1ovn-ic-sb(5) Open vSwitch Manual ovn-ic-sb(5)
2
3
4
6 ovn-ic-sb - OVN_IC_Southbound database schema
7
8 This database holds configuration and state for interconnecting differ‐
9 ent OVN deployments. The content of the database is populated and used
10 by the ovn-ic program in each OVN deployment, and not supposed to be
11 directly used by CMS or end user.
12
13 The OVN Interconnection Southbound database is shared by ovn-ic program
14 in each OVN deployment. It contains interconnection information from
15 all related OVN deployments, and is used as the intermediate store for
16 each OVN deployment to exchange the information. The ovn-ic program in
17 each deployment is responsible for syncing the data between this data‐
18 base and the its own northbound and southbound databases.
19
20 Database Structure
21 The OVN Interconnection Southbound database contains classes of data
22 with different properties, as described in the sections below.
23
24 Availability Zone Specific Information
25
26 These tables contain objects that are availability zone specific. Each
27 object is owned and populated by one availability zone, and read by
28 other availability zones.
29
30 The Availability_Zone, Gateway, Encap and Port_Binding tables are the
31 availability zone specific tables.
32
33 Global Information
34
35 The data that does not belong to any specific availability zone but is
36 common for all availability zones.
37
38 The Datapath_Binding table contains the common datapath binding infor‐
39 mation.
40
41 Common Columns
42
43 Each of the tables in this database contains a special column, named
44 external_ids. This column has the same form and purpose each place it
45 appears.
46
47 external_ids: map of string-string pairs
48 Key-value pairs for use by ovn-ic.
49
51 The following list summarizes the purpose of each of the tables in the
52 OVN_IC_Southbound database. Each table is described in more detail on
53 a later page.
54
55 Table Purpose
56 IC_SB_Global
57 IC Southbound configuration
58 Availability_Zone
59 Availability Zone Information
60 Gateway Interconnection Gateway Information
61 Encap Encapsulation Types
62 Datapath_Binding
63 Transit Switch Datapath Bindings
64 Port_Binding
65 Transit Port Bindings
66 Route Route
67 Connection
68 OVSDB client connections.
69 SSL SSL configuration.
70
72 Interconnection Southbound configuration. This table must have exactly
73 one row.
74
75 Summary:
76 Common Columns:
77 external_ids map of string-string pairs
78 options map of string-string pairs
79 Connection Options:
80 connections set of Connections
81 ssl optional SSL
82
83 Details:
84 Common Columns:
85
86 external_ids: map of string-string pairs
87 See External IDs at the beginning of this document.
88
89 options: map of string-string pairs
90
91 Connection Options:
92
93 connections: set of Connections
94 Database clients to which the Open vSwitch database server
95 should connect or on which it should listen, along with options
96 for how these connections should be configured. See the Connec‐
97 tion table for more information.
98
99 ssl: optional SSL
100 Global SSL configuration.
101
103 Each row in this table represents an Availability Zone. Each OVN de‐
104 ployment is considered an availability zone from OVN control plane per‐
105 spective, with its own central components, such as northbound and
106 southbound databases and ovn-northd daemon.
107
108 Summary:
109 name string (must be unique within table)
110
111 Details:
112 name: string (must be unique within table)
113 A name that uniquely identifies the availability zone.
114
116 Each row in this table represents a interconnection gateway chassis in
117 an availability zone.
118
119 Summary:
120 name string (must be unique within table)
121 availability_zone Availability_Zone
122 hostname string
123 Common Columns:
124 external_ids map of string-string pairs
125 Encapsulation Configuration:
126 encaps set of 1 or more Encaps
127
128 Details:
129 name: string (must be unique within table)
130 The name of the gateway. See name column of the OVN Southbound
131 database’s Chassis table.
132
133 availability_zone: Availability_Zone
134 The availabilty zone that the gateway belongs to.
135
136 hostname: string
137 The hostname of the gateway.
138
139 Common Columns:
140
141 The overall purpose of these columns is described under Common Columns
142 at the beginning of this document.
143
144 external_ids: map of string-string pairs
145
146 Encapsulation Configuration:
147
148 OVN uses encapsulation to transmit logical dataplane packets between
149 gateways.
150
151 encaps: set of 1 or more Encaps
152 Points to supported encapsulation configurations to transmit
153 logical dataplane packets to this gateway. Each entry is a Encap
154 record that describes the configuration. See encaps column of
155 the OVN Southbound database’s Chassis table.
157 The encaps column in the Gateway table refers to rows in this table to
158 identify how OVN may transmit logical dataplane packets to this gate‐
159 way.
160
161 Summary:
162 type string, one of geneve, stt, or vxlan
163 options map of string-string pairs
164 ip string
165 gateway_name string
166
167 Details:
168 type: string, one of geneve, stt, or vxlan
169 The encapsulation to use to transmit packets to this gateway.
170 See type column of the OVN Southbound database’s Encap table.
171
172 options: map of string-string pairs
173 Options for configuring the encapsulation, which may be type
174 specific. See options column of the OVN Southbound database’s
175 Encap table.
176
177 ip: string
178 The IPv4 address of the encapsulation tunnel endpoint.
179
180 gateway_name: string
181 The name of the gateway that created this encap.
182
184 Each row in this table represents a logical datapath for a transit log‐
185 ical switch configured in the OVN Interconnection Northbound database’s
186 Transit_Switch table.
187
188 Summary:
189 transit_switch string
190 tunnel_key integer, in range 1 to 16,777,215 (must
191 be unique within table)
192 Common Columns:
193 external_ids map of string-string pairs
194
195 Details:
196 transit_switch: string
197 The name of the transit logical switch that is configured in the
198 OVN Interconnection Northbound database’s Transit_Switch table.
199
200 tunnel_key: integer, in range 1 to 16,777,215 (must be unique within
201 table)
202 The tunnel key value to which the logical datapath is bound. The
203 key can be generated by any ovn-ic but the same key is shared by
204 all availability zones so that the logical datapaths can be
205 peered across them. A tunnel key for transit switch datapath
206 binding must be globally unique.
207
208 For more information about the meanings of a tunnel key, see
209 tunnel_key column of the OVN Southbound database’s Data‐
210 path_Binding table.
211
212 Common Columns:
213
214 The overall purpose of these columns is described under Common Columns
215 at the beginning of this document.
216
217 external_ids: map of string-string pairs
218
220 Each row in this table binds a logical port on the transit switch to a
221 physical gateway and a tunnel key. Each port on the transit switch be‐
222 longs to a specific availability zone.
223
224 Summary:
225 Core Features:
226 transit_switch string
227 logical_port string (must be unique within table)
228 availability_zone Availability_Zone
229 encap optional weak reference to Encap
230 gateway string
231 tunnel_key integer, in range 1 to 32,767
232 address string
233 Common Columns:
234 external_ids map of string-string pairs
235
236 Details:
237 Core Features:
238
239 transit_switch: string
240 The name of the transit switch that the corresponding logical
241 port belongs to.
242
243 logical_port: string (must be unique within table)
244 A logical port, taken from name in the OVN_Northbound database’s
245 Logical_Switch_Port table. The logical port name must be unique
246 across all availability zones.
247
248 availability_zone: Availability_Zone
249 The availability zone that the port belongs to.
250
251 encap: optional weak reference to Encap
252 Points to supported encapsulation configurations to transmit
253 logical dataplane packets to this gateway. Each entry is a Encap
254 record that describes the configuration.
255
256 gateway: string
257 The name of the gateway that this port is physically located.
258
259 tunnel_key: integer, in range 1 to 32,767
260 A number that represents the logical port in the key (e.g. STT
261 key or Geneve TLV) field carried within tunnel protocol packets.
262 The key can be generated by any ovn-ic but the same key is
263 shared by all availability zones so that the packets can go
264 through the datapath pipelines of different availability zones.
265
266 The tunnel ID must be unique within the scope of a logical data‐
267 path.
268
269 For more information about tunnel key, see tunnel_key column of
270 the OVN Southbound database’s Port_Binding table.
271
272 address: string
273 The Ethernet address and IP addresses used by the corresponding
274 logical router port peering with the transit switch port. It is
275 a string combined with the value of mac column followed by the
276 values in networks column in Logical_Router_Port table.
277
278 Common Columns:
279
280 external_ids: map of string-string pairs
281 See External IDs at the beginning of this document.
282
284 Each row in this table represents a route advertised.
285
286 Summary:
287 Core Features:
288 transit_switch string
289 availability_zone Availability_Zone
290 ip_prefix string
291 nexthop string
292 Common Columns:
293 external_ids map of string-string pairs
294
295 Details:
296 Core Features:
297
298 transit_switch: string
299 The name of the transit switch, upon which the route is adver‐
300 tised.
301
302 availability_zone: Availability_Zone
303 The availability zone that has advertised the route.
304
305 ip_prefix: string
306 IP prefix of this route (e.g. 192.168.100.0/24).
307
308 nexthop: string
309 Nexthop IP address for this route.
310
311 Common Columns:
312
313 external_ids: map of string-string pairs
314 See External IDs at the beginning of this document.
315
317 Configuration for a database connection to an Open vSwitch database
318 (OVSDB) client.
319
320 This table primarily configures the Open vSwitch database server
321 (ovsdb-server).
322
323 The Open vSwitch database server can initiate and maintain active con‐
324 nections to remote clients. It can also listen for database connec‐
325 tions.
326
327 Summary:
328 Core Features:
329 target string (must be unique within table)
330 Client Failure Detection and Handling:
331 max_backoff optional integer, at least 1,000
332 inactivity_probe optional integer
333 Status:
334 is_connected boolean
335 status : last_error optional string
336 status : state optional string, one of ACTIVE, BACKOFF,
337 CONNECTING, IDLE, or VOID
338 status : sec_since_connect optional string, containing an integer,
339 at least 0
340 status : sec_since_disconnect
341 optional string, containing an integer,
342 at least 0
343 status : locks_held optional string
344 status : locks_waiting optional string
345 status : locks_lost optional string
346 status : n_connections optional string, containing an integer,
347 at least 2
348 status : bound_port optional string, containing an integer
349 Common Columns:
350 external_ids map of string-string pairs
351 other_config map of string-string pairs
352
353 Details:
354 Core Features:
355
356 target: string (must be unique within table)
357 Connection methods for clients.
358
359 The following connection methods are currently supported:
360
361 ssl:host[:port]
362 The specified SSL port on the given host, which can ei‐
363 ther be a DNS name (if built with unbound library) or an
364 IP address. A valid SSL configuration must be provided
365 when this form is used, this configuration can be speci‐
366 fied via command-line options or the SSL table.
367
368 If port is not specified, it defaults to 6640.
369
370 SSL support is an optional feature that is not always
371 built as part of Open vSwitch.
372
373 tcp:host[:port]
374 The specified TCP port on the given host, which can ei‐
375 ther be a DNS name (if built with unbound library) or an
376 IP address (IPv4 or IPv6). If host is an IPv6 address,
377 wrap it in square brackets, e.g. tcp:[::1]:6640.
378
379 If port is not specified, it defaults to 6640.
380
381 pssl:[port][:host]
382 Listens for SSL connections on the specified TCP port.
383 Specify 0 for port to have the kernel automatically
384 choose an available port. If host, which can either be a
385 DNS name (if built with unbound library) or an IP ad‐
386 dress, is specified, then connections are restricted to
387 the resolved or specified local IP address (either IPv4
388 or IPv6 address). If host is an IPv6 address, wrap in
389 square brackets, e.g. pssl:6640:[::1]. If host is not
390 specified then it listens only on IPv4 (but not IPv6) ad‐
391 dresses. A valid SSL configuration must be provided when
392 this form is used, this can be specified either via com‐
393 mand-line options or the SSL table.
394
395 If port is not specified, it defaults to 6640.
396
397 SSL support is an optional feature that is not always
398 built as part of Open vSwitch.
399
400 ptcp:[port][:host]
401 Listens for connections on the specified TCP port. Spec‐
402 ify 0 for port to have the kernel automatically choose an
403 available port. If host, which can either be a DNS name
404 (if built with unbound library) or an IP address, is
405 specified, then connections are restricted to the re‐
406 solved or specified local IP address (either IPv4 or IPv6
407 address). If host is an IPv6 address, wrap it in square
408 brackets, e.g. ptcp:6640:[::1]. If host is not specified
409 then it listens only on IPv4 addresses.
410
411 If port is not specified, it defaults to 6640.
412
413 When multiple clients are configured, the target values must be
414 unique. Duplicate target values yield unspecified results.
415
416 Client Failure Detection and Handling:
417
418 max_backoff: optional integer, at least 1,000
419 Maximum number of milliseconds to wait between connection at‐
420 tempts. Default is implementation-specific.
421
422 inactivity_probe: optional integer
423 Maximum number of milliseconds of idle time on connection to the
424 client before sending an inactivity probe message. If Open
425 vSwitch does not communicate with the client for the specified
426 number of seconds, it will send a probe. If a response is not
427 received for the same additional amount of time, Open vSwitch
428 assumes the connection has been broken and attempts to recon‐
429 nect. Default is implementation-specific. A value of 0 disables
430 inactivity probes.
431
432 Status:
433
434 Key-value pair of is_connected is always updated. Other key-value pairs
435 in the status columns may be updated depends on the target type.
436
437 When target specifies a connection method that listens for inbound con‐
438 nections (e.g. ptcp: or punix:), both n_connections and is_connected
439 may also be updated while the remaining key-value pairs are omitted.
440
441 On the other hand, when target specifies an outbound connection, all
442 key-value pairs may be updated, except the above-mentioned two key-
443 value pairs associated with inbound connection targets. They are omit‐
444 ted.
445
446 is_connected: boolean
447 true if currently connected to this client, false otherwise.
448
449 status : last_error: optional string
450 A human-readable description of the last error on the connection
451 to the manager; i.e. strerror(errno). This key will exist only
452 if an error has occurred.
453
454 status : state: optional string, one of ACTIVE, BACKOFF, CONNECTING,
455 IDLE, or VOID
456 The state of the connection to the manager:
457
458 VOID Connection is disabled.
459
460 BACKOFF
461 Attempting to reconnect at an increasing period.
462
463 CONNECTING
464 Attempting to connect.
465
466 ACTIVE Connected, remote host responsive.
467
468 IDLE Connection is idle. Waiting for response to keep-alive.
469
470 These values may change in the future. They are provided only
471 for human consumption.
472
473 status : sec_since_connect: optional string, containing an integer, at
474 least 0
475 The amount of time since this client last successfully connected
476 to the database (in seconds). Value is empty if client has never
477 successfully been connected.
478
479 status : sec_since_disconnect: optional string, containing an integer,
480 at least 0
481 The amount of time since this client last disconnected from the
482 database (in seconds). Value is empty if client has never dis‐
483 connected.
484
485 status : locks_held: optional string
486 Space-separated list of the names of OVSDB locks that the con‐
487 nection holds. Omitted if the connection does not hold any
488 locks.
489
490 status : locks_waiting: optional string
491 Space-separated list of the names of OVSDB locks that the con‐
492 nection is currently waiting to acquire. Omitted if the connec‐
493 tion is not waiting for any locks.
494
495 status : locks_lost: optional string
496 Space-separated list of the names of OVSDB locks that the con‐
497 nection has had stolen by another OVSDB client. Omitted if no
498 locks have been stolen from this connection.
499
500 status : n_connections: optional string, containing an integer, at
501 least 2
502 When target specifies a connection method that listens for in‐
503 bound connections (e.g. ptcp: or pssl:) and more than one con‐
504 nection is actually active, the value is the number of active
505 connections. Otherwise, this key-value pair is omitted.
506
507 status : bound_port: optional string, containing an integer
508 When target is ptcp: or pssl:, this is the TCP port on which the
509 OVSDB server is listening. (This is particularly useful when
510 target specifies a port of 0, allowing the kernel to choose any
511 available port.)
512
513 Common Columns:
514
515 The overall purpose of these columns is described under Common Columns
516 at the beginning of this document.
517
518 external_ids: map of string-string pairs
519
520 other_config: map of string-string pairs
521
523 SSL configuration for ovn-sb database access.
524
525 Summary:
526 private_key string
527 certificate string
528 ca_cert string
529 bootstrap_ca_cert boolean
530 ssl_protocols string
531 ssl_ciphers string
532 Common Columns:
533 external_ids map of string-string pairs
534
535 Details:
536 private_key: string
537 Name of a PEM file containing the private key used as the
538 switch’s identity for SSL connections to the controller.
539
540 certificate: string
541 Name of a PEM file containing a certificate, signed by the cer‐
542 tificate authority (CA) used by the controller and manager, that
543 certifies the switch’s private key, identifying a trustworthy
544 switch.
545
546 ca_cert: string
547 Name of a PEM file containing the CA certificate used to verify
548 that the switch is connected to a trustworthy controller.
549
550 bootstrap_ca_cert: boolean
551 If set to true, then Open vSwitch will attempt to obtain the CA
552 certificate from the controller on its first SSL connection and
553 save it to the named PEM file. If it is successful, it will im‐
554 mediately drop the connection and reconnect, and from then on
555 all SSL connections must be authenticated by a certificate
556 signed by the CA certificate thus obtained. This option exposes
557 the SSL connection to a man-in-the-middle attack obtaining the
558 initial CA certificate. It may still be useful for bootstrap‐
559 ping.
560
561 ssl_protocols: string
562 List of SSL protocols to be enabled for SSL connections. The de‐
563 fault when this option is omitted is TLSv1,TLSv1.1,TLSv1.2.
564
565 ssl_ciphers: string
566 List of ciphers (in OpenSSL cipher string format) to be sup‐
567 ported for SSL connections. The default when this option is
568 omitted is HIGH:!aNULL:!MD5.
569
570 Common Columns:
571
572 The overall purpose of these columns is described under Common Columns
573 at the beginning of this document.
574
575 external_ids: map of string-string pairs
576
577
578
579Open vSwitch 21.03.1 DB Schema 1.0.0 ovn-ic-sb(5)