1ovn-nb(5)                     Open vSwitch Manual                    ovn-nb(5)
2
3
4

NAME

6       ovn-nb - OVN_Northbound database schema
7
8       This  database  is  the  interface between OVN and the cloud management
9       system (CMS), such as OpenStack, running above  it.  The  CMS  produces
10       almost all of the contents of the database. The ovn-northd program mon‐
11       itors the database contents, transforms it,  and  stores  it  into  the
12       OVN_Southbound database.
13
14       We  generally  speak  of  ``the’’ CMS, but one can imagine scenarios in
15       which multiple CMSes manage different parts of an OVN deployment.
16
17   External IDs
18       Each of the tables in this database contains a  special  column,  named
19       external_ids.  This  column has the same form and purpose each place it
20       appears.
21
22              external_ids: map of string-string pairs
23                     Key-value pairs for use by the CMS.  The  CMS  might  use
24                     certain  pairs,  for example, to identify entities in its
25                     own configuration that correspond to those in this  data‐
26                     base.
27

TABLE SUMMARY

29       The  following list summarizes the purpose of each of the tables in the
30       OVN_Northbound database.  Each table is described in more detail  on  a
31       later page.
32
33       Table     Purpose
34       NB_Global Northbound configuration
35       Logical_Switch
36                 L2 logical switch
37       Logical_Switch_Port
38                 L2 logical switch port
39       Forwarding_Group
40                 forwarding group
41       Address_Set
42                 Address Sets
43       Port_Group
44                 Port Groups
45       Load_Balancer
46                 load balancer
47       Load_Balancer_Health_Check
48                 load balancer
49       ACL       Access Control List (ACL) rule
50       Logical_Router
51                 L3 logical router
52       QoS       QoS rule
53       Meter     Meter entry
54       Meter_Band
55                 Band for meter entries
56       Logical_Router_Port
57                 L3 logical router port
58       Logical_Router_Static_Route
59                 Logical router static routes
60       Logical_Router_Policy
61                 Logical router policies
62       NAT       NAT rules
63       DHCP_Options
64                 DHCP options
65       Connection
66                 OVSDB client connections.
67       DNS       Native DNS resolution
68       SSL       SSL configuration.
69       Gateway_Chassis
70                 Gateway_Chassis configuration.
71       HA_Chassis_Group
72                 HA_Chassis_Group configuration.
73       HA_Chassis
74                 HA_Chassis configuration.
75

NB_Global TABLE

77       Northbound  configuration  for  an  OVN  system.  This  table must have
78       exactly one row.
79
80   Summary:
81       Identity:
82         name                        string
83       Status:
84         nb_cfg                      integer
85         sb_cfg                      integer
86         hv_cfg                      integer
87       Common Columns:
88         external_ids                map of string-string pairs
89       Common options:
90         options                     map of string-string pairs
91         Options for configuring BFD:
92            options : bfd-min-rx     optional string
93            options : bfd-decay-min-rx
94                                     optional string
95            options : bfd-min-tx     optional string
96            options : bfd-mult       optional string
97         options : mac_prefix        optional string
98         options : controller_event  optional string, either true or false
99         options : northd_probe_interval
100                                     optional string
101         Options for configuring interconnection route advertisement:
102            options : ic-route-adv   optional string
103            options : ic-route-learn optional string
104            options : ic-route-adv-default
105                                     optional string
106            options : ic-route-learn-default
107                                     optional string
108            options : ic-route-blacklist
109                                     optional string
110       Connection Options:
111         connections                 set of Connections
112         ssl                         optional SSL
113       Security Configurations:
114         ipsec                       boolean
115
116   Details:
117     Identity:
118
119       name: string
120              The name of the OVN cluster, which uniquely identifies  the  OVN
121              cluster  throughout  all  OVN  clusters supposed to interconnect
122              with each other.
123
124     Status:
125
126       These columns allow a client to track the overall  configuration  state
127       of the system.
128
129       nb_cfg: integer
130              Sequence  number for client to increment. When a client modifies
131              any part of the northbound database configuration and wishes  to
132              wait  for ovn-northd and possibly all of the hypervisors to fin‐
133              ish applying the changes, it may increment this sequence number.
134
135       sb_cfg: integer
136              Sequence number that ovn-northd sets  to  the  value  of  nb_cfg
137              after  it  finishes  applying  the  corresponding  configuration
138              changes to the OVN_Southbound database.
139
140       hv_cfg: integer
141              Sequence number that ovn-northd sets to  the  smallest  sequence
142              number  of  all  the  chassis  in the system, as reported in the
143              Chassis table in the southbound database.  Thus,  hv_cfg  equals
144              nb_cfg if all chassis are caught up with the northbound configu‐
145              ration (which may never happen, if any chassis  is  down).  This
146              value  can regress, if a chassis was removed from the system and
147              rejoins before catching up.
148
149     Common Columns:
150
151       external_ids: map of string-string pairs
152              See External IDs at the beginning of this document.
153
154     Common options:
155
156       options: map of string-string pairs
157              This column provides general key/value settings.  The  supported
158              options are described individually below.
159
160     Options for configuring BFD:
161
162       These  options  apply  when  ovn-controller  configures  BFD on tunnels
163       interfaces.
164
165       options : bfd-min-rx: optional string
166              BFD option min-rx value to use when configuring  BFD  on  tunnel
167              interfaces.
168
169       options : bfd-decay-min-rx: optional string
170              BFD  option  decay-min-rx  value  to use when configuring BFD on
171              tunnel interfaces.
172
173       options : bfd-min-tx: optional string
174              BFD option min-tx value to use when configuring  BFD  on  tunnel
175              interfaces.
176
177       options : bfd-mult: optional string
178              BFD  option  mult  value  to  use when configuring BFD on tunnel
179              interfaces.
180
181       options : mac_prefix: optional string
182              Configure a given OUI to be used as prefix when  L2  address  is
183              dynamically assigned, e.g. 00:11:22
184
185       options : controller_event: optional string, either true or false
186              Value  set  by  the  CMS  to enable/disable ovn-controller event
187              reporting. Traffic into OVS can raise a ’controller’ event  that
188              results   in  a  Controller_Event  being  written  to  the  Con‐
189              troller_Event table in SBDB. When the CMS has seen the event and
190              taken  appropriate action, it can remove the correponding row in
191              Controller_Event table. The intention is for a CMS  to  see  the
192              events  and  take  some  sort  of  action.  Please  see the Con‐
193              troller_Event table in SBDB. It is possible to associate a meter
194              to each controller event type in order to not overload the pinc‐
195              trl thread under heavy load. Each event type relies on  a  meter
196              with a defined name:
197
198              ·      empty_lb_backends: event-elb
199
200       options : northd_probe_interval: optional string
201              The  inactivity  probe  interval  of  the  connection to the OVN
202              Northbound and Southbound databases  from  ovn-northd,  in  mil‐
203              liseconds.  If  the  value  is  zero, it disables the connection
204              keepalive feature.
205
206              If the value is nonzero, then it will be forced to a value of at
207              least 1000 ms.
208
209     Options for configuring interconnection route advertisement:
210
211       These options control how routes are advertised between OVN deployments
212       for interconnection. If enabled, ovn-ic from different OVN  deployments
213       exchanges  routes  between  each other through the global OVN_IC_South‐
214       bound database. Only routers with ports  connected  to  interconnection
215       transit  switches participate in route advertisement. For each of these
216       routers, there are two types of routes to be advertised:
217
218       Firstly, the static routes configured in the router are advertised.
219
220       Secondly, the networks configured in the logical router ports that  are
221       not  on  the  transit  switches are advertised. These are considered as
222       directly connected subnets on the router.
223
224       Link local prefixes (IPv4 169.254.0.0/16 and IPv6 FE80::/10) are  never
225       advertised.
226
227       The  learned  routes are added to the static_routes column of the Logi‐
228       cal_Router table, with external_ids:ic-learned-route set to the uuid of
229       the row in Route table of the OVN_IC_Southbound database.
230
231       options : ic-route-adv: optional string
232              A  boolean  value that enables route advertisement to the global
233              OVN_IC_Southbound database. Default is false.
234
235       options : ic-route-learn: optional string
236              A boolean value that enables  route  learning  from  the  global
237              OVN_IC_Southbound database. Default is false.
238
239       options : ic-route-adv-default: optional string
240              A  boolean  value  that enables advertising default route to the
241              global OVN_IC_Southbound database. Default is false. This option
242              takes effect only when option ic-route-adv is true.
243
244       options : ic-route-learn-default: optional string
245              A  boolean  value  that  enables learning default route from the
246              global OVN_IC_Southbound database. Default is false. This option
247              takes effect only when option ic-route-learn is true.
248
249       options : ic-route-blacklist: optional string
250              A  string  value  contains  a  list of CIDRs delimited by ",". A
251              route will not be advertised or learned if  the  route’s  prefix
252              belongs to any of the CIDRs listed.
253
254     Connection Options:
255
256       connections: set of Connections
257              Database  clients  to  which  the  Open  vSwitch database server
258              should connect or on which it should listen, along with  options
259              for  how these connections should be configured. See the Connec‐
260              tion table for more information.
261
262       ssl: optional SSL
263              Global SSL configuration.
264
265     Security Configurations:
266
267       ipsec: boolean
268              Tunnel encryption configuration. If this column  is  set  to  be
269              true, all OVN tunnels will be encrypted with IPsec.
270

Logical_Switch TABLE

272       Each row represents one L2 logical switch.
273
274       There  are two kinds of logical switches, that is, ones that fully vir‐
275       tualize the network (overlay logical switches) and  ones  that  provide
276       simple  connectivity  to a physical network (bridged logical switches).
277       They work in the same way when providing connectivity  between  logical
278       ports  on  same  chasis, but differently when connecting remote logical
279       ports. Overlay logical switches connect remote logical  ports  by  tun‐
280       nels,  while  bridged  logical  switches provide connectivity to remote
281       ports by bridging the packets to directly connected physical L2 segment
282       with  the  help  of localnet ports. Each bridged logical switch has one
283       and only one localnet port, which has only one special address unknown.
284
285   Summary:
286       ports                         set of Logical_Switch_Ports
287       load_balancer                 set of weak reference to Load_Balancers
288       acls                          set of ACLs
289       qos_rules                     set of QoSs
290       dns_records                   set of weak reference to DNSs
291       forwarding_groups             set of Forwarding_Groups
292       Naming:
293         name                        string
294         external_ids : neutron:network_name
295                                     optional string
296       IP Address Assignment:
297         other_config : subnet       optional string
298         other_config : exclude_ips  optional string
299         other_config : ipv6_prefix  optional string
300         other_config : mac_only     optional string, either true or false
301       IP Multicast Snooping Options:
302         other_config : mcast_snoop  optional string, either true or false
303         other_config : mcast_querier
304                                     optional string, either true or false
305         other_config : mcast_flood_unregistered
306                                     optional string, either true or false
307         other_config : mcast_table_size
308                                     optional string, containing  an  integer,
309                                     in range 1 to 32,766
310         other_config : mcast_idle_timeout
311                                     optional  string,  containing an integer,
312                                     in range 15 to 3,600
313         other_config : mcast_query_interval
314                                     optional string, containing  an  integer,
315                                     in range 1 to 3,600
316         other_config : mcast_query_max_response
317                                     optional  string,  containing an integer,
318                                     in range 1 to 10
319         other_config : mcast_eth_src
320                                     optional string
321         other_config : mcast_ip4_src
322                                     optional string
323         other_config : mcast_ip6_src
324                                     optional string
325       Interconnection:
326         other_config : interconn-ts
327                                     optional string
328       Tunnel Key:
329         other_config : requested-tnl-key
330                                     optional string, containing  an  integer,
331                                     in range 1 to 16,777,215
332       Common Columns:
333         external_ids                map of string-string pairs
334
335   Details:
336       ports: set of Logical_Switch_Ports
337              The logical ports connected to the logical switch.
338
339              It is an error for multiple logical switches to include the same
340              logical port.
341
342       load_balancer: set of weak reference to Load_Balancers
343              Load balance a virtual ip address to a set of logical port  end‐
344              point ip addresses.
345
346       acls: set of ACLs
347              Access  control  rules  that apply to packets within the logical
348              switch.
349
350       qos_rules: set of QoSs
351              QoS marking and metering rules that apply to packets within  the
352              logical switch.
353
354       dns_records: set of weak reference to DNSs
355              This  column  defines  the  DNS records to be used for resolving
356              internal DNS queries within the logical switch by the native DNS
357              resolver. Please see the DNS table.
358
359       forwarding_groups: set of Forwarding_Groups
360              Groups  a set of logical port endpoints for traffic going out of
361              the logical switch.
362
363     Naming:
364
365       These columns provide names for the logical switch. From OVN’s perspec‐
366       tive, these names have no special meaning or purpose other than to pro‐
367       vide convenience for human interaction with the database. There  is  no
368       requirement  for  the name to be unique. (For a unique identifier for a
369       logical switch, use its row UUID.)
370
371       (Originally, name was intended to serve the purpose of a human-friendly
372       name,  but the Neutron integration used it to uniquely identify its own
373       switch object, in the format neutron-uuid. Later  on,  Neutron  started
374       propagating  the friendly name of a switch as external_ids:neutron:net‐
375       work_name. Perhaps this can be cleaned up someday.)
376
377       name: string
378              A name for the logical switch.
379
380       external_ids : neutron:network_name: optional string
381              Another name for the logical switch.
382
383     IP Address Assignment:
384
385       These options control automatic IP address management (IPAM) for  ports
386       attached to the logical switch. To enable IPAM for IPv4, set other_con‐
387       fig:subnet and optionally other_config:exclude_ips. To enable IPAM  for
388       IPv6,  set  other_config:ipv6_prefix.  IPv4  and  IPv6  may  be enabled
389       together or separately.
390
391       To request dynamic address assignment for a particular  port,  use  the
392       dynamic   keyword   in   the  addresses  column  of  the  port’s  Logi‐
393       cal_Switch_Port row. This requests both an IPv4 and an IPv6 address, if
394       IPAM for IPv4 and IPv6 are both enabled.
395
396       other_config : subnet: optional string
397              Set  this  to  an  IPv4  subnet,  e.g. 192.168.0.0/24, to enable
398              ovn-northd to automatically assign IP addresses within that sub‐
399              net.
400
401       other_config : exclude_ips: optional string
402              To  exclude some addresses from automatic IP address management,
403              set this to a list of the IPv4 addresses or ..-delimited  ranges
404              to  exclude. The addresses or ranges should be a subset of those
405              in other_config:subnet.
406
407              Whether listed or not, ovn-northd will never allocate the  first
408              or   last   address   in   a  subnet,  such  as  192.168.0.0  or
409              192.168.0.255 in 192.168.0.0/24.
410
411              Examples:
412
413              ·      192.168.0.2 192.168.0.10
414
415              ·      192.168.0.4                    192.168.0.30..192.168.0.60
416                     192.168.0.110..192.168.0.120
417
418              ·      192.168.0.110..192.168.0.120   192.168.0.25..192.168.0.30
419                     192.168.0.144
420
421       other_config : ipv6_prefix: optional string
422              Set this to an IPv6 prefix to enable ovn-northd to automatically
423              assign  IPv6  addresses  using  this  prefix.  The assigned IPv6
424              address will be generated using the  IPv6  prefix  and  the  MAC
425              address (converted to an IEEE EUI64 identifier) of the port. The
426              IPv6 prefix defined here should be a valid IPv6  address  ending
427              with ::.
428
429              Examples:
430
431              ·      aef0::
432
433              ·      bef0:1234:a890:5678::
434
435              ·      8230:5678::
436
437       other_config : mac_only: optional string, either true or false
438              Value  used to request to assign L2 address only if neither sub‐
439              net nor ipv6_prefix are specified
440
441     IP Multicast Snooping Options:
442
443       These options control IP Multicast Snooping configuration of the  logi‐
444       cal   switch.   To   enable   IP   Multicast  Snooping  set  other_con‐
445       fig:mcast_snoop to true. To enable IP Multicast Querier set  other_con‐
446       fig:mcast_snoop  to true. If IP Multicast Querier is enabled other_con‐
447       fig:mcast_eth_src and other_config:mcast_ip4_src must be set.
448
449       other_config : mcast_snoop: optional string, either true or false
450              Enables/disables IP Multicast Snooping on the logical switch.
451
452       other_config : mcast_querier: optional string, either true or false
453              Enables/disables IP Multicast Querier on the logical switch.
454
455       other_config : mcast_flood_unregistered: optional string,  either  true
456       or false
457              Determines  whether  unregistered  multicast  traffic  should be
458              flooded or not. Only applicable if  other_config:mcast_snoop  is
459              enabled.
460
461       other_config  :  mcast_table_size: optional string, containing an inte‐
462       ger, in range 1 to 32,766
463              Number of multicast groups to be stored. Default: 2048.
464
465       other_config : mcast_idle_timeout: optional string, containing an inte‐
466       ger, in range 15 to 3,600
467              Configures the IP Multicast Snooping group idle timeout (in sec‐
468              onds). Default: 300 seconds.
469
470       other_config : mcast_query_interval:  optional  string,  containing  an
471       integer, in range 1 to 3,600
472              Configures the IP Multicast Querier interval between queries (in
473              seconds). Default: other_config:mcast_idle_timeout / 2.
474
475       other_config : mcast_query_max_response: optional string, containing an
476       integer, in range 1 to 10
477              Configures  the  value of the "max-response" field in the multi‐
478              cast queries originated by the logical switch. Default:  1  sec‐
479              ond.
480
481       other_config : mcast_eth_src: optional string
482              Configures the source Ethernet address for queries originated by
483              the logical switch.
484
485       other_config : mcast_ip4_src: optional string
486              Configures the source IPv4 address for queries originated by the
487              logical switch.
488
489       other_config : mcast_ip6_src: optional string
490              Configures the source IPv6 address for queries originated by the
491              logical switch.
492
493     Interconnection:
494
495       other_config : interconn-ts: optional string
496              The name of corresponding transit  switch  in  OVN_IC_Northbound
497              database.  This kind of logical switch is created and controlled
498              by ovn-ic.
499
500     Tunnel Key:
501
502       other_config : requested-tnl-key: optional string, containing an  inte‐
503       ger, in range 1 to 16,777,215
504              Configures  the datapath tunnel key for the logical switch. Usu‐
505              ally this is not needed because ovn-northd will assign an unique
506              key  for  each datapath by itself. However, if it is configured,
507              ovn-northd honors the configured value. The typical use case  is
508              for  interconnection:  the tunnel keys for transit switches need
509              to be unique globally, so they  are  maintained  in  the  global
510              OVN_IC_Southbound  database,  and  ovn-ic simply syncs the value
511              from OVN_IC_Southbound through this config.
512
513     Common Columns:
514
515       external_ids: map of string-string pairs
516              See External IDs at the beginning of this document.
517

Logical_Switch_Port TABLE

519       A port within an L2 logical switch.
520
521   Summary:
522       Core Features:
523         name                        string (must be unique within table)
524         type                        string
525       Options:
526         options                     map of string-string pairs
527         Options for router ports:
528            options : router-port    optional string
529            options : nat-addresses  optional string
530         Options for localnet ports:
531            options : network_name   optional string
532         Options for l2gateway ports:
533            options : network_name   optional string
534            options : l2gateway-chassis
535                                     optional string
536         Options for vtep ports:
537            options : vtep-physical-switch
538                                     optional string
539            options : vtep-logical-switch
540                                     optional string
541         VMI (or VIF) Options:
542            options : requested-chassis
543                                     optional string
544            options : qos_max_rate   optional string
545            options : qos_burst      optional string
546         Virtual port Options:
547            options : virtual-ip     optional string
548            options : virtual-parents
549                                     optional string
550         IP Multicast Snooping Options:
551            options : mcast_flood    optional string, either true or false
552            options : mcast_flood_reports
553                                     optional string, either true or false
554       Containers:
555         parent_name                 optional string
556         tag_request                 optional integer, in range 0 to 4,095
557         tag                         optional integer, in range 1 to 4,095
558       Port State:
559         up                          optional boolean
560         enabled                     optional boolean
561       Addressing:
562         addresses                   set of strings
563         dynamic_addresses           optional string
564         port_security               set of strings
565       DHCP:
566         dhcpv4_options              optional weak reference to DHCP_Options
567         dhcpv6_options              optional weak reference to DHCP_Options
568       ha_chassis_group              optional HA_Chassis_Group
569       Naming:
570         external_ids : neutron:port_name
571                                     optional string
572       Tunnel Key:
573         options : requested-tnl-key
574                                     optional string, containing  an  integer,
575                                     in range 1 to 65,535
576       Common Columns:
577         external_ids                map of string-string pairs
578
579   Details:
580     Core Features:
581
582       name: string (must be unique within table)
583              The logical port name.
584
585              For  entities (VMs or containers) that are spawned in the hyper‐
586              visor, the name used here must match those used  in  the  exter‐
587              nal_ids:iface-id in the Open_vSwitch database’s Interface table,
588              because hypervisors use external_ids:iface-id as a lookup key to
589              identify the network interface of that entity.
590
591              For containers that share a VIF within a VM, the name can be any
592              unique identifier. See Containers, below, for more information.
593
594       type: string
595              Specify a type for this logical port. Logical ports can be  used
596              to model other types of connectivity into an OVN logical switch.
597              The following types are defined:
598
599              (empty string)
600                     A VM (or VIF) interface.
601
602              router A  connection  to  a  logical  router.   The   value   of
603                     options:router-port  specifies  the  name  of  the  Logi‐
604                     cal_Router_Port to which this logical switch port is con‐
605                     nected.
606
607              localnet
608                     A  connection  to  a locally accessible network from each
609                     ovn-controller instance. A logical switch can only have a
610                     single  localnet  port  attached.  This  is used to model
611                     direct connectivity to an existing network.
612
613              localport
614                     A connection to a local VIF. Traffic that  arrives  on  a
615                     localport  is  never  forwarded  over a tunnel to another
616                     chassis. These ports are present  on  every  chassis  and
617                     have  the  same  address  in all of them. This is used to
618                     model connectivity to local services that  run  on  every
619                     hypervisor.
620
621              l2gateway
622                     A connection to a physical network.
623
624              vtep   A port to a logical switch on a VTEP gateway.
625
626              external
627                     Represents  a logical port which is external and not hav‐
628                     ing an OVS port in the integration bridge. OVN will never
629                     receive any traffic from this port or send any traffic to
630                     this  port.  OVN  can  support   native   services   like
631                     DHCPv4/DHCPv6/DNS  for  this port. If ha_chassis_group is
632                     defined, ovn-controller running in the master chassis  of
633                     the HA chassis group will bind this port to provide these
634                     native services. It is expected that this port belong  to
635                     a bridged logical switch (with a localnet port).
636
637                     It  is  recommended  to use the same HA chassis group for
638                     all the external ports of a  logical  switch.  Otherwise,
639                     the physical switch might see MAC flap issue when differ‐
640                     ent chassis provide the native services. For example when
641                     supporting native DHCPv4 service, DHCPv4 server mac (con‐
642                     figured   in   options:server_mac   column    in    table
643                     DHCP_Options)  originating from different ports can cause
644                     MAC flap issue. The MAC of the logical router  IP(s)  can
645                     also flap if the same HA chassis group is not set for all
646                     the external ports of a logical switch.
647
648                     Below are some of the use cases where external ports  can
649                     be used.
650
651                     ·      VMs  connected to SR-IOV nics - Traffic from these
652                            VMs by passes the kernel stack and local  ovn-con‐
653                            troller  do  not bind these ports and cannot serve
654                            the native services.
655
656                     ·      When CMS supports provisioning baremetal servers.
657
658              virtual
659                     Represents a logical port which does not have an OVS port
660                     in the integration bridge and has a virtual ip configured
661                     in the options:virtual-ip column.  This  virtual  ip  can
662                     move  around  between the logical ports configured in the
663                     options:virtual-parents column.
664
665                     One of the use case where virtual ports can be used is.
666
667                     ·      The virtual ip represents a load balancer vip  and
668                            the  virtual parents provide load balancer service
669                            in an active-standby setup with the active virtual
670                            parent owning the virtual ip.
671
672              remote A remote port is to model a port that resides remotely on
673                     another OVN, which is on the other side of a transit log‐
674                     ical  switch  for OVN interconnection. This type of ports
675                     are created by ovn-ic instead of by CMS.  Any  change  to
676                     the port will be automatically overwritten by ovn-ic.
677
678     Options:
679
680       options: map of string-string pairs
681              This  column provides key/value settings specific to the logical
682              port type. The type-specific options are described  individually
683              below.
684
685     Options for router ports:
686
687       These options apply when type is router.
688
689       options : router-port: optional string
690              Required. The name of the Logical_Router_Port to which this log‐
691              ical switch port is connected.
692
693       options : nat-addresses: optional string
694              This is used to send  gratuitous  ARPs  for  SNAT  and  DNAT  IP
695              addresses  via  the  localnet  port that is attached to the same
696              logical switch as this type router port. This option  is  speci‐
697              fied  on  a  logical  switch port that is connected to a gateway
698              router, or a logical switch port that is connected to a distrib‐
699              uted gateway port on a logical router.
700
701              This must take one of the following forms:
702
703              router Gratuitous ARPs will be sent for all SNAT and DNAT exter‐
704                     nal IP addresses and for all load balancer  IP  addresses
705                     defined  on  the  options:router-port’s  logical  router,
706                     using the options:router-port’s MAC address.
707
708                     This form of options:nat-addresses is valid  for  logical
709                     switch  ports  where options:router-port is the name of a
710                     port on a gateway router, or the name  of  a  distributed
711                     gateway port.
712
713                     Supported  only  in  OVN  2.8 and later. Earlier versions
714                     required NAT addresses to be manually synchronized.
715
716              Ethernet address followed by one or more IPv4 addresses
717                     Example:  80:fa:5b:06:72:b7  158.36.44.22   158.36.44.24.
718                     This would result in generation of gratuitous ARPs for IP
719                     addresses  158.36.44.22  and  158.36.44.24  with  a   MAC
720                     address of 80:fa:5b:06:72:b7.
721
722                     This form of options:nat-addresses is only valid for log‐
723                     ical switch ports where options:router-port is  the  name
724                     of a port on a gateway router.
725
726     Options for localnet ports:
727
728       These options apply when type is localnet.
729
730       options : network_name: optional string
731              Required.  The name of the network to which the localnet port is
732              connected. Each hypervisor, via ovn-controller, uses  its  local
733              configuration  to  determine  exactly  how  to  connect  to this
734              locally accessible network.
735
736     Options for l2gateway ports:
737
738       These options apply when type is l2gateway.
739
740       options : network_name: optional string
741              Required. The name of the network to which the l2gateway port is
742              connected.  The  L2  gateway, via ovn-controller, uses its local
743              configuration to determine exactly how to connect to  this  net‐
744              work.
745
746       options : l2gateway-chassis: optional string
747              Required. The chassis on which the l2gateway logical port should
748              be bound to. ovn-controller running on the defined chassis  will
749              connect this logical port to the physical network.
750
751     Options for vtep ports:
752
753       These options apply when type is vtep.
754
755       options : vtep-physical-switch: optional string
756              Required. The name of the VTEP gateway.
757
758       options : vtep-logical-switch: optional string
759              Required. A logical switch name connected by the VTEP gateway.
760
761     VMI (or VIF) Options:
762
763       These options apply to logical ports with type having (empty string)
764
765       options : requested-chassis: optional string
766              If set, identifies a specific chassis (by name or hostname) that
767              is allowed to bind this port. Using  this  option  will  prevent
768              thrashing  between two chassis trying to bind the same port dur‐
769              ing a live migration. It can also prevent similar thrashing  due
770              to  a  mis-configuration,  if  a port is accidentally created on
771              more than one chassis.
772
773       options : qos_max_rate: optional string
774              If set, indicates the maximum  rate  for  data  sent  from  this
775              interface,  in  bit/s.  The  traffic will be shaped according to
776              this limit.
777
778       options : qos_burst: optional string
779              If set, indicates the maximum burst size for data sent from this
780              interface, in bits.
781
782     Virtual port Options:
783
784       These options apply when type is virtual.
785
786       options : virtual-ip: optional string
787              This option represents the virtual IPv4 address.
788
789       options : virtual-parents: optional string
790              This options represents a set of logical port names (with in the
791              same logical switch) which can own the virtual ip configured  in
792              the options:virtual-ip. All these virtual parents should add the
793              virtual ip in the port_security if port security  addressed  are
794              enabled.
795
796     IP Multicast Snooping Options:
797
798       These options apply when the port is part of a logical switch which has
799       other_config :mcast_snoop set to true.
800
801       options : mcast_flood: optional string, either true or false
802              If set to true, multicast packets (except reports) are  uncondi‐
803              tionally forwarded to the specific port.
804
805       options : mcast_flood_reports: optional string, either true or false
806              If  set to true, multicast reports are unconditionally forwarded
807              to the specific port.
808
809     Containers:
810
811       When a large number of containers are nested within a VM, it may be too
812       expensive to dedicate a VIF to each container. OVN can use VLAN tags to
813       support such cases. Each container is  assigned  a  VLAN  ID  and  each
814       packet that passes between the hypervisor and the VM is tagged with the
815       appropriate ID for the container. Such VLAN IDs never appear on a phys‐
816       ical wire, even inside a tunnel, so they need not be unique except rel‐
817       ative to a single VM on a hypervisor.
818
819       These columns are used for VIFs that represent nested containers  using
820       shared  VIFs. For VMs and for containers that have dedicated VIFs, they
821       are empty.
822
823       parent_name: optional string
824              The VM interface through which the nested  container  sends  its
825              network  traffic. This must match the name column for some other
826              Logical_Switch_Port.
827
828       tag_request: optional integer, in range 0 to 4,095
829              The VLAN tag in the  network  traffic  associated  with  a  con‐
830              tainer’s network interface. The client can request ovn-northd to
831              allocate a tag that is unique within the  scope  of  a  specific
832              parent  (specified  in  parent_name)  by setting a value of 0 in
833              this column. The allocated value is written by ovn-northd in the
834              tag  column.  (Note  that  these  tags are allocated and managed
835              locally in ovn-northd, so they cannot be  reconstructed  in  the
836              event  that the database is lost.) The client can also request a
837              specific non-zero tag and ovn-northd will honor it and copy that
838              value to the tag column.
839
840              When  type  is  set to localnet or l2gateway, this can be set to
841              indicate that the port represents a  connection  to  a  specific
842              VLAN  on  a  locally  accessible network. The VLAN ID is used to
843              match incoming traffic and is also added to outgoing traffic.
844
845       tag: optional integer, in range 1 to 4,095
846              The VLAN tag allocated by ovn-northd based on  the  contents  of
847              the tag_request column.
848
849     Port State:
850
851       up: optional boolean
852              This  column  is populated by ovn-northd, rather than by the CMS
853              plugin as is most of this database. When a logical port is bound
854              to  a  physical  location in the OVN Southbound database Binding
855              table, ovn-northd sets this column to true; otherwise, or if the
856              port  becomes unbound later, it sets it to false. If this column
857              is empty, the port is not considered up. This allows the CMS  to
858              wait  for  a  VM’s  (or container’s) networking to become active
859              before it allows the VM (or container) to start.
860
861              Logical ports of router type are an exception to this rule. They
862              are  considered  to  be always up, that is this column is always
863              set to true.
864
865       enabled: optional boolean
866              This column is used to administratively set port state. If  this
867              column  is empty or is set to true, the port is enabled. If this
868              column is set to false, the port is disabled.  A  disabled  port
869              has all ingress and egress traffic dropped.
870
871     Addressing:
872
873       addresses: set of strings
874              Addresses owned by the logical port.
875
876              Each element in the set must take one of the following forms:
877
878              Ethernet address followed by zero or more IPv4 or IPv6 addresses
879              (or both)
880                     An Ethernet address defined is owned by the logical port.
881                     Like  a  physical Ethernet NIC, a logical port ordinarily
882                     has a single fixed Ethernet address.
883
884                     When a OVN logical switch processes  a  unicast  Ethernet
885                     frame  whose  destination  MAC  address  is  in a logical
886                     port’s addresses column, it  delivers  it  only  to  that
887                     port,  as  if a MAC learning process had learned that MAC
888                     address on the port.
889
890                     If IPv4 or IPv6 address(es) (or  both)  are  defined,  it
891                     indicates  that  the  logical  port  owns  the  given  IP
892                     addresses.
893
894                     If IPv4 address(es) are defined, the OVN  logical  switch
895                     uses  this  information  to  synthesize  responses to ARP
896                     requests without traversing the physical network. The OVN
897                     logical  router  connected to the logical switch, if any,
898                     uses this information to avoid issuing ARP  requests  for
899                     logical switch ports.
900
901                     Note  that  the  order  here  is  important. The Ethernet
902                     address must be  listed  before  the  IP  address(es)  if
903                     defined.
904
905                     Examples:
906
907                     80:fa:5b:06:72:b7
908                            This  indicates  that  the  logical  port owns the
909                            above mac address.
910
911                     80:fa:5b:06:72:b7 10.0.0.4 20.0.0.4
912                            This indicates that the logical port owns the  mac
913                            address and two IPv4 addresses.
914
915                     80:fa:5b:06:72:b7 fdaa:15f2:72cf:0:f816:3eff:fe20:3f41
916                            This  indicates that the logical port owns the mac
917                            address and 1 IPv6 address.
918
919                     80:fa:5b:06:72:b7                                10.0.0.4
920                     fdaa:15f2:72cf:0:f816:3eff:fe20:3f41
921                            This  indicates that the logical port owns the mac
922                            address and 1 IPv4 address and 1 IPv6 address.
923
924              unknown
925                     This indicates that the logical port has an  unknown  set
926                     of  Ethernet  addresses.  When an OVN logical switch pro‐
927                     cesses a unicast Ethernet  frame  whose  destination  MAC
928                     address is not in any logical port’s addresses column, it
929                     delivers it to the port (or ports) whose  addresses  col‐
930                     umns include unknown.
931
932              dynamic
933                     Use  this  keyword to make ovn-northd generate a globally
934                     unique MAC address and choose an unused IPv4 address with
935                     the  logical  port’s  subnet and store them in the port’s
936                     dynamic_addresses column. ovn-northd will use the  subnet
937                     specified  in  other_config:subnet  in  the  port’s Logi‐
938                     cal_Switch.
939
940              Ethernet address followed by keyword "dynamic"
941                     The keyword dynamic after the MAC address indicates  that
942                     ovn-northd  should choose an unused IPv4 address from the
943                     logical port’s subnet and store it with the specified MAC
944                     in  the  port’s dynamic_addresses column. ovn-northd will
945                     use the subnet specified in  other_config:subnet  in  the
946                     port’s Logical_Switch table.
947
948                     Examples:
949
950                     80:fa:5b:06:72:b7 dynamic
951                            This  indicates  that  the  logical  port owns the
952                            specified MAC address and ovn-northd should  allo‐
953                            cate  an  unused IPv4 address for the logical port
954                            from the corresponding logical switch subnet.
955
956              Keyword "dynamic" followed by an IPv4/IPv6 address
957                     The keyword dynamic  followed  by  an  IPv4/IPv6  address
958                     indicates  that ovn-northd should choose a dynamic ether‐
959                     net address and use the  provided  IPv4/IPv6  address  as
960                     network address.
961
962                     Examples:
963
964                     dynamic 192.168.0.1 2001::1
965                            This  indicates  that ovn-northd should allocate a
966                            unique MAC address and use the provided  IPv4/IPv6
967                            address for the related port
968
969              router Accepted  only  when  type is router. This indicates that
970                     the Ethernet, IPv4, and IPv6 addresses for  this  logical
971                     switch port should be obtained from the connected logical
972                     router port, as specified by router-port in options.
973
974                     The resulting addresses are used to populate the  logical
975                     switch’s  destination  lookup,  and  also for the logical
976                     switch to generate ARP and ND replies.
977
978                     If the connected logical router port  has  a  distributed
979                     gateway  port  specified and the logical router has rules
980                     specified in nat with external_mac, then those  addresses
981                     are  also  used  to  populate  the  switch’s  destination
982                     lookup.
983
984                     Supported only in OVN 2.7  and  later.  Earlier  versions
985                     required router addresses to be manually synchronized.
986
987       dynamic_addresses: optional string
988              Addresses assigned to the logical port by ovn-northd, if dynamic
989              is specified in addresses. Addresses will be of the same  format
990              as  those  that populate the addresses column. Note that dynami‐
991              cally assigned addresses are constructed and managed locally  in
992              ovn-northd,  so  they  cannot be reconstructed in the event that
993              the database is lost.
994
995       port_security: set of strings
996              This column controls the addresses from which the host  attached
997              to  the  logical  port (``the host’’) is allowed to send packets
998              and to which it is allowed to receive packets. If this column is
999              empty, all addresses are permitted.
1000
1001              Each  element  in  the set must begin with one Ethernet address.
1002              This would restrict the host to sending packets from and receiv‐
1003              ing  packets  to  the  ethernet addresses defined in the logical
1004              port’s port_security column. It also restricts the inner  source
1005              MAC  addresses  that  the host may send in ARP and IPv6 Neighbor
1006              Discovery packets. The host is always allowed to receive packets
1007              to multicast and broadcast Ethernet addresses.
1008
1009              Each  element  in  the  set may additionally contain one or more
1010              IPv4 or IPv6 addresses (or both), with optional masks. If a mask
1011              is  given,  it  must be a CIDR mask. In addition to the restric‐
1012              tions described for Ethernet addresses above,  such  an  element
1013              restricts  the  IPv4  or  IPv6 addresses from which the host may
1014              send and to which  it  may  receive  packets  to  the  specified
1015              addresses. A masked address, if the host part is zero, indicates
1016              that the host is allowed to use any address in  the  subnet;  if
1017              the  host part is nonzero, the mask simply indicates the size of
1018              the subnet. In addition:
1019
1020              ·      If any IPv4 address is given, the host is also allowed to
1021                     receive  packets  to  the  IPv4  local  broadcast address
1022                     255.255.255.255   and   to   IPv4   multicast   addresses
1023                     (224.0.0.0/4).  If  an IPv4 address with a mask is given,
1024                     the host is also allowed to receive packets to the broad‐
1025                     cast address in that specified subnet.
1026
1027                     If  any  IPv4  address is given, the host is additionally
1028                     restricted to sending  ARP  packets  with  the  specified
1029                     source IPv4 address. (RARP is not restricted.)
1030
1031              ·      If any IPv6 address is given, the host is also allowed to
1032                     receive packets to IPv6 multicast addresses (ff00::/8).
1033
1034                     If any IPv6 address is given, the  host  is  additionally
1035                     restricted  to  sending IPv6 Neighbor Discovery Solicita‐
1036                     tion or Advertisement packets with the  specified  source
1037                     address or, for solicitations, the unspecified address.
1038
1039              If  an  element includes an IPv4 address, but no IPv6 addresses,
1040              then IPv6 traffic is not allowed. If an element includes an IPv6
1041              address,  but  no IPv4 address, then IPv4 and ARP traffic is not
1042              allowed.
1043
1044              This column uses the same lexical syntax as the match column  in
1045              the OVN Southbound database’s Pipeline table. Multiple addresses
1046              within an element may be space or comma separated.
1047
1048              This column is provided as a  convenience  to  cloud  management
1049              systems,  but  all  of  the  features  that it implements can be
1050              implemented as ACLs using the ACL table.
1051
1052              Examples:
1053
1054              80:fa:5b:06:72:b7
1055                     The host may send traffic from and receive traffic to the
1056                     specified MAC address, and to receive traffic to Ethernet
1057                     multicast and broadcast addresses, but not otherwise. The
1058                     host  may not send ARP or IPv6 Neighbor Discovery packets
1059                     with inner source Ethernet addresses other than  the  one
1060                     specified.
1061
1062              80:fa:5b:06:72:b7 192.168.1.10/24
1063                     This  adds further restrictions to the first example. The
1064                     host may send IPv4 packets from or receive  IPv4  packets
1065                     to  only  192.168.1.10,  except  that it may also receive
1066                     IPv4 packets to 192.168.1.255 (based on the subnet mask),
1067                     255.255.255.255, and any address in 224.0.0.0/4. The host
1068                     may not send ARPs with a source  Ethernet  address  other
1069                     than  80:fa:5b:06:72:b7 or source IPv4 address other than
1070                     192.168.1.10. The host may not send or receive  any  IPv6
1071                     (including IPv6 Neighbor Discovery) traffic.
1072
1073              "80:fa:5b:12:42:ba", "80:fa:5b:06:72:b7 192.168.1.10/24"
1074                     The host may send traffic from and receive traffic to the
1075                     specified MAC addresses, and to receive traffic to Ether‐
1076                     net multicast and broadcast addresses, but not otherwise.
1077                     With MAC 80:fa:5b:12:42:ba, the  host  may  send  traffic
1078                     from  and  receive  traffic  to  any L3 address. With MAC
1079                     80:fa:5b:06:72:b7, the host may send IPv4 packets from or
1080                     receive IPv4 packets to only 192.168.1.10, except that it
1081                     may also receive IPv4 packets to 192.168.1.255 (based  on
1082                     the  subnet  mask),  255.255.255.255,  and any address in
1083                     224.0.0.0/4. The host may not send or  receive  any  IPv6
1084                     (including IPv6 Neighbor Discovery) traffic.
1085
1086     DHCP:
1087
1088       dhcpv4_options: optional weak reference to DHCP_Options
1089              This  column  defines  the  DHCPv4 Options to be included by the
1090              ovn-controller when it replies to the  DHCPv4  requests.  Please
1091              see the DHCP_Options table.
1092
1093       dhcpv6_options: optional weak reference to DHCP_Options
1094              This  column  defines  the  DHCPv6 Options to be included by the
1095              ovn-controller when it replies to the  DHCPv6  requests.  Please
1096              see the DHCP_Options table.
1097
1098       ha_chassis_group: optional HA_Chassis_Group
1099              References  a  row  in  the  OVN  Northbound database’s HA_Chas‐
1100              sis_Group table. It indicates the HA chassis group to use if the
1101              type is set to external. If type is not external, this column is
1102              ignored.
1103
1104     Naming:
1105
1106       external_ids : neutron:port_name: optional string
1107              This column gives an optional human-friendly name for the  port.
1108              This  name  has no special meaning or purpose other than to pro‐
1109              vide convenience for human interaction with the northbound data‐
1110              base.
1111
1112              Neutron  copies  this  from its own port object’s name. (Neutron
1113              ports do are not assigned human-friendly names by default, so it
1114              will often be empty.)
1115
1116     Tunnel Key:
1117
1118       options : requested-tnl-key: optional string, containing an integer, in
1119       range 1 to 65,535
1120              Configures the port binding tunnel key  for  the  port.  Usually
1121              this  is not needed because ovn-northd will assign an unique key
1122              for  each  port  by  itself.  However,  if  it  is   configured,
1123              ovn-northd  honors the configured value. The typical use case is
1124              for interconnection:  the  tunnel  keys  for  ports  on  transit
1125              switches  need  to be unique globally, so they are maintained in
1126              the global OVN_IC_Southbound database, and ovn-ic  simply  syncs
1127              the value from OVN_IC_Southbound through this config.
1128
1129     Common Columns:
1130
1131       external_ids: map of string-string pairs
1132              See External IDs at the beginning of this document.
1133
1134              The  ovn-northd  program  copies all these pairs into the exter‐
1135              nal_ids column of the Port_Binding table in OVN_Southbound data‐
1136              base.
1137

Forwarding_Group TABLE

1139       Each row represents one forwarding group.
1140
1141   Summary:
1142       name                          string
1143       vip                           string
1144       vmac                          string
1145       liveness                      boolean
1146       child_port                    set of 1 or more strings
1147       Common Columns:
1148         external_ids                map of string-string pairs
1149
1150   Details:
1151       name: string
1152              A  name for the forwarding group. This name has no special mean‐
1153              ing or purpose other  than  to  provide  convenience  for  human
1154              interaction with the ovn-nb database.
1155
1156       vip: string
1157              The virtual IP address assigned to the forwarding group. It will
1158              respond with vmac when an ARP request is sent for vip.
1159
1160       vmac: string
1161              The virtual MAC address assigned to the forwarding group.
1162
1163       liveness: boolean
1164              If set to true, liveness is enabled for child ports otherwise it
1165              is disabled.
1166
1167       child_port: set of 1 or more strings
1168              List of child ports in the forwarding group.
1169
1170     Common Columns:
1171
1172       external_ids: map of string-string pairs
1173              See External IDs at the beginning of this document.
1174

Address_Set TABLE

1176       Each  row in this table represents a named set of addresses. An address
1177       set may contain Ethernet, IPv4, or IPv6 addresses with optional bitwise
1178       or  CIDR  masks.  Address set may ultimately be used in ACLs to compare
1179       against fields such as ip4.src or ip6.src. A single  address  set  must
1180       contain  addresses of the same type. As an example, the following would
1181       create an address set with three IP addresses:
1182
1183             ovn-nbctl create Address_Set name=set1 addresses=’10.0.0.1 10.0.0.2 10.0.0.3’
1184
1185
1186       Address sets may be used in the match column of the ACL table. For syn‐
1187       tax  information,  see  the details of the expression language used for
1188       the match column in the Logical_Flow table of the OVN_Southbound  data‐
1189       base.
1190
1191   Summary:
1192       name                          string (must be unique within table)
1193       addresses                     set of strings
1194       Common Columns:
1195         external_ids                map of string-string pairs
1196
1197   Details:
1198       name: string (must be unique within table)
1199              A  name  for  the  address  set.  Names are ASCII and must match
1200              [a-zA-Z_.][a-zA-Z_.0-9]*.
1201
1202       addresses: set of strings
1203              The set of addresses in string form.
1204
1205     Common Columns:
1206
1207       external_ids: map of string-string pairs
1208              See External IDs at the beginning of this document.
1209

Port_Group TABLE

1211       Each row in this table represents  a  named  group  of  logical  switch
1212       ports.
1213
1214       Port  groups may be used in the match column of the ACL table. For syn‐
1215       tax information, see the details of the expression  language  used  for
1216       the  match column in the Logical_Flow table of the OVN_Southbound data‐
1217       base.
1218
1219       For each port group, there  are  two  address  sets  generated  to  the
1220       Address_Set  table  of  the  OVN_Southbound database, containing the IP
1221       addresses of the group of ports, one for IPv4, and the other for  IPv6,
1222       with  name  being  the name of the Port_Group followed by a suffix _ip4
1223       for IPv4 and _ip6 for IPv6. The generated address sets can be  used  in
1224       the same way as regular address sets in the match column of the ACL ta‐
1225       ble. For syntax information, see the details of the expression language
1226       used  for  the match column in the Logical_Flow table of the OVN_South‐
1227       bound database.
1228
1229   Summary:
1230       name                          string (must be unique within table)
1231       ports                         set   of   weak   reference   to    Logi‐
1232                                     cal_Switch_Ports
1233       acls                          set of ACLs
1234       Common Columns:
1235         external_ids                map of string-string pairs
1236
1237   Details:
1238       name: string (must be unique within table)
1239              A  name  for  the  port  group.  Names  are ASCII and must match
1240              [a-zA-Z_.][a-zA-Z_.0-9]*.
1241
1242       ports: set of weak reference to Logical_Switch_Ports
1243              The logical switch ports belonging to the group in uuids.
1244
1245       acls: set of ACLs
1246              Access control rules that apply to the port group.  Applying  an
1247              ACL  to  a port group has the same effect as applying the ACL to
1248              all logical lswitches that the ports of the  port  group  belong
1249              to.
1250
1251     Common Columns:
1252
1253       external_ids: map of string-string pairs
1254              See External IDs at the beginning of this document.
1255

Load_Balancer TABLE

1257       Each row represents one load balancer.
1258
1259   Summary:
1260       name                          string
1261       vips                          map of string-string pairs
1262       protocol                      optional string, one of sctp, tcp, or udp
1263       health_check                  set of Load_Balancer_Health_Checks
1264       ip_port_mappings              map of string-string pairs
1265       Common Columns:
1266         external_ids                map of string-string pairs
1267
1268   Details:
1269       name: string
1270              A  name  for the load balancer. This name has no special meaning
1271              or purpose other than to provide convenience for human  interac‐
1272              tion with the ovn-nb database.
1273
1274       vips: map of string-string pairs
1275              A  map of virtual IP addresses (and an optional port number with
1276              : as a separator) associated with this load balancer  and  their
1277              corresponding  endpoint  IP addresses (and optional port numbers
1278              with : as separators) separated by commas. If the destination IP
1279              address  (and  port number) of a packet leaving a container or a
1280              VM matches the virtual IP address  (and  port  number)  provided
1281              here  as a key, then OVN will statefully replace the destination
1282              IP address by one of the provided IP address (and  port  number)
1283              in  this  map  as a value. IPv4 and IPv6 addresses are supported
1284              for load balancing; however a VIP of one address family may  not
1285              be  mapped to a destination IP address of a different family. If
1286              specifying an IPv6 address with a port, the address portion must
1287              be   enclosed   in   square  brackets.  Examples  for  keys  are
1288              "192.168.1.4"  and  "[fd0f::1]:8800".  Examples  for  value  are
1289              "10.0.0.1, 10.0.0.2" and "20.0.0.10:8800, 20.0.0.11:8800".
1290
1291              When  the  Load_Balancer is added to the logical_switch, the VIP
1292              has to be in a different subnet than the one used for the  logi‐
1293              cal_switch.  Since VIP is in a different subnet, you should con‐
1294              nect your logical switch to either a OVN  logical  router  or  a
1295              real  router  (this  is because the client can now send a packet
1296              with VIP as the destination IP address and router’s mac  address
1297              as the destination MAC address).
1298
1299       protocol: optional string, one of sctp, tcp, or udp
1300              Valid  protocols  are  tcp,  udp, or sctp. This column is useful
1301              when a port number is provided as part of the  vips  column.  If
1302              this  column  is  empty and a port number is provided as part of
1303              vips column, OVN assumes the protocol to be tcp.
1304
1305       health_check: set of Load_Balancer_Health_Checks
1306              Load balancer health checks associated with this load  balancer.
1307              If  health check is desired for a vip’s endpoints defined in the
1308              vips column, then a row in the table  Load_Balancer_Health_Check
1309              should  be  created  and  referenced  here and L4 port should be
1310              defined for the vip and it’s endpoints. Health checks  are  sup‐
1311              ported only for IPv4 load balancers.
1312
1313       ip_port_mappings: map of string-string pairs
1314              This  column is used if load balancer health checks are enabled.
1315              This keeps a mapping of endpoint IP to the  logical  port  name.
1316              The  source  ip to be used for health checks is also expected to
1317              be defined. The key of the mapping is the endpoint  IP  and  the
1318              value is in the format : port_name:SRC_IP
1319
1320              Eg.       If       there       is       a       VIP       entry:
1321              "10.0.0.10:80=10.0.0.4:8080,20.0.0.4:8080", then the IP to  port
1322              mappings  should be defined as: "10.0.0.4"="sw0-p1:10.0.0.2" and
1323              "20.0.0.4"="sw1-p1:20.0.0.2". 10.0.0.2 and 20.0.0.2 will be used
1324              by  ovn-controller  as  source ip when it sends out health check
1325              packets.
1326
1327     Common Columns:
1328
1329       external_ids: map of string-string pairs
1330              See External IDs at the beginning of this document.
1331

Load_Balancer_Health_Check TABLE

1333       Each row represents one load balancer health check. Health  checks  are
1334       supported for IPv4 load balancers only.
1335
1336   Summary:
1337       vip                           string
1338       Health check options:
1339         options : interval          optional string, containing an integer
1340         options : timeout           optional string, containing an integer
1341         options : success_count     optional string, containing an integer
1342         options : failure_count     optional string, containing an integer
1343       Common Columns:
1344         external_ids                map of string-string pairs
1345
1346   Details:
1347       vip: string
1348              vip whose endpoints should be monitored for health check.
1349
1350     Health check options:
1351
1352       options : interval: optional string, containing an integer
1353              The interval, in seconds, between health checks.
1354
1355       options : timeout: optional string, containing an integer
1356              The time, in seconds, after which a health check times out.
1357
1358       options : success_count: optional string, containing an integer
1359              The number of successful checks after which the endpoint is con‐
1360              sidered online.
1361
1362       options : failure_count: optional string, containing an integer
1363              The number of failure checks after which the endpoint is consid‐
1364              ered offline.
1365
1366     Common Columns:
1367
1368       external_ids: map of string-string pairs
1369              See External IDs at the beginning of this document.
1370

ACL TABLE

1372       Each  row in this table represents one ACL rule for a logical switch or
1373       a port group that points to it through its acls column. The action col‐
1374       umn  for  the  highest-priority matching row in this table determines a
1375       packet’s treatment. If no row matches, packets are allowed by  default.
1376       (Default-deny  treatment  is possible: add a rule with priority 0, 1 as
1377       match, and deny as action.)
1378
1379   Summary:
1380       priority                      integer, in range 0 to 32,767
1381       direction                     string, either from-lport or to-lport
1382       match                         string
1383       action                        string,  one  of  allow-related,   allow,
1384                                     drop, or reject
1385       Logging:
1386         log                         boolean
1387         name                        optional  string,  at  most 63 characters
1388                                     long
1389         severity                    optional string,  one  of  alert,  debug,
1390                                     info, notice, or warning
1391         meter                       optional string
1392       Common Columns:
1393         external_ids                map of string-string pairs
1394
1395   Details:
1396       priority: integer, in range 0 to 32,767
1397              The  ACL rule’s priority. Rules with numerically higher priority
1398              take precedence over those with lower. If two ACL rules with the
1399              same  priority  both  match,  then the one actually applied to a
1400              packet is undefined.
1401
1402              Return traffic from an allow-related flow is always allowed  and
1403              cannot be changed through an ACL.
1404
1405       direction: string, either from-lport or to-lport
1406              Direction of the traffic to which this rule should apply:
1407
1408              ·      from-lport: Used to implement filters on traffic arriving
1409                     from a logical port. These rules are applied to the logi‐
1410                     cal switch’s ingress pipeline.
1411
1412              ·      to-lport:  Used to implement filters on traffic forwarded
1413                     to a logical port. These rules are applied to the logical
1414                     switch’s egress pipeline.
1415
1416       match: string
1417              The  packets  that  the ACL should match, in the same expression
1418              language used for the match column in the OVN  Southbound  data‐
1419              base’s  Logical_Flow  table.  The  outport  logical port is only
1420              available in the to-lport direction (the inport is available  in
1421              both directions).
1422
1423              By  default all traffic is allowed. When writing a more restric‐
1424              tive policy, it is important to remember to allow flows such  as
1425              ARP and IPv6 neighbor discovery packets.
1426
1427              Note  that  you  can  not  create an ACL matching on a port with
1428              type=router or type=localnet.
1429
1430       action: string, one of allow-related, allow, drop, or reject
1431              The action to take when the ACL rule matches:
1432
1433              ·      allow: Forward the packet.
1434
1435              ·      allow-related: Forward the  packet  and  related  traffic
1436                     (e.g. inbound replies to an outbound connection).
1437
1438              ·      drop: Silently drop the packet.
1439
1440              ·      reject:  Drop  the packet, replying with a RST for TCP or
1441                     ICMPv4/ICMPv6    unreachable    message     for     other
1442                     IPv4/IPv6-based protocols.
1443
1444     Logging:
1445
1446       These  columns  control  whether and how OVN logs packets that match an
1447       ACL.
1448
1449       log: boolean
1450              If set to true, packets that match the ACL will  trigger  a  log
1451              message on the transport node or nodes that perform ACL process‐
1452              ing. Logging may be combined with any action.
1453
1454              If set to false, the remaining columns in  this  group  have  no
1455              significance.
1456
1457       name: optional string, at most 63 characters long
1458              This  name,  if  it  is provided, is included in log records. It
1459              provides the administrator and the cloud management system a way
1460              to associate a log record with a particular ACL.
1461
1462       severity:  optional string, one of alert, debug, info, notice, or warn‐
1463       ing
1464              The severity of the ACL. The severity levels match those of sys‐
1465              log,  in  decreasing  level of severity: alert, warning, notice,
1466              info, or debug. When the column is empty, the default is info.
1467
1468       meter: optional string
1469              The name of a meter to rate-limit log messages for the ACL.  The
1470              string  must  match the name column of a row in the Meter table.
1471              By default, log messages are not rate-limited.
1472
1473     Common Columns:
1474
1475       external_ids: map of string-string pairs
1476              See External IDs at the beginning of this document.
1477

Logical_Router TABLE

1479       Each row represents one L3 logical router.
1480
1481   Summary:
1482       ports                         set of Logical_Router_Ports
1483       static_routes                 set of Logical_Router_Static_Routes
1484       policies                      set of Logical_Router_Policys
1485       enabled                       optional boolean
1486       nat                           set of NATs
1487       load_balancer                 set of weak reference to Load_Balancers
1488       Naming:
1489         name                        string
1490         external_ids : neutron:router_name
1491                                     optional string
1492       Options:
1493         options : chassis           optional string
1494         options : dnat_force_snat_ip
1495                                     optional string
1496         options : lb_force_snat_ip  optional string
1497         options : mcast_relay       optional string, either true or false
1498       Common Columns:
1499         external_ids                map of string-string pairs
1500
1501   Details:
1502       ports: set of Logical_Router_Ports
1503              The router’s ports.
1504
1505       static_routes: set of Logical_Router_Static_Routes
1506              Zero or more static routes for the router.
1507
1508       policies: set of Logical_Router_Policys
1509              Zero or more routing policies for the router.
1510
1511       enabled: optional boolean
1512              This column is used to administratively  set  router  state.  If
1513              this  column  is empty or is set to true, the router is enabled.
1514              If this column is set to false, the router is disabled.  A  dis‐
1515              abled router has all ingress and egress traffic dropped.
1516
1517       nat: set of NATs
1518              One  or  more  NAT  rules for the router. NAT rules only work on
1519              Gateway routers, and on distributed routers with logical gateway
1520              ports.
1521
1522       load_balancer: set of weak reference to Load_Balancers
1523              Load  balance  a  virtual ip address to a set of logical port ip
1524              addresses. Load balancer rules only work on the Gateway routers.
1525
1526     Naming:
1527
1528       These columns provide names for the logical router. From OVN’s perspec‐
1529       tive, these names have no special meaning or purpose other than to pro‐
1530       vide convenience for human interaction with  the  northbound  database.
1531       There  is no requirement for the name to be unique. (For a unique iden‐
1532       tifier for a logical router, use its row UUID.)
1533
1534       (Originally, name was intended to serve the purpose of a human-friendly
1535       name,  but the Neutron integration used it to uniquely identify its own
1536       router object, in the format neutron-uuid. Later  on,  Neutron  started
1537       propagating   the  friendly  name  of  a  router  as  external_ids:neu‐
1538       tron:router_name. Perhaps this can be cleaned up someday.)
1539
1540       name: string
1541              A name for the logical router.
1542
1543       external_ids : neutron:router_name: optional string
1544              Another name for the logical router.
1545
1546     Options:
1547
1548       Additional options for the logical router.
1549
1550       options : chassis: optional string
1551              If set, indicates that the logical router in question is a Gate‐
1552              way  router  (which is centralized) and resides in the set chas‐
1553              sis. The same value is also used by ovn-controller  to  uniquely
1554              identify the chassis in the OVN deployment and comes from exter‐
1555              nal_ids:system-id in  the  Open_vSwitch  table  of  Open_vSwitch
1556              database.
1557
1558              The Gateway router can only be connected to a distributed router
1559              via a switch if SNAT and DNAT are to be configured in the  Gate‐
1560              way router.
1561
1562       options : dnat_force_snat_ip: optional string
1563              If  set,  indicates the IP address to use to force SNAT a packet
1564              that has already been DNATed in the gateway router. When  multi‐
1565              ple  gateway  routers  are  configured, a packet can potentially
1566              enter any of the gateway  router,  get  DNATted  and  eventually
1567              reach the logical switch port. For the return traffic to go back
1568              to the same gateway router (for unDNATing), the packet  needs  a
1569              SNAT  in  the  first  place. This can be achieved by setting the
1570              above option with a gateway specific IP address.
1571
1572       options : lb_force_snat_ip: optional string
1573              If set, indicates the IP address to use to force SNAT  a  packet
1574              that  has already been load-balanced in the gateway router. When
1575              multiple gateway routers are configured,  a  packet  can  poten‐
1576              tially  enter any of the gateway routers, get DNATted as part of
1577              the load- balancing and  eventually  reach  the  logical  switch
1578              port.  For  the  return  traffic  to go back to the same gateway
1579              router (for unDNATing), the packet needs a  SNAT  in  the  first
1580              place.  This  can be achieved by setting the above option with a
1581              gateway specific IP address.
1582
1583       options : mcast_relay: optional string, either true or false
1584              Enables/disables IP multicast  relay  between  logical  switches
1585              connected to the logical router. Default: False.
1586
1587     Common Columns:
1588
1589       external_ids: map of string-string pairs
1590              See External IDs at the beginning of this document.
1591

QoS TABLE

1593       Each  row  in  this  table represents one QoS rule for a logical switch
1594       that points to it through its qos_rules column. Two types  of  QoS  are
1595       supported: DSCP marking and metering. A match with the highest-priority
1596       will have QoS applied to it. If the action column  is  specified,  then
1597       matching  packets will have DSCP marking applied. If the bandwdith col‐
1598       umn is specified, then matching packets  will  have  metering  applied.
1599       action and bandwdith are not exclusive, so both marking and metering by
1600       defined for the same QoS entry. If no row  matches,  packets  will  not
1601       have any QoS applied.
1602
1603   Summary:
1604       priority                      integer, in range 0 to 32,767
1605       direction                     string, either from-lport or to-lport
1606       match                         string
1607       action                        map  of string-integer pairs, key must be
1608                                     dscp, value in range 0 to 63
1609       bandwidth                     map of string-integer pairs,  key  either
1610                                     burst  or  rate,  value  in  range  1  to
1611                                     4,294,967,295
1612       external_ids                  map of string-string pairs
1613
1614   Details:
1615       priority: integer, in range 0 to 32,767
1616              The QoS rule’s priority. Rules with numerically higher  priority
1617              take precedence over those with lower. If two QoS rules with the
1618              same priority both match, then the one  actually  applied  to  a
1619              packet is undefined.
1620
1621       direction: string, either from-lport or to-lport
1622              The  value  of  this  field  is similar to ACL column in the OVN
1623              Northbound database’s ACL table.
1624
1625       match: string
1626              The packets that the QoS rules should match, in the same expres‐
1627              sion  language  used  for the match column in the OVN Southbound
1628              database’s Logical_Flow table. The outport logical port is  only
1629              available  in the to-lport direction (the inport is available in
1630              both directions).
1631
1632       action: map of string-integer pairs, key must be dscp, value in range 0
1633       to 63
1634              When specified, matching flows will have DSCP marking applied.
1635
1636              ·      dscp:  The value of this action should be in the range of
1637                     0 to 63 (inclusive).
1638
1639       bandwidth: map of string-integer pairs, key either burst or rate, value
1640       in range 1 to 4,294,967,295
1641              When  specified,  matching  packets will have bandwidth metering
1642              applied. Traffic over the limit will be dropped.
1643
1644              ·      rate: The value of rate limit in kbps.
1645
1646              ·      burst: The value of burst rate limit in kilobits. This is
1647                     optional and needs to specify the rate.
1648
1649       external_ids: map of string-string pairs
1650              See External IDs at the beginning of this document.
1651

Meter TABLE

1653       Each  row  in this table represents a meter that can be used for QoS or
1654       rate-limiting.
1655
1656   Summary:
1657       name                          string (must be unique within table)
1658       unit                          string, either kbps or pktps
1659       bands                         set of 1 or more Meter_Bands
1660       external_ids                  map of string-string pairs
1661
1662   Details:
1663       name: string (must be unique within table)
1664              A name for this meter.
1665
1666              Names that begin with "__" (two underscores)  are  reserved  for
1667              OVN internal use and should not be added manually.
1668
1669       unit: string, either kbps or pktps
1670              The  unit for rate and burst_rate parameters in the bands entry.
1671              kbps specifies kilobits per second, and pktps specifies  packets
1672              per second.
1673
1674       bands: set of 1 or more Meter_Bands
1675              The bands associated with this meter. Each band specifies a rate
1676              above which the band is to take the action action.  If  multiple
1677              bands’  rates  are exceeded, then the band with the highest rate
1678              among the exceeded bands is selected.
1679
1680       external_ids: map of string-string pairs
1681              See External IDs at the beginning of this document.
1682

Meter_Band TABLE

1684       Each row in this table represents a meter band which specifies the rate
1685       above  which  the  configured action should be applied. These bands are
1686       referenced by the bands column in the Meter table.
1687
1688   Summary:
1689       action                        string, must be drop
1690       rate                          integer, in range 1 to 4,294,967,295
1691       burst_size                    integer, in range 0 to 4,294,967,295
1692       external_ids                  map of string-string pairs
1693
1694   Details:
1695       action: string, must be drop
1696              The action to execute when this band matches. The only supported
1697              action is drop.
1698
1699       rate: integer, in range 1 to 4,294,967,295
1700              The rate limit for this band, in kilobits per second or bits per
1701              second, depending on whether the parent Meter entry’s unit  col‐
1702              umn specified kbps or pktps.
1703
1704       burst_size: integer, in range 0 to 4,294,967,295
1705              The  maximum  burst allowed for the band in kilobits or packets,
1706              depending on whether kbps or pktps was selected  in  the  parent
1707              Meter  entry’s  unit  column. If the size is zero, the switch is
1708              free to select some reasonable value depending on its configura‐
1709              tion.
1710
1711       external_ids: map of string-string pairs
1712              See External IDs at the beginning of this document.
1713

Logical_Router_Port TABLE

1715       A port within an L3 logical router.
1716
1717       Exactly  one  Logical_Router  row must reference a given logical router
1718       port.
1719
1720   Summary:
1721       name                          string (must be unique within table)
1722       networks                      set of 1 or more strings
1723       mac                           string
1724       enabled                       optional boolean
1725       Distributed Gateway Ports:
1726         ha_chassis_group            optional HA_Chassis_Group
1727         gateway_chassis             set of Gateway_Chassiss
1728         options : redirect-chassis  optional string
1729         Options for Physical VLAN MTU Issues:
1730            options : reside-on-redirect-chassis
1731                                     optional string, either true or false
1732            options : redirect-type  optional string, either bridged or  over‐
1733                                     lay
1734       ipv6_prefix                   set of strings
1735       ipv6_ra_configs:
1736         ipv6_ra_configs : address_mode
1737                                     optional string
1738         ipv6_ra_configs : router_preference
1739                                     optional string
1740         ipv6_ra_configs : route_info
1741                                     optional string
1742         ipv6_ra_configs : mtu       optional string
1743         ipv6_ra_configs : send_periodic
1744                                     optional string
1745         ipv6_ra_configs : max_interval
1746                                     optional string
1747         ipv6_ra_configs : min_interval
1748                                     optional string
1749         ipv6_ra_configs : rdnss     optional string
1750         ipv6_ra_configs : dnssl     optional string
1751       Options:
1752         options : mcast_flood       optional string, either true or false
1753         options : requested-tnl-key
1754                                     optional  string,  containing an integer,
1755                                     in range 1 to 65,535
1756         options : prefix_delegation
1757                                     optional string, either true or false
1758         options : prefix            optional string, either true or false
1759       Attachment:
1760         peer                        optional string
1761       Common Columns:
1762         external_ids                map of string-string pairs
1763
1764   Details:
1765       name: string (must be unique within table)
1766              A name for the logical router port.
1767
1768              In addition to provide convenience for  human  interaction  with
1769              the northbound database, this column is used as reference by its
1770              patch port in Logical_Switch_Port or another logical router port
1771              in Logical_Router_Port.
1772
1773       networks: set of 1 or more strings
1774              The  IP  addresses  and  netmasks  of  the  router. For example,
1775              192.168.0.1/24  indicates  that  the  router’s  IP  address   is
1776              192.168.0.1  and  that packets destined to 192.168.0.x should be
1777              routed to this port.
1778
1779              A logical router port always  adds  a  link-local  IPv6  address
1780              (fe80::/64)  automatically  generated  from  the interface’s MAC
1781              address using the modified EUI-64 format.
1782
1783       mac: string
1784              The Ethernet address that belongs to this router port.
1785
1786       enabled: optional boolean
1787              This column is used to administratively set port state. If  this
1788              column  is empty or is set to true, the port is enabled. If this
1789              column is set to false, the port is disabled.  A  disabled  port
1790              has all ingress and egress traffic dropped.
1791
1792     Distributed Gateway Ports:
1793
1794       Gateways,  as  documented under Gateways in the OVN architecture guide,
1795       provide limited connectivity  between  logical  networks  and  physical
1796       ones.  OVN  support multiple kinds of gateways. The Logical_Router_Port
1797       table can be used three different ways to configure distributed gateway
1798       ports, which are one kind of gateway. These different forms of configu‐
1799       ration exist for historical reasons. All of them produce the same  kind
1800       of OVN southbound records and the same behavior in practice.
1801
1802       If any of these are set, this logical router port represents a distrib‐
1803       uted gateway port that connects this router to a logical switch with  a
1804       localnet  port  or a connection to another OVN deployment. There may be
1805       at most one such logical router port on each logical router.
1806
1807       The newest and most preferred way to configure a  gateway  is  ha_chas‐
1808       sis_group,  followed by gateway_chassis. Using options:redirect-chassis
1809       is deprecated. At most one of these should be set at a time on a  given
1810       LRP, since they configure the same features.
1811
1812       Even when a gateway is configured, the logical router port still effec‐
1813       tively resides on each chassis. However, due to the implications of the
1814       use of L2 learning in the physical network, as well as the need to sup‐
1815       port advanced features such as one-to-many NAT (aka IP masquerading), a
1816       subset  of  the  logical  router processing is handled in a centralized
1817       manner on the gateway chassis.
1818
1819       When more than one gateway chassis is specified, OVN only uses one at a
1820       time.  OVN  uses  BFD  to  monitor gateway connectivity, preferring the
1821       highest-priority gateway that is online. Priorities  are  specified  in
1822       the priority column of Gateway_Chassis or HA_Chassis.
1823
1824       ovn-northd  programs  the  external_mac rules specified in the LRP’s LR
1825       into the peer logical switch’s destination lookup on the chassis  where
1826       the logical_port resides. In addition, the logical router’s MAC address
1827       is automatically programmed in the peer  logical  switch’s  destination
1828       lookup  flow on the gateway chasssis. If it is desired to generate gra‐
1829       tuitous ARPs for NAT addresses, then set the  peer  LSP’s  options:nat-
1830       addresses to router.
1831
1832       ha_chassis_group: optional HA_Chassis_Group
1833              Designates  an  HA_Chassis_Group  to provide gateway high avail‐
1834              ability.
1835
1836       gateway_chassis: set of Gateway_Chassiss
1837              Designates one or more Gateway_Chassis for  the  logical  router
1838              port.
1839
1840       options : redirect-chassis: optional string
1841              Designates the named chassis as the gateway.
1842
1843     Options for Physical VLAN MTU Issues:
1844
1845       MTU  issues  arise  in  mixing  tunnels  with logical networks that are
1846       bridged to a physical VLAN. For an explanation of the MTU  issues,  see
1847       Physical  VLAN MTU Issues in the OVN architecture document. The follow‐
1848       ing options, which are alternatives, provide solutions.  Both  of  them
1849       cause  packets  to  be  sent over localnet instead of tunnels, but they
1850       differ in whether some or all packets are sent this way. The most prom‐
1851       inent tradeoff between these options is that reside-on-redirect-chassis
1852       is easier to configure and that redirect-type performs better for east-
1853       west traffic.
1854
1855       options  :  reside-on-redirect-chassis: optional string, either true or
1856       false
1857              If set to true, this option forces all traffic across the  logi‐
1858              cal  router port to pass through the gateway chassis using a hop
1859              across a localnet port. This changes behavior in two ways:
1860
1861              ·      Without this option, east-west  traffic  passes  directly
1862                     between  source and destination chassis (or even within a
1863                     single chassis, for co-located VMs).  With  this  option,
1864                     all east-west traffic passes through the gateway chassis.
1865
1866              ·      Without  this option, traffic between the gateway chassis
1867                     and other chassis is encapsulated in tunnels.  With  this
1868                     option, traffic passes over a localnet interface.
1869
1870              This  option  may  usefully  be set only on logical router ports
1871              that connect a distributed logical router to  a  logical  switch
1872              with VIFs. It should not be set on a distributed gateway port.
1873
1874              OVN honors this option only if the logical router has a distrib‐
1875              uted gateway port and if the LRP’s peer switch  has  a  localnet
1876              port.
1877
1878       options : redirect-type: optional string, either bridged or overlay
1879              If  set  to  bridged  on a distributed gateway port, this option
1880              causes OVN to redirect packets to the  gateway  chassis  over  a
1881              localnet  port  instead  of  a tunnel. The relevant chassis must
1882              share a localnet port.
1883
1884              This feature requires the administrator or the CMS to  configure
1885              each  participating  chassis  with a unique Ethernet address for
1886              the locgical router by setting ovn-chassis-mac-mappings  in  the
1887              Open vSwitch database, for use by ovn-controller.
1888
1889              Setting  this  option  to  overlay  or  leaving  it unset has no
1890              effect. This option may usefully be set only  on  a  distributed
1891              gateway port. It is otherwise ignored.
1892
1893       ipv6_prefix: set of strings
1894              This  column  contains IPv6 prefix obtained by prefix delegation
1895              router according to RFC 3633
1896
1897     ipv6_ra_configs:
1898
1899       This column defines the IPv6 ND RA address mode and ND MTU Option to be
1900       included by ovn-controller when it replies to the IPv6 Router solicita‐
1901       tion requests.
1902
1903       ipv6_ra_configs : address_mode: optional string
1904              The address mode to be used for IPv6 address configuration.  The
1905              supported values are:
1906
1907              ·      slaac:  Address  configuration using Router Advertisement
1908                     (RA) packet. The  IPv6  prefixes  defined  in  the  Logi‐
1909                     cal_Router_Port  table’s networks column will be included
1910                     in the RA’s ICMPv6 option - Prefix information.
1911
1912              ·      dhcpv6_stateful: Address configuration using DHCPv6.
1913
1914              ·      dhcpv6_stateless:  Address  configuration  using   Router
1915                     Advertisement  (RA)  packet.  Other IPv6 options are pro‐
1916                     vided by DHCPv6.
1917
1918       ipv6_ra_configs : router_preference: optional string
1919              Default Router Preference (PRF) indicates whether to prefer this
1920              router  over  other  default routers (RFC 4191). Possible values
1921              are:
1922
1923              ·      HIGH: mapped to 0x01 in RA PRF field
1924
1925              ·      MEDIUM: mapped to 0x00 in RA PRF field
1926
1927              ·      LOW: mapped to 0x11 in RA PRF field
1928
1929       ipv6_ra_configs : route_info: optional string
1930              Route Info is used to configure Route Info Option sent in Router
1931              Advertisment  according to RFC 4191. Route Info is a comma sepa‐
1932              rated string where each field provides  PRF  and  prefix  for  a
1933              given route (e.g: HIGH-aef1::11/48,LOW-aef2::11/96) Possible PRF
1934              values are:
1935
1936              ·      HIGH: mapped to 0x01 in RA PRF field
1937
1938              ·      MEDIUM: mapped to 0x00 in RA PRF field
1939
1940              ·      LOW: mapped to 0x11 in RA PRF field
1941
1942       ipv6_ra_configs : mtu: optional string
1943              The recommended MTU for the link. Default is 0, which  means  no
1944              MTU  Option  will  be  included in RA packet replied by ovn-con‐
1945              troller. Per RFC 2460, the mtu value is recommended no less than
1946              1280,  so  any mtu value less than 1280 will be considered as no
1947              MTU Option.
1948
1949       ipv6_ra_configs : send_periodic: optional string
1950              If set to true, then this  router  interface  will  send  router
1951              advertisements periodically. The default is false.
1952
1953       ipv6_ra_configs : max_interval: optional string
1954              The  maximum  number of seconds to wait between sending periodic
1955              router advertisements. This option has no effect if ipv6_ra_con‐
1956              figs:send_periodic is false. The default is 600.
1957
1958       ipv6_ra_configs : min_interval: optional string
1959              The  minimum  number of seconds to wait between sending periodic
1960              router advertisements. This option has no effect if ipv6_ra_con‐
1961              figs:send_periodic   is  false.  The  default  is  one-third  of
1962              ipv6_ra_configs:max_interval, i.e. 200 seconds if  that  key  is
1963              unset.
1964
1965       ipv6_ra_configs : rdnss: optional string
1966              IPv6  address  of  RDNSS  server announced in RA packets. At the
1967              moment OVN supports just one RDNSS server.
1968
1969       ipv6_ra_configs : dnssl: optional string
1970              DNS Search List announced in RA  packets.  Multiple  DNS  Search
1971              List must be ’comma’ separated (e.g. "a.b.c, d.e.f")
1972
1973     Options:
1974
1975       Additional options for the logical router port.
1976
1977       options : mcast_flood: optional string, either true or false
1978              If set to true, multicast traffic (including reports) are uncon‐
1979              ditionally forwarded to the specific port.
1980
1981              This option applies when the port is part of  a  logical  router
1982              which has options:mcast_relay set to true.
1983
1984       options : requested-tnl-key: optional string, containing an integer, in
1985       range 1 to 65,535
1986              Configures the port binding tunnel key  for  the  port.  Usually
1987              this  is not needed because ovn-northd will assign an unique key
1988              for  each  port  by  itself.  However,  if  it  is   configured,
1989              ovn-northd honors the configured value.
1990
1991       options : prefix_delegation: optional string, either true or false
1992              If  set  to true, enable IPv6 prefix delegation state machine on
1993              this logical router port (RFC3633). IPv6  prefix  delegation  is
1994              available just on a gateway router or on a gateway router port.
1995
1996       options : prefix: optional string, either true or false
1997              If  set  to  true,  this  interface  will receive an IPv6 prefix
1998              according to RFC3663
1999
2000     Attachment:
2001
2002       A given router port serves one of two purposes:
2003
2004              ·      To attach a logical switch to a logical router. A logical
2005                     router  port  of  this  type is referenced by exactly one
2006                     Logical_Switch_Port of type router. The value of name  is
2007                     set   as   router-port   in   column   options  of  Logi‐
2008                     cal_Switch_Port. In this case peer column is empty.
2009
2010              ·      To connect one logical router to another. This requires a
2011                     pair of logical router ports, each connected to a differ‐
2012                     ent router. Each router port in the  pair  specifies  the
2013                     other in its peer column. No Logical_Switch refers to the
2014                     router port.
2015
2016       peer: optional string
2017              For a router port used to  connect  two  logical  routers,  this
2018              identifies the other router port in the pair by name.
2019
2020              For  a  router port attached to a logical switch, this column is
2021              empty.
2022
2023     Common Columns:
2024
2025       external_ids: map of string-string pairs
2026              See External IDs at the beginning of this document.
2027

Logical_Router_Static_Route TABLE

2029       Each record represents a static route.
2030
2031       When multiple routes match a packet, the longest-prefix match  is  cho‐
2032       sen.  For  a  given  prefix  length, a dst-ip route is preferred over a
2033       src-ip route.
2034
2035       When there are ECMP routes, i.e. multiple routes with same  prefix  and
2036       policy,  one  of  them will be selected based on the 5-tuple hashing of
2037       the packet header.
2038
2039   Summary:
2040       ip_prefix                     string
2041       policy                        optional string, either dst-ip or src-ip
2042       nexthop                       string
2043       output_port                   optional string
2044       external_ids : ic-learned-route
2045                                     optional string
2046       Common Columns:
2047         external_ids                map of string-string pairs
2048
2049   Details:
2050       ip_prefix: string
2051              IP prefix of this route (e.g. 192.168.100.0/24).
2052
2053       policy: optional string, either dst-ip or src-ip
2054              If it is specified, this setting describes the  policy  used  to
2055              make  routing decisions. This setting must be one of the follow‐
2056              ing strings:
2057
2058              ·      src-ip: This policy sends the packet to the nexthop  when
2059                     the packet’s source IP address matches ip_prefix.
2060
2061              ·      dst-ip:  This policy sends the packet to the nexthop when
2062                     the packet’s destination IP address matches ip_prefix.
2063
2064              If not specified, the default is dst-ip.
2065
2066       nexthop: string
2067              Nexthop IP address for this route. Nexthop IP address should  be
2068              the IP address of a connected router port or the IP address of a
2069              logical port.
2070
2071       output_port: optional string
2072              The name of the Logical_Router_Port via which the  packet  needs
2073              to  be  sent  out.  This is optional and when not specified, OVN
2074              will automatically figure this out based on  the  nexthop.  When
2075              this  is  specified  and  there are multiple IP addresses on the
2076              router port and none of them are in the same subnet of  nexthop,
2077              OVN  chooses  the first IP address as the one via which the nex‐
2078              thop is reachable.
2079
2080       external_ids : ic-learned-route: optional string
2081              ovn-ic populates this key if  the  route  is  learned  from  the
2082              global  OVN_IC_Southbound  database. In this case the value will
2083              be  set  to  the  uuid  of  the  row  in  Route  table  of   the
2084              OVN_IC_Southbound database.
2085
2086     Common Columns:
2087
2088       external_ids: map of string-string pairs
2089              See External IDs at the beginning of this document.
2090

Logical_Router_Policy TABLE

2092       Each  row  in  this  table  represents one routing policy for a logical
2093       router that points to it through its policies column. The action column
2094       for  the  highest-priority  matching  row  in  this  table determines a
2095       packet’s treatment. If no row matches, packets are allowed by  default.
2096       (Default-deny  treatment  is possible: add a rule with priority 0, 1 as
2097       match, and drop as action.)
2098
2099   Summary:
2100       priority                      integer, in range 0 to 32,767
2101       match                         string
2102       action                        string, one of allow, drop, or reroute
2103       nexthop                       optional string
2104       Common Columns:
2105         external_ids                map of string-string pairs
2106
2107   Details:
2108       priority: integer, in range 0 to 32,767
2109              The routing policy’s priority.  Rules  with  numerically  higher
2110              priority  take  precedence  over  those  with  lower.  A rule is
2111              uniquely identified by the priority and match string.
2112
2113       match: string
2114              The packets that the routing policy should match,  in  the  same
2115              expression  language used for the match column in the OVN South‐
2116              bound database’s Logical_Flow table.
2117
2118              By default all traffic is allowed. When writing a more  restric‐
2119              tive  policy, it is important to remember to allow flows such as
2120              ARP and IPv6 neighbor discovery packets.
2121
2122       action: string, one of allow, drop, or reroute
2123              The action to take when the routing policy matches:
2124
2125              ·      allow: Forward the packet.
2126
2127              ·      drop: Silently drop the packet.
2128
2129              ·      reroute: Reroute packet to nexthop.
2130
2131       nexthop: optional string
2132              Next-hop IP address for this  route,  which  should  be  the  IP
2133              address  of a connected router port or the IP address of a logi‐
2134              cal port.
2135
2136     Common Columns:
2137
2138       external_ids: map of string-string pairs
2139              See External IDs at the beginning of this document.
2140

NAT TABLE

2142       Each record represents a NAT rule.
2143
2144   Summary:
2145       type                          string, one of  dnat,  dnat_and_snat,  or
2146                                     snat
2147       external_ip                   string
2148       external_mac                  optional string
2149       external_port_range           string
2150       logical_ip                    string
2151       logical_port                  optional string
2152       options : stateless           optional string
2153       Common Columns:
2154         external_ids                map of string-string pairs
2155
2156   Details:
2157       type: string, one of dnat, dnat_and_snat, or snat
2158              Type of the NAT rule.
2159
2160              ·      When  type  is  dnat,  the  externally visible IP address
2161                     external_ip is DNATted to the IP  address  logical_ip  in
2162                     the logical space.
2163
2164              ·      When  type  is  snat,  IP  packets  with  their source IP
2165                     address that either matches the IP address in  logical_ip
2166                     or  is  in  the  network provided by logical_ip is SNATed
2167                     into the IP address in external_ip.
2168
2169              ·      When type is dnat_and_snat,  the  externally  visible  IP
2170                     address  external_ip  is  DNATted to the IP address logi‐
2171                     cal_ip in the logical space. In addition, IP packets with
2172                     the  source  IP address that matches logical_ip is SNATed
2173                     into the IP address in external_ip.
2174
2175       external_ip: string
2176              An IPv4 address.
2177
2178       external_mac: optional string
2179              A MAC address.
2180
2181              This is only used on the gateway port  on  distributed  routers.
2182              This must be specified in order for the NAT rule to be processed
2183              in a distributed manner on all chassis. If this is not specified
2184              for  a NAT rule on a distributed router, then this NAT rule will
2185              be processed  in  a  centralized  manner  on  the  gateway  port
2186              instance on the gateway chassis.
2187
2188              This  MAC  address must be unique on the logical switch that the
2189              gateway port is attached to. If the MAC address used on the log‐
2190              ical_port is globally unique, then that MAC address can be spec‐
2191              ified as this external_mac.
2192
2193       external_port_range: string
2194              L4 source port range
2195
2196              Range of ports, from which a port number  will  be  picked  that
2197              will  replace  the  source  port  of to be NATed packet. This is
2198              basically PAT (port address translation).
2199
2200              Value of the column is in the format, port_lo-port_hi. For exam‐
2201              ple: external_port_range : "1-30000"
2202
2203              Valid range of ports is 1-65535.
2204
2205       logical_ip: string
2206              An IPv4 network (e.g 192.168.1.0/24) or an IPv4 address.
2207
2208       logical_port: optional string
2209              The name of the logical port where the logical_ip resides.
2210
2211              This is only used on distributed routers. This must be specified
2212              in order for the NAT rule to be processed in a distributed  man‐
2213              ner on all chassis. If this is not specified for a NAT rule on a
2214              distributed router, then this NAT rule will be  processed  in  a
2215              centralized  manner  on the gateway port instance on the gateway
2216              chassis.
2217
2218       options : stateless: optional string
2219              Indicates if a dnat_and_snat  rule  should  lead  to  connection
2220              tracking state or not.
2221
2222     Common Columns:
2223
2224       external_ids: map of string-string pairs
2225              See External IDs at the beginning of this document.
2226

DHCP_Options TABLE

2228       OVN  implements  native  DHCPv4  support which caters to the common use
2229       case of providing an IPv4 address to a booting  instance  by  providing
2230       stateless  replies  to  DHCPv4  requests based on statically configured
2231       address mappings. To do this it allows a short list of  DHCPv4  options
2232       to  be  configured  and  applied  at each compute host running ovn-con‐
2233       troller.
2234
2235       OVN also implements native  DHCPv6  support  which  provides  stateless
2236       replies to DHCPv6 requests.
2237
2238   Summary:
2239       cidr                          string
2240       DHCPv4 options:
2241         Mandatory DHCPv4 options:
2242            options : server_id      optional string
2243            options : server_mac     optional string
2244            options : lease_time     optional  string,  containing an integer,
2245                                     in range 0 to 4,294,967,295
2246         IPv4 DHCP Options:
2247            options : router         optional string
2248            options : netmask        optional string
2249            options : dns_server     optional string
2250            options : log_server     optional string
2251            options : lpr_server     optional string
2252            options : swap_server    optional string
2253            options : policy_filter  optional string
2254            options : router_solicitation
2255                                     optional string
2256            options : nis_server     optional string
2257            options : ntp_server     optional string
2258            options : tftp_server    optional string
2259            options : classless_static_route
2260                                     optional string
2261            options : ms_classless_static_route
2262                                     optional string
2263         Boolean DHCP Options:
2264            options : ip_forward_enable
2265                                     optional string, either 0 or 1
2266            options : router_discovery
2267                                     optional string, either 0 or 1
2268            options : ethernet_encap optional string, either 0 or 1
2269         Integer DHCP Options:
2270            options : default_ttl    optional string, containing  an  integer,
2271                                     in range 0 to 255
2272            options : tcp_ttl        optional  string,  containing an integer,
2273                                     in range 0 to 255
2274            options : mtu            optional string, containing  an  integer,
2275                                     in range 68 to 65,535
2276            options : T1             optional  string,  containing an integer,
2277                                     in range 68 to 4,294,967,295
2278            options : T2             optional string, containing  an  integer,
2279                                     in range 68 to 4,294,967,295
2280            options : arp_cache_timeout
2281                                     optional  string,  containing an integer,
2282                                     in range 0 to 255
2283            options : tcp_keepalive_interval
2284                                     optional string, containing  an  integer,
2285                                     in range 0 to 255
2286         String DHCP Options:
2287            options : wpad           optional string
2288            options : bootfile_name  optional string
2289            options : path_prefix    optional string
2290            options : tftp_server_address
2291                                     optional string
2292            options : domain_name    optional string
2293       DHCPv6 options:
2294         Mandatory DHCPv6 options:
2295            options : server_id      optional string
2296         IPv6 DHCPv6 options:
2297            options : dns_server     optional string
2298         String DHCPv6 options:
2299            options : domain_search  optional string
2300            options : dhcpv6_stateless
2301                                     optional string
2302       Common Columns:
2303         external_ids                map of string-string pairs
2304
2305   Details:
2306       cidr: string
2307              The  DHCPv4/DHCPv6  options will be included if the logical port
2308              has its IP address in this cidr.
2309
2310     DHCPv4 options:
2311
2312       The CMS should define the set of DHCPv4 options as key/value  pairs  in
2313       the  options  column of this table. For ovn-controller to include these
2314       DHCPv4 options, the dhcpv4_options of Logical_Switch_Port should  refer
2315       to an entry in this table.
2316
2317     Mandatory DHCPv4 options:
2318
2319       The following options must be defined.
2320
2321       options : server_id: optional string
2322              The IP address for the DHCP server to use. This should be in the
2323              subnet of the offered IP. This is  also  included  in  the  DHCP
2324              offer as option 54, ``server identifier.’’
2325
2326       options : server_mac: optional string
2327              The Ethernet address for the DHCP server to use.
2328
2329       options  : lease_time: optional string, containing an integer, in range
2330       0 to 4,294,967,295
2331              The offered lease time in seconds,
2332
2333              The DHCPv4 option code for this option is 51.
2334
2335     IPv4 DHCP Options:
2336
2337       Below are the  supported  DHCPv4  options  whose  values  are  an  IPv4
2338       address,  e.g. 192.168.1.1. Some options accept multiple IPv4 addresses
2339       enclosed within curly braces, e.g. {192.168.1.2,  192.168.1.3}.  Please
2340       refer to RFC 2132 for more details on DHCPv4 options and their codes.
2341
2342       options : router: optional string
2343              The  IP  address of a gateway for the client to use. This should
2344              be in the subnet of the offered IP. The DHCPv4 option  code  for
2345              this option is 3.
2346
2347       options : netmask: optional string
2348              The DHCPv4 option code for this option is 1.
2349
2350       options : dns_server: optional string
2351              The DHCPv4 option code for this option is 6.
2352
2353       options : log_server: optional string
2354              The DHCPv4 option code for this option is 7.
2355
2356       options : lpr_server: optional string
2357              The DHCPv4 option code for this option is 9.
2358
2359       options : swap_server: optional string
2360              The DHCPv4 option code for this option is 16.
2361
2362       options : policy_filter: optional string
2363              The DHCPv4 option code for this option is 21.
2364
2365       options : router_solicitation: optional string
2366              The DHCPv4 option code for this option is 32.
2367
2368       options : nis_server: optional string
2369              The DHCPv4 option code for this option is 41.
2370
2371       options : ntp_server: optional string
2372              The DHCPv4 option code for this option is 42.
2373
2374       options : tftp_server: optional string
2375              The DHCPv4 option code for this option is 66.
2376
2377       options : classless_static_route: optional string
2378              The DHCPv4 option code for this option is 121.
2379
2380              This option can contain one or more static routes, each of which
2381              consists of a destination descriptor and the IP address  of  the
2382              router that should be used to reach that destination. Please see
2383              RFC 3442 for more details.
2384
2385              Example: {30.0.0.0/24,10.0.0.10, 0.0.0.0/0,10.0.0.1}
2386
2387       options : ms_classless_static_route: optional string
2388              The DHCPv4 option code for this option is 249.  This  option  is
2389              similar to classless_static_route supported by Microsoft Windows
2390              DHCPv4 clients.
2391
2392     Boolean DHCP Options:
2393
2394       These options accept a Boolean value, expressed as 0 for false or 1 for
2395       true.
2396
2397       options : ip_forward_enable: optional string, either 0 or 1
2398              The DHCPv4 option code for this option is 19.
2399
2400       options : router_discovery: optional string, either 0 or 1
2401              The DHCPv4 option code for this option is 31.
2402
2403       options : ethernet_encap: optional string, either 0 or 1
2404              The DHCPv4 option code for this option is 36.
2405
2406     Integer DHCP Options:
2407
2408       These options accept a nonnegative integer value.
2409
2410       options : default_ttl: optional string, containing an integer, in range
2411       0 to 255
2412              The DHCPv4 option code for this option is 23.
2413
2414       options : tcp_ttl: optional string, containing an integer, in  range  0
2415       to 255
2416              The DHCPv4 option code for this option is 37.
2417
2418       options  :  mtu: optional string, containing an integer, in range 68 to
2419       65,535
2420              The DHCPv4 option code for this option is 26.
2421
2422       options : T1: optional string, containing an integer, in  range  68  to
2423       4,294,967,295
2424              This  specifies  the time interval from address assignment until
2425              the client begins trying to renew its address. The DHCPv4 option
2426              code for this option is 58.
2427
2428       options  :  T2:  optional string, containing an integer, in range 68 to
2429       4,294,967,295
2430              This specifies the time interval from address  assignment  until
2431              the  client  begins  trying  to  rebind  its address. The DHCPv4
2432              option code for this option is 59.
2433
2434       options : arp_cache_timeout: optional string, containing an integer, in
2435       range 0 to 255
2436              The DHCPv4 option code for this option is 35. This option speci‐
2437              fies the timeout in seconds for ARP cache entries.
2438
2439       options : tcp_keepalive_interval: optional string, containing an  inte‐
2440       ger, in range 0 to 255
2441              The DHCPv4 option code for this option is 38. This option speci‐
2442              fies the interval that the client TCP should wait before sending
2443              a keepalive message on a TCP connection.
2444
2445     String DHCP Options:
2446
2447       These options accept a string value.
2448
2449       options : wpad: optional string
2450              The  DHCPv4  option  code for this option is 252. This option is
2451              used as part of web proxy auto discovery to provide a URL for  a
2452              web proxy.
2453
2454       options : bootfile_name: optional string
2455              The  DHCPv4  option  code  for this option is 67. This option is
2456              used to identify a bootfile.
2457
2458       options : path_prefix: optional string
2459              The DHCPv4 option code for this option is 210. In PXELINUX’ case
2460              this  option  is  used  to  set a common path prefix, instead of
2461              deriving it from the bootfile name.
2462
2463       options : tftp_server_address: optional string
2464              The DHCPv4 option code for this option is 150. The  option  con‐
2465              tains  one  or more IPv4 addresses that the client MAY use. This
2466              option is Cisco proprietary, the IEEE standard that matches with
2467              this requirement is option 66 (tftp_server).
2468
2469       options : domain_name: optional string
2470              The DHCPv4 option code for this option is 15. This option speci‐
2471              fies the domain name that client should use when resolving host‐
2472              names via the Domain Name System.
2473
2474     DHCPv6 options:
2475
2476       OVN  also  implements  native DHCPv6 support. The CMS should define the
2477       set of DHCPv6 options as key/value pairs.  The  define  DHCPv6  options
2478       will   be   included   in   the   DHCPv6   response   to   the   DHCPv6
2479       Solicit/Request/Confirm packet from the logical ports having  the  IPv6
2480       addresses in the cidr.
2481
2482     Mandatory DHCPv6 options:
2483
2484       The following options must be defined.
2485
2486       options : server_id: optional string
2487              The  Ethernet  address  for the DHCP server to use. This is also
2488              included in the DHCPv6 reply as option 2, ``Server  Identifier’’
2489              to  carry  a  DUID  identifying  a server between a client and a
2490              server. ovn-controller defines DUID based on Link-layer  Address
2491              [DUID-LL].
2492
2493     IPv6 DHCPv6 options:
2494
2495       Below  are  the  supported  DHCPv6  options  whose  values  are an IPv6
2496       address, e.g. aef0::4. Some  options  accept  multiple  IPv6  addresses
2497       enclosed  within curly braces, e.g. {aef0::4, aef0::5}. Please refer to
2498       RFC 3315 for more details on DHCPv6 options and their codes.
2499
2500       options : dns_server: optional string
2501              The DHCPv6 option code for this option is 23. This option speci‐
2502              fies the DNS servers that the VM should use.
2503
2504     String DHCPv6 options:
2505
2506       These options accept string values.
2507
2508       options : domain_search: optional string
2509              The DHCPv6 option code for this option is 24. This option speci‐
2510              fies the domain search list the client  should  use  to  resolve
2511              hostnames with DNS.
2512
2513              Example: "ovn.org".
2514
2515       options : dhcpv6_stateless: optional string
2516              This  option specifies the OVN native DHCPv6 will work in state‐
2517              less mode, which means OVN native DHCPv6  will  not  offer  IPv6
2518              addresses for VM/VIF ports, but only reply other configurations,
2519              such as DNS and domain search list.  When  setting  this  option
2520              with  string  value "true", VM/VIF will configure IPv6 addresses
2521              by stateless way. Default value for this option is false.
2522
2523     Common Columns:
2524
2525       external_ids: map of string-string pairs
2526              See External IDs at the beginning of this document.
2527

Connection TABLE

2529       Configuration for a database connection to  an  Open  vSwitch  database
2530       (OVSDB) client.
2531
2532       This  table  primarily  configures  the  Open  vSwitch  database server
2533       (ovsdb-server).
2534
2535       The Open vSwitch database server can initiate and maintain active  con‐
2536       nections  to  remote  clients.  It can also listen for database connec‐
2537       tions.
2538
2539   Summary:
2540       Core Features:
2541         target                      string (must be unique within table)
2542       Client Failure Detection and Handling:
2543         max_backoff                 optional integer, at least 1,000
2544         inactivity_probe            optional integer
2545       Status:
2546         is_connected                boolean
2547         status : last_error         optional string
2548         status : state              optional string, one of ACTIVE,  BACKOFF,
2549                                     CONNECTING, IDLE, or VOID
2550         status : sec_since_connect  optional  string,  containing an integer,
2551                                     at least 0
2552         status : sec_since_disconnect
2553                                     optional string, containing  an  integer,
2554                                     at least 0
2555         status : locks_held         optional string
2556         status : locks_waiting      optional string
2557         status : locks_lost         optional string
2558         status : n_connections      optional  string,  containing an integer,
2559                                     at least 2
2560         status : bound_port         optional string, containing an integer
2561       Common Columns:
2562         external_ids                map of string-string pairs
2563         other_config                map of string-string pairs
2564
2565   Details:
2566     Core Features:
2567
2568       target: string (must be unique within table)
2569              Connection methods for clients.
2570
2571              The following connection methods are currently supported:
2572
2573              ssl:host[:port]
2574                     The specified SSL port on the host  at  the  given  host,
2575                     which  can  either  be  a DNS name (if built with unbound
2576                     library) or an IP address. A valid SSL configuration must
2577                     be  provided  when  this form is used, this configuration
2578                     can be specified via command-line options or the SSL  ta‐
2579                     ble.
2580
2581                     If port is not specified, it defaults to 6640.
2582
2583                     SSL  support  is  an  optional feature that is not always
2584                     built as part of Open vSwitch.
2585
2586              tcp:host[:port]
2587                     The specified TCP port on the host  at  the  given  host,
2588                     which  can  either  be  a DNS name (if built with unbound
2589                     library) or an IP address. If host is  an  IPv6  address,
2590                     wrap it in square brackets, e.g. tcp:[::1]:6640.
2591
2592                     If port is not specified, it defaults to 6640.
2593
2594              pssl:[port][:host]
2595                     Listens  for  SSL  connections on the specified TCP port.
2596                     Specify 0 for  port  to  have  the  kernel  automatically
2597                     choose  an available port. If host, which can either be a
2598                     DNS name  (if  built  with  unbound  library)  or  an  IP
2599                     address, is specified, then connections are restricted to
2600                     the resolved or specified local IPaddress (either IPv4 or
2601                     IPv6 address). If host is an IPv6 address, wrap in square
2602                     brackets, e.g. pssl:6640:[::1]. If host is not  specified
2603                     then  it listens only on IPv4 (but not IPv6) addresses. A
2604                     valid SSL configuration must be provided when  this  form
2605                     is  used,  this  can be specified either via command-line
2606                     options or the SSL table.
2607
2608                     If port is not specified, it defaults to 6640.
2609
2610                     SSL support is an optional feature  that  is  not  always
2611                     built as part of Open vSwitch.
2612
2613              ptcp:[port][:host]
2614                     Listens  for connections on the specified TCP port. Spec‐
2615                     ify 0 for port to have the kernel automatically choose an
2616                     available  port.  If host, which can either be a DNS name
2617                     (if built with unbound library)  or  an  IP  address,  is
2618                     specified,   then   connections  are  restricted  to  the
2619                     resolved or specified local IP address  (either  IPv4  or
2620                     IPv6  address).  If  host  is an IPv6 address, wrap it in
2621                     square brackets, e.g. ptcp:6640:[::1].  If  host  is  not
2622                     specified then it listens only on IPv4 addresses.
2623
2624                     If port is not specified, it defaults to 6640.
2625
2626              When  multiple clients are configured, the target values must be
2627              unique. Duplicate target values yield unspecified results.
2628
2629     Client Failure Detection and Handling:
2630
2631       max_backoff: optional integer, at least 1,000
2632              Maximum  number  of  milliseconds  to  wait  between  connection
2633              attempts. Default is implementation-specific.
2634
2635       inactivity_probe: optional integer
2636              Maximum number of milliseconds of idle time on connection to the
2637              client before sending  an  inactivity  probe  message.  If  Open
2638              vSwitch  does  not communicate with the client for the specified
2639              number of seconds, it will send a probe. If a  response  is  not
2640              received  for  the  same additional amount of time, Open vSwitch
2641              assumes the connection has been broken and  attempts  to  recon‐
2642              nect.  Default is implementation-specific. A value of 0 disables
2643              inactivity probes.
2644
2645     Status:
2646
2647       Key-value pair of is_connected is always updated. Other key-value pairs
2648       in the status columns may be updated depends on the target type.
2649
2650       When target specifies a connection method that listens for inbound con‐
2651       nections (e.g. ptcp: or punix:), both  n_connections  and  is_connected
2652       may also be updated while the remaining key-value pairs are omitted.
2653
2654       On  the  other  hand, when target specifies an outbound connection, all
2655       key-value pairs may be updated, except  the  above-mentioned  two  key-
2656       value  pairs associated with inbound connection targets. They are omit‐
2657       ted.
2658
2659       is_connected: boolean
2660              true if currently connected to this client, false otherwise.
2661
2662       status : last_error: optional string
2663              A human-readable description of the last error on the connection
2664              to  the  manager; i.e. strerror(errno). This key will exist only
2665              if an error has occurred.
2666
2667       status : state: optional string, one of  ACTIVE,  BACKOFF,  CONNECTING,
2668       IDLE, or VOID
2669              The state of the connection to the manager:
2670
2671              VOID   Connection is disabled.
2672
2673              BACKOFF
2674                     Attempting to reconnect at an increasing period.
2675
2676              CONNECTING
2677                     Attempting to connect.
2678
2679              ACTIVE Connected, remote host responsive.
2680
2681              IDLE   Connection is idle. Waiting for response to keep-alive.
2682
2683              These  values  may  change in the future. They are provided only
2684              for human consumption.
2685
2686       status : sec_since_connect: optional string, containing an integer,  at
2687       least 0
2688              The amount of time since this client last successfully connected
2689              to the database (in seconds). Value is empty if client has never
2690              successfully been connected.
2691
2692       status  : sec_since_disconnect: optional string, containing an integer,
2693       at least 0
2694              The amount of time since this client last disconnected from  the
2695              database  (in  seconds). Value is empty if client has never dis‐
2696              connected.
2697
2698       status : locks_held: optional string
2699              Space-separated list of the names of OVSDB locks that  the  con‐
2700              nection  holds.  Omitted  if  the  connection  does not hold any
2701              locks.
2702
2703       status : locks_waiting: optional string
2704              Space-separated list of the names of OVSDB locks that  the  con‐
2705              nection  is currently waiting to acquire. Omitted if the connec‐
2706              tion is not waiting for any locks.
2707
2708       status : locks_lost: optional string
2709              Space-separated list of the names of OVSDB locks that  the  con‐
2710              nection  has  had  stolen by another OVSDB client. Omitted if no
2711              locks have been stolen from this connection.
2712
2713       status : n_connections: optional  string,  containing  an  integer,  at
2714       least 2
2715              When  target  specifies  a  connection  method  that listens for
2716              inbound connections (e.g. ptcp: or pssl:) and more than one con‐
2717              nection  is  actually  active, the value is the number of active
2718              connections. Otherwise, this key-value pair is omitted.
2719
2720       status : bound_port: optional string, containing an integer
2721              When target is ptcp: or pssl:, this is the TCP port on which the
2722              OVSDB  server  is  listening.  (This is particularly useful when
2723              target specifies a port of 0, allowing the kernel to choose  any
2724              available port.)
2725
2726     Common Columns:
2727
2728       The  overall purpose of these columns is described under Common Columns
2729       at the beginning of this document.
2730
2731       external_ids: map of string-string pairs
2732
2733       other_config: map of string-string pairs
2734

DNS TABLE

2736       Each row in this table stores the DNS records. The  Logical_Switch  ta‐
2737       ble’s dns_records references these records.
2738
2739   Summary:
2740       records                       map of string-string pairs
2741       external_ids                  map of string-string pairs
2742
2743   Details:
2744       records: map of string-string pairs
2745              Key-value pair of DNS records with DNS query name as the key and
2746              value as a string of IP address(es) separated by comma or space.
2747
2748              Example:  "vm1.ovn.org" = "10.0.0.4 aef0::4"
2749
2750       external_ids: map of string-string pairs
2751              See External IDs at the beginning of this document.
2752

SSL TABLE

2754       SSL configuration for ovn-nb database access.
2755
2756   Summary:
2757       private_key                   string
2758       certificate                   string
2759       ca_cert                       string
2760       bootstrap_ca_cert             boolean
2761       ssl_protocols                 string
2762       ssl_ciphers                   string
2763       Common Columns:
2764         external_ids                map of string-string pairs
2765
2766   Details:
2767       private_key: string
2768              Name of a PEM file  containing  the  private  key  used  as  the
2769              switch’s identity for SSL connections to the controller.
2770
2771       certificate: string
2772              Name  of a PEM file containing a certificate, signed by the cer‐
2773              tificate authority (CA) used by the controller and manager, that
2774              certifies  the  switch’s  private key, identifying a trustworthy
2775              switch.
2776
2777       ca_cert: string
2778              Name of a PEM file containing the CA certificate used to  verify
2779              that the switch is connected to a trustworthy controller.
2780
2781       bootstrap_ca_cert: boolean
2782              If  set to true, then Open vSwitch will attempt to obtain the CA
2783              certificate from the controller on its first SSL connection  and
2784              save  it  to  the  named  PEM file. If it is successful, it will
2785              immediately drop the connection and reconnect, and from then  on
2786              all  SSL  connections  must  be  authenticated  by a certificate
2787              signed by the CA certificate thus obtained. This option  exposes
2788              the  SSL  connection to a man-in-the-middle attack obtaining the
2789              initial CA certificate. It may still be  useful  for  bootstrap‐
2790              ping.
2791
2792       ssl_protocols: string
2793              List  of  SSL  protocols  to be enabled for SSL connections. The
2794              default when this option is omitted is TLSv1,TLSv1.1,TLSv1.2.
2795
2796       ssl_ciphers: string
2797              List of ciphers (in OpenSSL cipher string  format)  to  be  sup‐
2798              ported  for  SSL  connections.  The  default when this option is
2799              omitted is HIGH:!aNULL:!MD5.
2800
2801     Common Columns:
2802
2803       The overall purpose of these columns is described under Common  Columns
2804       at the beginning of this document.
2805
2806       external_ids: map of string-string pairs
2807

Gateway_Chassis TABLE

2809       Association  of  a  chassis to a logical router port. The traffic going
2810       out through an specific router port will be redirected to a chassis, or
2811       a  set  of  them  in  high  availability configurations. A single Gate‐
2812       way_Chassis is equivalent to  setting  options:redirect-chassis.  Using
2813       Gateway_Chassis  allows associating multiple prioritized chassis with a
2814       single logical router port.
2815
2816   Summary:
2817       name                          string (must be unique within table)
2818       chassis_name                  string
2819       priority                      integer, in range 0 to 32,767
2820       options                       map of string-string pairs
2821       Common Columns:
2822         external_ids                map of string-string pairs
2823
2824   Details:
2825       name: string (must be unique within table)
2826              Name of the Gateway_Chassis.
2827
2828              A   suggested,   but   not   required   naming   convention   is
2829              ${port_name}_${chassis_name}.
2830
2831       chassis_name: string
2832              Name of the chassis that we want to redirect traffic through for
2833              the associated logical router port. The  value  must  match  the
2834              name column of the Chassis table in the OVN_Southbound database.
2835
2836       priority: integer, in range 0 to 32,767
2837              This  is  the  priority  of  a chassis among all Gateway_Chassis
2838              belonging to the same logical router port.
2839
2840       options: map of string-string pairs
2841              Reserved for future use.
2842
2843     Common Columns:
2844
2845       external_ids: map of string-string pairs
2846              See External IDs at the beginning of this document.
2847

HA_Chassis_Group TABLE

2849       Table representing a group of chassis which can provide high availabil‐
2850       ity  services.  Each  chassis  in the group is represented by the table
2851       HA_Chassis. The HA chassis with highest priority will be the master  of
2852       this  group. If the master chassis failover is detected, the HA chassis
2853       with the next higher priority takes over the responsibility of  provid‐
2854       ing  the  HA.  If a distributed gateway router port references a row in
2855       this table, then the master HA chassis in this group provides the gate‐
2856       way functionality.
2857
2858   Summary:
2859       name                          string (must be unique within table)
2860       ha_chassis                    set of HA_Chassiss
2861       Common Columns:
2862         external_ids                map of string-string pairs
2863
2864   Details:
2865       name: string (must be unique within table)
2866              Name of the HA_Chassis_Group. Name should be unique.
2867
2868       ha_chassis: set of HA_Chassiss
2869              A list of HA chassis which belongs to this group.
2870
2871     Common Columns:
2872
2873       external_ids: map of string-string pairs
2874              See External IDs at the beginning of this document.
2875

HA_Chassis TABLE

2877   Summary:
2878       chassis_name                  string
2879       priority                      integer, in range 0 to 32,767
2880       Common Columns:
2881         external_ids                map of string-string pairs
2882
2883   Details:
2884       chassis_name: string
2885              Name  of  the chassis which is part of the HA chassis group. The
2886              value must match the name column of the  Chassis  table  in  the
2887              OVN_Southbound database.
2888
2889       priority: integer, in range 0 to 32,767
2890              Priority  of  the chassis. Chassis with highest priority will be
2891              the master.
2892
2893     Common Columns:
2894
2895       external_ids: map of string-string pairs
2896              See External IDs at the beginning of this document.
2897
2898
2899
2900Open vSwitch 20.03.0            DB Schema 5.22.0                     ovn-nb(5)
Impressum