1ovn-ic-nb(5) Open vSwitch Manual ovn-ic-nb(5)
2
3
4
6 ovn-ic-nb - OVN_IC_Northbound database schema
7
8 This database is the interface for cloud management system (CMS), such
9 as OpenStack, to configure OVN interconnection settings. The CMS pro‐
10 duces almost all of the contents of the database. The ovn-ic program
11 monitors the database contents, transforms it, and stores it into the
12 OVN_IC_Southbound database.
13
14 We generally speak of ``the’’ CMS, but one can imagine scenarios in
15 which multiple CMSes manage different parts of OVN interconnection.
16
17 External IDs
18 Each of the tables in this database contains a special column, named
19 external_ids. This column has the same form and purpose each place it
20 appears.
21
22 external_ids: map of string-string pairs
23 Key-value pairs for use by the CMS. The CMS might use
24 certain pairs, for example, to identify entities in its
25 own configuration that correspond to those in this data‐
26 base.
27
29 The following list summarizes the purpose of each of the tables in the
30 OVN_IC_Northbound database. Each table is described in more detail on
31 a later page.
32
33 Table Purpose
34 IC_NB_Global
35 IC Northbound configuration
36 Transit_Switch
37 Transit logical switch
38 SSL SSL configuration.
39 Connection
40 OVSDB client connections.
41
43 Northbound configuration for OVN interconnection. This table must have
44 exactly one row.
45
46 Summary:
47 Common Columns:
48 external_ids map of string-string pairs
49 Common options:
50 options map of string-string pairs
51 Connection Options:
52 connections set of Connections
53 ssl optional SSL
54
55 Details:
56 Common Columns:
57
58 external_ids: map of string-string pairs
59 See External IDs at the beginning of this document.
60
61 Common options:
62
63 options: map of string-string pairs
64 This column provides general key/value settings. The supported
65 options are described individually below.
66
67 Connection Options:
68
69 connections: set of Connections
70 Database clients to which the Open vSwitch database server
71 should connect or on which it should listen, along with options
72 for how these connections should be configured. See the Connec‐
73 tion table for more information.
74
75 ssl: optional SSL
76 Global SSL configuration.
77
79 Each row represents one transit logical switch for interconnection
80 between different OVN deployments (availability zones).
81
82 Summary:
83 Naming:
84 name string (must be unique within table)
85 Common Columns:
86 other_config map of string-string pairs
87 external_ids map of string-string pairs
88
89 Details:
90 Naming:
91
92 name: string (must be unique within table)
93 A name that uniquely identifies the transit logical switch.
94
95 Common Columns:
96
97 other_config: map of string-string pairs
98
99 external_ids: map of string-string pairs
100 See External IDs at the beginning of this document.
101
103 SSL configuration for ovn-nb database access.
104
105 Summary:
106 private_key string
107 certificate string
108 ca_cert string
109 bootstrap_ca_cert boolean
110 ssl_protocols string
111 ssl_ciphers string
112 Common Columns:
113 external_ids map of string-string pairs
114
115 Details:
116 private_key: string
117 Name of a PEM file containing the private key used as the
118 switch’s identity for SSL connections to the controller.
119
120 certificate: string
121 Name of a PEM file containing a certificate, signed by the cer‐
122 tificate authority (CA) used by the controller and manager, that
123 certifies the switch’s private key, identifying a trustworthy
124 switch.
125
126 ca_cert: string
127 Name of a PEM file containing the CA certificate used to verify
128 that the switch is connected to a trustworthy controller.
129
130 bootstrap_ca_cert: boolean
131 If set to true, then Open vSwitch will attempt to obtain the CA
132 certificate from the controller on its first SSL connection and
133 save it to the named PEM file. If it is successful, it will
134 immediately drop the connection and reconnect, and from then on
135 all SSL connections must be authenticated by a certificate
136 signed by the CA certificate thus obtained. This option exposes
137 the SSL connection to a man-in-the-middle attack obtaining the
138 initial CA certificate. It may still be useful for bootstrap‐
139 ping.
140
141 ssl_protocols: string
142 List of SSL protocols to be enabled for SSL connections. The
143 default when this option is omitted is TLSv1,TLSv1.1,TLSv1.2.
144
145 ssl_ciphers: string
146 List of ciphers (in OpenSSL cipher string format) to be sup‐
147 ported for SSL connections. The default when this option is
148 omitted is HIGH:!aNULL:!MD5.
149
150 Common Columns:
151
152 The overall purpose of these columns is described under Common Columns
153 at the beginning of this document.
154
155 external_ids: map of string-string pairs
156
158 Configuration for a database connection to an Open vSwitch database
159 (OVSDB) client.
160
161 This table primarily configures the Open vSwitch database server
162 (ovsdb-server).
163
164 The Open vSwitch database server can initiate and maintain active con‐
165 nections to remote clients. It can also listen for database connec‐
166 tions.
167
168 Summary:
169 Core Features:
170 target string (must be unique within table)
171 Client Failure Detection and Handling:
172 max_backoff optional integer, at least 1,000
173 inactivity_probe optional integer
174 Status:
175 is_connected boolean
176 status : last_error optional string
177 status : state optional string, one of ACTIVE, BACKOFF,
178 CONNECTING, IDLE, or VOID
179 status : sec_since_connect optional string, containing an integer,
180 at least 0
181 status : sec_since_disconnect
182 optional string, containing an integer,
183 at least 0
184 status : locks_held optional string
185 status : locks_waiting optional string
186 status : locks_lost optional string
187 status : n_connections optional string, containing an integer,
188 at least 2
189 status : bound_port optional string, containing an integer
190 Common Columns:
191 external_ids map of string-string pairs
192 other_config map of string-string pairs
193
194 Details:
195 Core Features:
196
197 target: string (must be unique within table)
198 Connection methods for clients.
199
200 The following connection methods are currently supported:
201
202 ssl:host[:port]
203 The specified SSL port on the host at the given host,
204 which can either be a DNS name (if built with unbound
205 library) or an IP address. A valid SSL configuration must
206 be provided when this form is used, this configuration
207 can be specified via command-line options or the SSL ta‐
208 ble.
209
210 If port is not specified, it defaults to 6640.
211
212 SSL support is an optional feature that is not always
213 built as part of Open vSwitch.
214
215 tcp:host[:port]
216 The specified TCP port on the host at the given host,
217 which can either be a DNS name (if built with unbound
218 library) or an IP address. If host is an IPv6 address,
219 wrap it in square brackets, e.g. tcp:[::1]:6640.
220
221 If port is not specified, it defaults to 6640.
222
223 pssl:[port][:host]
224 Listens for SSL connections on the specified TCP port.
225 Specify 0 for port to have the kernel automatically
226 choose an available port. If host, which can either be a
227 DNS name (if built with unbound library) or an IP
228 address, is specified, then connections are restricted to
229 the resolved or specified local IPaddress (either IPv4 or
230 IPv6 address). If host is an IPv6 address, wrap in square
231 brackets, e.g. pssl:6640:[::1]. If host is not specified
232 then it listens only on IPv4 (but not IPv6) addresses. A
233 valid SSL configuration must be provided when this form
234 is used, this can be specified either via command-line
235 options or the SSL table.
236
237 If port is not specified, it defaults to 6640.
238
239 SSL support is an optional feature that is not always
240 built as part of Open vSwitch.
241
242 ptcp:[port][:host]
243 Listens for connections on the specified TCP port. Spec‐
244 ify 0 for port to have the kernel automatically choose an
245 available port. If host, which can either be a DNS name
246 (if built with unbound library) or an IP address, is
247 specified, then connections are restricted to the
248 resolved or specified local IP address (either IPv4 or
249 IPv6 address). If host is an IPv6 address, wrap it in
250 square brackets, e.g. ptcp:6640:[::1]. If host is not
251 specified then it listens only on IPv4 addresses.
252
253 If port is not specified, it defaults to 6640.
254
255 When multiple clients are configured, the target values must be
256 unique. Duplicate target values yield unspecified results.
257
258 Client Failure Detection and Handling:
259
260 max_backoff: optional integer, at least 1,000
261 Maximum number of milliseconds to wait between connection
262 attempts. Default is implementation-specific.
263
264 inactivity_probe: optional integer
265 Maximum number of milliseconds of idle time on connection to the
266 client before sending an inactivity probe message. If Open
267 vSwitch does not communicate with the client for the specified
268 number of seconds, it will send a probe. If a response is not
269 received for the same additional amount of time, Open vSwitch
270 assumes the connection has been broken and attempts to recon‐
271 nect. Default is implementation-specific. A value of 0 disables
272 inactivity probes.
273
274 Status:
275
276 Key-value pair of is_connected is always updated. Other key-value pairs
277 in the status columns may be updated depends on the target type.
278
279 When target specifies a connection method that listens for inbound con‐
280 nections (e.g. ptcp: or punix:), both n_connections and is_connected
281 may also be updated while the remaining key-value pairs are omitted.
282
283 On the other hand, when target specifies an outbound connection, all
284 key-value pairs may be updated, except the above-mentioned two key-
285 value pairs associated with inbound connection targets. They are omit‐
286 ted.
287
288 is_connected: boolean
289 true if currently connected to this client, false otherwise.
290
291 status : last_error: optional string
292 A human-readable description of the last error on the connection
293 to the manager; i.e. strerror(errno). This key will exist only
294 if an error has occurred.
295
296 status : state: optional string, one of ACTIVE, BACKOFF, CONNECTING,
297 IDLE, or VOID
298 The state of the connection to the manager:
299
300 VOID Connection is disabled.
301
302 BACKOFF
303 Attempting to reconnect at an increasing period.
304
305 CONNECTING
306 Attempting to connect.
307
308 ACTIVE Connected, remote host responsive.
309
310 IDLE Connection is idle. Waiting for response to keep-alive.
311
312 These values may change in the future. They are provided only
313 for human consumption.
314
315 status : sec_since_connect: optional string, containing an integer, at
316 least 0
317 The amount of time since this client last successfully connected
318 to the database (in seconds). Value is empty if client has never
319 successfully been connected.
320
321 status : sec_since_disconnect: optional string, containing an integer,
322 at least 0
323 The amount of time since this client last disconnected from the
324 database (in seconds). Value is empty if client has never dis‐
325 connected.
326
327 status : locks_held: optional string
328 Space-separated list of the names of OVSDB locks that the con‐
329 nection holds. Omitted if the connection does not hold any
330 locks.
331
332 status : locks_waiting: optional string
333 Space-separated list of the names of OVSDB locks that the con‐
334 nection is currently waiting to acquire. Omitted if the connec‐
335 tion is not waiting for any locks.
336
337 status : locks_lost: optional string
338 Space-separated list of the names of OVSDB locks that the con‐
339 nection has had stolen by another OVSDB client. Omitted if no
340 locks have been stolen from this connection.
341
342 status : n_connections: optional string, containing an integer, at
343 least 2
344 When target specifies a connection method that listens for
345 inbound connections (e.g. ptcp: or pssl:) and more than one con‐
346 nection is actually active, the value is the number of active
347 connections. Otherwise, this key-value pair is omitted.
348
349 status : bound_port: optional string, containing an integer
350 When target is ptcp: or pssl:, this is the TCP port on which the
351 OVSDB server is listening. (This is particularly useful when
352 target specifies a port of 0, allowing the kernel to choose any
353 available port.)
354
355 Common Columns:
356
357 The overall purpose of these columns is described under Common Columns
358 at the beginning of this document.
359
360 external_ids: map of string-string pairs
361
362 other_config: map of string-string pairs
363
364
365
366Open vSwitch 20.12.0 DB Schema 1.0.0 ovn-ic-nb(5)