1ovn-ic-nb(5)                  Open vSwitch Manual                 ovn-ic-nb(5)
2
3
4

NAME

6       ovn-ic-nb - OVN_IC_Northbound database schema
7
8       This  database is the interface for cloud management system (CMS), such
9       as OpenStack, to configure OVN interconnection settings. The  CMS  pro‐
10       duces  almost  all  of the contents of the database. The ovn-ic program
11       monitors the database contents, transforms it, and stores it  into  the
12       OVN_IC_Southbound database.
13
14       We  generally  speak  of  ``the’’ CMS, but one can imagine scenarios in
15       which multiple CMSes manage different parts of OVN interconnection.
16
17   External IDs
18       Each of the tables in this database contains a  special  column,  named
19       external_ids.  This  column has the same form and purpose each place it
20       appears.
21
22              external_ids: map of string-string pairs
23                     Key-value pairs for use by the CMS.  The  CMS  might  use
24                     certain  pairs,  for example, to identify entities in its
25                     own configuration that correspond to those in this  data‐
26                     base.
27

TABLE SUMMARY

29       The  following list summarizes the purpose of each of the tables in the
30       OVN_IC_Northbound database.  Each table is described in more detail  on
31       a later page.
32
33       Table     Purpose
34       IC_NB_Global
35                 IC Northbound configuration
36       Transit_Switch
37                 Transit logical switch
38       SSL       SSL configuration.
39       Connection
40                 OVSDB client connections.
41

IC_NB_Global TABLE

43       Northbound  configuration for OVN interconnection. This table must have
44       exactly one row.
45
46   Summary:
47       Common Columns:
48         external_ids                map of string-string pairs
49       Common options:
50         options                     map of string-string pairs
51       Connection Options:
52         connections                 set of Connections
53         ssl                         optional SSL
54
55   Details:
56     Common Columns:
57
58       external_ids: map of string-string pairs
59              See External IDs at the beginning of this document.
60
61     Common options:
62
63       options: map of string-string pairs
64              This column provides general key/value settings.  The  supported
65              options are described individually below.
66
67     Connection Options:
68
69       connections: set of Connections
70              Database  clients  to  which  the  Open  vSwitch database server
71              should connect or on which it should listen, along with  options
72              for  how these connections should be configured. See the Connec‐
73              tion table for more information.
74
75       ssl: optional SSL
76              Global SSL configuration.
77

Transit_Switch TABLE

79       Each row represents one  transit  logical  switch  for  interconnection
80       between different OVN deployments (availability zones).
81
82   Summary:
83       Naming:
84         name                        string (must be unique within table)
85       Common Columns:
86         other_config                map of string-string pairs
87         external_ids                map of string-string pairs
88
89   Details:
90     Naming:
91
92       name: string (must be unique within table)
93              A name that uniquely identifies the transit logical switch.
94
95     Common Columns:
96
97       other_config: map of string-string pairs
98
99       external_ids: map of string-string pairs
100              See External IDs at the beginning of this document.
101

SSL TABLE

103       SSL configuration for ovn-nb database access.
104
105   Summary:
106       private_key                   string
107       certificate                   string
108       ca_cert                       string
109       bootstrap_ca_cert             boolean
110       ssl_protocols                 string
111       ssl_ciphers                   string
112       Common Columns:
113         external_ids                map of string-string pairs
114
115   Details:
116       private_key: string
117              Name  of  a  PEM  file  containing  the  private key used as the
118              switch’s identity for SSL connections to the controller.
119
120       certificate: string
121              Name of a PEM file containing a certificate, signed by the  cer‐
122              tificate authority (CA) used by the controller and manager, that
123              certifies the switch’s private key,  identifying  a  trustworthy
124              switch.
125
126       ca_cert: string
127              Name  of a PEM file containing the CA certificate used to verify
128              that the switch is connected to a trustworthy controller.
129
130       bootstrap_ca_cert: boolean
131              If set to true, then Open vSwitch will attempt to obtain the  CA
132              certificate  from the controller on its first SSL connection and
133              save it to the named PEM file. If  it  is  successful,  it  will
134              immediately  drop the connection and reconnect, and from then on
135              all SSL connections  must  be  authenticated  by  a  certificate
136              signed  by the CA certificate thus obtained. This option exposes
137              the SSL connection to a man-in-the-middle attack  obtaining  the
138              initial  CA  certificate.  It may still be useful for bootstrap‐
139              ping.
140
141       ssl_protocols: string
142              List of SSL protocols to be enabled  for  SSL  connections.  The
143              default when this option is omitted is TLSv1,TLSv1.1,TLSv1.2.
144
145       ssl_ciphers: string
146              List  of  ciphers  (in  OpenSSL cipher string format) to be sup‐
147              ported for SSL connections. The  default  when  this  option  is
148              omitted is HIGH:!aNULL:!MD5.
149
150     Common Columns:
151
152       The  overall purpose of these columns is described under Common Columns
153       at the beginning of this document.
154
155       external_ids: map of string-string pairs
156

Connection TABLE

158       Configuration for a database connection to  an  Open  vSwitch  database
159       (OVSDB) client.
160
161       This  table  primarily  configures  the  Open  vSwitch  database server
162       (ovsdb-server).
163
164       The Open vSwitch database server can initiate and maintain active  con‐
165       nections  to  remote  clients.  It can also listen for database connec‐
166       tions.
167
168   Summary:
169       Core Features:
170         target                      string (must be unique within table)
171       Client Failure Detection and Handling:
172         max_backoff                 optional integer, at least 1,000
173         inactivity_probe            optional integer
174       Status:
175         is_connected                boolean
176         status : last_error         optional string
177         status : state              optional string, one of ACTIVE,  BACKOFF,
178                                     CONNECTING, IDLE, or VOID
179         status : sec_since_connect  optional  string,  containing an integer,
180                                     at least 0
181         status : sec_since_disconnect
182                                     optional string, containing  an  integer,
183                                     at least 0
184         status : locks_held         optional string
185         status : locks_waiting      optional string
186         status : locks_lost         optional string
187         status : n_connections      optional  string,  containing an integer,
188                                     at least 2
189         status : bound_port         optional string, containing an integer
190       Common Columns:
191         external_ids                map of string-string pairs
192         other_config                map of string-string pairs
193
194   Details:
195     Core Features:
196
197       target: string (must be unique within table)
198              Connection methods for clients.
199
200              The following connection methods are currently supported:
201
202              ssl:host[:port]
203                     The specified SSL port on the host  at  the  given  host,
204                     which  can  either  be  a DNS name (if built with unbound
205                     library) or an IP address. A valid SSL configuration must
206                     be  provided  when  this form is used, this configuration
207                     can be specified via command-line options or the SSL  ta‐
208                     ble.
209
210                     If port is not specified, it defaults to 6640.
211
212                     SSL  support  is  an  optional feature that is not always
213                     built as part of Open vSwitch.
214
215              tcp:host[:port]
216                     The specified TCP port on the host  at  the  given  host,
217                     which  can  either  be  a DNS name (if built with unbound
218                     library) or an IP address. If host is  an  IPv6  address,
219                     wrap it in square brackets, e.g. tcp:[::1]:6640.
220
221                     If port is not specified, it defaults to 6640.
222
223              pssl:[port][:host]
224                     Listens  for  SSL  connections on the specified TCP port.
225                     Specify 0 for  port  to  have  the  kernel  automatically
226                     choose  an available port. If host, which can either be a
227                     DNS name  (if  built  with  unbound  library)  or  an  IP
228                     address, is specified, then connections are restricted to
229                     the resolved or specified local IPaddress (either IPv4 or
230                     IPv6 address). If host is an IPv6 address, wrap in square
231                     brackets, e.g. pssl:6640:[::1]. If host is not  specified
232                     then  it listens only on IPv4 (but not IPv6) addresses. A
233                     valid SSL configuration must be provided when  this  form
234                     is  used,  this  can be specified either via command-line
235                     options or the SSL table.
236
237                     If port is not specified, it defaults to 6640.
238
239                     SSL support is an optional feature  that  is  not  always
240                     built as part of Open vSwitch.
241
242              ptcp:[port][:host]
243                     Listens  for connections on the specified TCP port. Spec‐
244                     ify 0 for port to have the kernel automatically choose an
245                     available  port.  If host, which can either be a DNS name
246                     (if built with unbound library)  or  an  IP  address,  is
247                     specified,   then   connections  are  restricted  to  the
248                     resolved or specified local IP address  (either  IPv4  or
249                     IPv6  address).  If  host  is an IPv6 address, wrap it in
250                     square brackets, e.g. ptcp:6640:[::1].  If  host  is  not
251                     specified then it listens only on IPv4 addresses.
252
253                     If port is not specified, it defaults to 6640.
254
255              When  multiple clients are configured, the target values must be
256              unique. Duplicate target values yield unspecified results.
257
258     Client Failure Detection and Handling:
259
260       max_backoff: optional integer, at least 1,000
261              Maximum  number  of  milliseconds  to  wait  between  connection
262              attempts. Default is implementation-specific.
263
264       inactivity_probe: optional integer
265              Maximum number of milliseconds of idle time on connection to the
266              client before sending  an  inactivity  probe  message.  If  Open
267              vSwitch  does  not communicate with the client for the specified
268              number of seconds, it will send a probe. If a  response  is  not
269              received  for  the  same additional amount of time, Open vSwitch
270              assumes the connection has been broken and  attempts  to  recon‐
271              nect.  Default is implementation-specific. A value of 0 disables
272              inactivity probes.
273
274     Status:
275
276       Key-value pair of is_connected is always updated. Other key-value pairs
277       in the status columns may be updated depends on the target type.
278
279       When target specifies a connection method that listens for inbound con‐
280       nections (e.g. ptcp: or punix:), both  n_connections  and  is_connected
281       may also be updated while the remaining key-value pairs are omitted.
282
283       On  the  other  hand, when target specifies an outbound connection, all
284       key-value pairs may be updated, except  the  above-mentioned  two  key-
285       value  pairs associated with inbound connection targets. They are omit‐
286       ted.
287
288       is_connected: boolean
289              true if currently connected to this client, false otherwise.
290
291       status : last_error: optional string
292              A human-readable description of the last error on the connection
293              to  the  manager; i.e. strerror(errno). This key will exist only
294              if an error has occurred.
295
296       status : state: optional string, one of  ACTIVE,  BACKOFF,  CONNECTING,
297       IDLE, or VOID
298              The state of the connection to the manager:
299
300              VOID   Connection is disabled.
301
302              BACKOFF
303                     Attempting to reconnect at an increasing period.
304
305              CONNECTING
306                     Attempting to connect.
307
308              ACTIVE Connected, remote host responsive.
309
310              IDLE   Connection is idle. Waiting for response to keep-alive.
311
312              These  values  may  change in the future. They are provided only
313              for human consumption.
314
315       status : sec_since_connect: optional string, containing an integer,  at
316       least 0
317              The amount of time since this client last successfully connected
318              to the database (in seconds). Value is empty if client has never
319              successfully been connected.
320
321       status  : sec_since_disconnect: optional string, containing an integer,
322       at least 0
323              The amount of time since this client last disconnected from  the
324              database  (in  seconds). Value is empty if client has never dis‐
325              connected.
326
327       status : locks_held: optional string
328              Space-separated list of the names of OVSDB locks that  the  con‐
329              nection  holds.  Omitted  if  the  connection  does not hold any
330              locks.
331
332       status : locks_waiting: optional string
333              Space-separated list of the names of OVSDB locks that  the  con‐
334              nection  is currently waiting to acquire. Omitted if the connec‐
335              tion is not waiting for any locks.
336
337       status : locks_lost: optional string
338              Space-separated list of the names of OVSDB locks that  the  con‐
339              nection  has  had  stolen by another OVSDB client. Omitted if no
340              locks have been stolen from this connection.
341
342       status : n_connections: optional  string,  containing  an  integer,  at
343       least 2
344              When  target  specifies  a  connection  method  that listens for
345              inbound connections (e.g. ptcp: or pssl:) and more than one con‐
346              nection  is  actually  active, the value is the number of active
347              connections. Otherwise, this key-value pair is omitted.
348
349       status : bound_port: optional string, containing an integer
350              When target is ptcp: or pssl:, this is the TCP port on which the
351              OVSDB  server  is  listening.  (This is particularly useful when
352              target specifies a port of 0, allowing the kernel to choose  any
353              available port.)
354
355     Common Columns:
356
357       The  overall purpose of these columns is described under Common Columns
358       at the beginning of this document.
359
360       external_ids: map of string-string pairs
361
362       other_config: map of string-string pairs
363
364
365
366Open vSwitch 20.12.0            DB Schema 1.0.0                   ovn-ic-nb(5)
Impressum