, down, init, or up
3256              BFD port logical states. Possible values are:
3257
3258              ·      admin_down
3259
3260              ·      down
3261
3262              ·      init
3263
3264              ·      up
3265
3266
3267
3268Open vSwitch 20.12.0            DB Schema 5.31.0                     ovn-nb(5)
Impressum