1ovn-ic-nb(5) Open vSwitch Manual ovn-ic-nb(5)
2
6 ovn-ic-nb - OVN_IC_Northbound database schema
7 This database is the interface for cloud management system (CMS), such
9 as OpenStack, to configure OVN interconnection settings. The CMS pro‐
10 duces almost all of the contents of the database. The ovn-ic program
11 monitors the database contents, transforms it, and stores it into the
12 OVN_IC_Southbound database.
13 We generally speak of ``the’’ CMS, but one can imagine scenarios in
15 which multiple CMSes manage different parts of OVN interconnection.
16 External IDs
18 Each of the tables in this database contains a special column, named
19 external_ids. This column has the same form and purpose each place it
20 appears.
21 external_ids: map of string-string pairs
23 Key-value pairs for use by the CMS. The CMS might use
24 certain pairs, for example, to identify entities in its
25 own configuration that correspond to those in this data‐
26 base.
27
29 The following list summarizes the purpose of each of the tables in the
30 OVN_IC_Northbound database. Each table is described in more detail on
31 a later page.
32 Table Purpose
34 IC_NB_Global
35 IC Northbound configuration
36 Transit_Switch
37 Transit logical switch
38 SSL SSL configuration.
39 Connection
40 OVSDB client connections.
41
43 Northbound configuration for OVN interconnection. This table must have
44 exactly one row.
45 Summary:
47 Common Columns:
48 external_ids map of string-string pairs
49 Common options:
50 options map of string-string pairs
51 options : ic_probe_interval
52 optional string
53 Connection Options:
54 connections set of Connections
55 ssl optional SSL
56 Details:
58 Common Columns:
59 external_ids: map of string-string pairs
61 See External IDs at the beginning of this document.
62 Common options:
64 options: map of string-string pairs
66 This column provides general key/value settings. The supported
67 options are described individually below.
68 options : ic_probe_interval: optional string
70 The inactivity probe interval of the connection to the OVN IC
71 Northbound and Southbound databases from ovn-ic, in millisec‐
72 onds. If the value is zero, it disables the connection keepalive
73 feature.
74 If the value is nonzero, then it will be forced to a value of at
76 least 1000 ms.
77 Connection Options:
79 connections: set of Connections
81 Database clients to which the Open vSwitch database server
82 should connect or on which it should listen, along with options
83 for how these connections should be configured. See the Connec‐
84 tion table for more information.
85 ssl: optional SSL
87 Global SSL configuration.
88
90 Each row represents one transit logical switch for interconnection be‐
91 tween different OVN deployments (availability zones).
92 Summary:
94 Naming:
95 name string (must be unique within table)
96 Common Columns:
97 other_config map of string-string pairs
98 external_ids map of string-string pairs
99 Details:
101 Naming:
102 name: string (must be unique within table)
104 A name that uniquely identifies the transit logical switch.
105 Common Columns:
107 other_config: map of string-string pairs
109 external_ids: map of string-string pairs
111 See External IDs at the beginning of this document.
112
114 SSL configuration for ovn-nb database access.
115 Summary:
117 private_key string
118 certificate string
119 ca_cert string
120 bootstrap_ca_cert boolean
121 ssl_protocols string
122 ssl_ciphers string
123 Common Columns:
124 external_ids map of string-string pairs
125 Details:
127 private_key: string
128 Name of a PEM file containing the private key used as the
129 switch’s identity for SSL connections to the controller.
130 certificate: string
132 Name of a PEM file containing a certificate, signed by the cer‐
133 tificate authority (CA) used by the controller and manager, that
134 certifies the switch’s private key, identifying a trustworthy
135 switch.
136 ca_cert: string
138 Name of a PEM file containing the CA certificate used to verify
139 that the switch is connected to a trustworthy controller.
140 bootstrap_ca_cert: boolean
142 If set to true, then Open vSwitch will attempt to obtain the CA
143 certificate from the controller on its first SSL connection and
144 save it to the named PEM file. If it is successful, it will im‐
145 mediately drop the connection and reconnect, and from then on
146 all SSL connections must be authenticated by a certificate
147 signed by the CA certificate thus obtained. This option exposes
148 the SSL connection to a man-in-the-middle attack obtaining the
149 initial CA certificate. It may still be useful for bootstrap‐
150 ping.
151 ssl_protocols: string
153 List of SSL protocols to be enabled for SSL connections. The de‐
154 fault when this option is omitted is TLSv1,TLSv1.1,TLSv1.2.
155 ssl_ciphers: string
157 List of ciphers (in OpenSSL cipher string format) to be sup‐
158 ported for SSL connections. The default when this option is
159 omitted is HIGH:!aNULL:!MD5.
160 Common Columns:
162 The overall purpose of these columns is described under Common Columns
164 at the beginning of this document.
165 external_ids: map of string-string pairs
167
169 Configuration for a database connection to an Open vSwitch database
170 (OVSDB) client.
171 This table primarily configures the Open vSwitch database server
173 (ovsdb-server).
174 The Open vSwitch database server can initiate and maintain active con‐
176 nections to remote clients. It can also listen for database connec‐
177 tions.
178 Summary:
180 Core Features:
181 target string (must be unique within table)
182 Client Failure Detection and Handling:
183 max_backoff optional integer, at least 1,000
184 inactivity_probe optional integer
185 Status:
186 is_connected boolean
187 status : last_error optional string
188 status : state optional string, one of ACTIVE, BACKOFF,
189 CONNECTING, IDLE, or VOID
190 status : sec_since_connect optional string, containing an integer,
191 at least 0
192 status : sec_since_disconnect
193 optional string, containing an integer,
194 at least 0
195 status : locks_held optional string
196 status : locks_waiting optional string
197 status : locks_lost optional string
198 status : n_connections optional string, containing an integer,
199 at least 2
200 status : bound_port optional string, containing an integer
201 Common Columns:
202 external_ids map of string-string pairs
203 other_config map of string-string pairs
204 Details:
206 Core Features:
207 target: string (must be unique within table)
209 Connection methods for clients.
210 The following connection methods are currently supported:
212 ssl:host[:port]
214 The specified SSL port on the host at the given host,
215 which can either be a DNS name (if built with unbound li‐
216 brary) or an IP address. A valid SSL configuration must
217 be provided when this form is used, this configuration
218 can be specified via command-line options or the SSL ta‐
219 ble.
220 If port is not specified, it defaults to 6640.
222 SSL support is an optional feature that is not always
224 built as part of Open vSwitch.
225 tcp:host[:port]
227 The specified TCP port on the host at the given host,
228 which can either be a DNS name (if built with unbound li‐
229 brary) or an IP address. If host is an IPv6 address, wrap
230 it in square brackets, e.g. tcp:[::1]:6640.
231 If port is not specified, it defaults to 6640.
233 pssl:[port][:host]
235 Listens for SSL connections on the specified TCP port.
236 Specify 0 for port to have the kernel automatically
237 choose an available port. If host, which can either be a
238 DNS name (if built with unbound library) or an IP ad‐
239 dress, is specified, then connections are restricted to
240 the resolved or specified local IPaddress (either IPv4 or
241 IPv6 address). If host is an IPv6 address, wrap in square
242 brackets, e.g. pssl:6640:[::1]. If host is not specified
243 then it listens only on IPv4 (but not IPv6) addresses. A
244 valid SSL configuration must be provided when this form
245 is used, this can be specified either via command-line
246 options or the SSL table.
247 If port is not specified, it defaults to 6640.
249 SSL support is an optional feature that is not always
251 built as part of Open vSwitch.
252 ptcp:[port][:host]
254 Listens for connections on the specified TCP port. Spec‐
255 ify 0 for port to have the kernel automatically choose an
256 available port. If host, which can either be a DNS name
257 (if built with unbound library) or an IP address, is
258 specified, then connections are restricted to the re‐
259 solved or specified local IP address (either IPv4 or IPv6
260 address). If host is an IPv6 address, wrap it in square
261 brackets, e.g. ptcp:6640:[::1]. If host is not specified
262 then it listens only on IPv4 addresses.
263 If port is not specified, it defaults to 6640.
265 When multiple clients are configured, the target values must be
267 unique. Duplicate target values yield unspecified results.
268 Client Failure Detection and Handling:
270 max_backoff: optional integer, at least 1,000
272 Maximum number of milliseconds to wait between connection at‐
273 tempts. Default is implementation-specific.
274 inactivity_probe: optional integer
276 Maximum number of milliseconds of idle time on connection to the
277 client before sending an inactivity probe message. If Open
278 vSwitch does not communicate with the client for the specified
279 number of seconds, it will send a probe. If a response is not
280 received for the same additional amount of time, Open vSwitch
281 assumes the connection has been broken and attempts to recon‐
282 nect. Default is implementation-specific. A value of 0 disables
283 inactivity probes.
284 Status:
286 Key-value pair of is_connected is always updated. Other key-value pairs
288 in the status columns may be updated depends on the target type.
289 When target specifies a connection method that listens for inbound con‐
291 nections (e.g. ptcp: or punix:), both n_connections and is_connected
292 may also be updated while the remaining key-value pairs are omitted.
293 On the other hand, when target specifies an outbound connection, all
295 key-value pairs may be updated, except the above-mentioned two key-
296 value pairs associated with inbound connection targets. They are omit‐
297 ted.
298 is_connected: boolean
300 true if currently connected to this client, false otherwise.
301 status : last_error: optional string
303 A human-readable description of the last error on the connection
304 to the manager; i.e. strerror(errno). This key will exist only
305 if an error has occurred.
306 status : state: optional string, one of ACTIVE, BACKOFF, CONNECTING,
308 IDLE, or VOID
309 The state of the connection to the manager:
310 VOID Connection is disabled.
312 BACKOFF
314 Attempting to reconnect at an increasing period.
315 CONNECTING
317 Attempting to connect.
318 ACTIVE Connected, remote host responsive.
320 IDLE Connection is idle. Waiting for response to keep-alive.
322 These values may change in the future. They are provided only
324 for human consumption.
325 status : sec_since_connect: optional string, containing an integer, at
327 least 0
328 The amount of time since this client last successfully connected
329 to the database (in seconds). Value is empty if client has never
330 successfully been connected.
331 status : sec_since_disconnect: optional string, containing an integer,
333 at least 0
334 The amount of time since this client last disconnected from the
335 database (in seconds). Value is empty if client has never dis‐
336 connected.
337 status : locks_held: optional string
339 Space-separated list of the names of OVSDB locks that the con‐
340 nection holds. Omitted if the connection does not hold any
341 locks.
342 status : locks_waiting: optional string
344 Space-separated list of the names of OVSDB locks that the con‐
345 nection is currently waiting to acquire. Omitted if the connec‐
346 tion is not waiting for any locks.
347 status : locks_lost: optional string
349 Space-separated list of the names of OVSDB locks that the con‐
350 nection has had stolen by another OVSDB client. Omitted if no
351 locks have been stolen from this connection.
352 status : n_connections: optional string, containing an integer, at
354 least 2
355 When target specifies a connection method that listens for in‐
356 bound connections (e.g. ptcp: or pssl:) and more than one con‐
357 nection is actually active, the value is the number of active
358 connections. Otherwise, this key-value pair is omitted.
359 status : bound_port: optional string, containing an integer
361 When target is ptcp: or pssl:, this is the TCP port on which the
362 OVSDB server is listening. (This is particularly useful when
363 target specifies a port of 0, allowing the kernel to choose any
364 available port.)
365 Common Columns:
367 The overall purpose of these columns is described under Common Columns
369 at the beginning of this document.
370 external_ids: map of string-string pairs
372 other_config: map of string-string pairs
374Open vSwitch 23.09.2 DB Schema 1.0.0 ovn-ic-nb(5)