1ovn-ic-sb(5)                  Open vSwitch Manual                 ovn-ic-sb(5)
2
3
4

NAME

6       ovn-ic-sb - OVN_IC_Southbound database schema
7
8       This database holds configuration and state for interconnecting differ‐
9       ent OVN deployments. The content of the database is populated and  used
10       by  the  ovn-ic  program in each OVN deployment, and not supposed to be
11       directly used by CMS or end user.
12
13       The OVN Interconnection Southbound database is shared by ovn-ic program
14       in  each  OVN  deployment. It contains interconnection information from
15       all related OVN deployments, and is used as the intermediate store  for
16       each  OVN deployment to exchange the information. The ovn-ic program in
17       each deployment is responsible for syncing the data between this  data‐
18       base and the its own northbound and southbound databases.
19
20   Database Structure
21       The  OVN  Interconnection  Southbound database contains classes of data
22       with different properties, as described in the sections below.
23
24     Availability Zone Specific Information
25
26       These tables contain objects that are availability zone specific.  Each
27       object  is  owned  and  populated by one availability zone, and read by
28       other availability zones.
29
30       The Availability_Zone, Gateway, Encap and Port_Binding tables  are  the
31       availability zone specific tables.
32
33     Global Information
34
35       The  data that does not belong to any specific availability zone but is
36       common for all availability zones.
37
38       The Datapath_Binding table contains the common datapath binding  infor‐
39       mation.
40
41     Common Columns
42
43       Each  of  the  tables in this database contains a special column, named
44       external_ids. This column has the same form and purpose each  place  it
45       appears.
46
47              external_ids: map of string-string pairs
48                     Key-value pairs for use by ovn-ic.
49

TABLE SUMMARY

51       The  following list summarizes the purpose of each of the tables in the
52       OVN_IC_Southbound database.  Each table is described in more detail  on
53       a later page.
54
55       Table     Purpose
56       IC_SB_Global
57                 IC Southbound configuration
58       Availability_Zone
59                 Availability Zone Information
60       Gateway   Interconnection Gateway Information
61       Encap     Encapsulation Types
62       Datapath_Binding
63                 Transit Switch Datapath Bindings
64       Port_Binding
65                 Transit Port Bindings
66       Route     Route
67       Connection
68                 OVSDB client connections.
69       SSL       SSL configuration.
70

IC_SB_Global TABLE

72       Interconnection  Southbound configuration. This table must have exactly
73       one row.
74
75   Summary:
76       Common Columns:
77         external_ids                map of string-string pairs
78         options                     map of string-string pairs
79       Connection Options:
80         connections                 set of Connections
81         ssl                         optional SSL
82
83   Details:
84     Common Columns:
85
86       external_ids: map of string-string pairs
87              See External IDs at the beginning of this document.
88
89       options: map of string-string pairs
90
91     Connection Options:
92
93       connections: set of Connections
94              Database clients to  which  the  Open  vSwitch  database  server
95              should  connect or on which it should listen, along with options
96              for how these connections should be configured. See the  Connec‐
97              tion table for more information.
98
99       ssl: optional SSL
100              Global SSL configuration.
101

Availability_Zone TABLE

103       Each  row  in  this table represents an Availability Zone. Each OVN de‐
104       ployment is considered an availability zone from OVN control plane per‐
105       spective,  with  its  own  central  components,  such as northbound and
106       southbound databases and ovn-northd daemon.
107
108   Summary:
109       name                          string (must be unique within table)
110
111   Details:
112       name: string (must be unique within table)
113              A name that uniquely identifies the availability zone.
114

Gateway TABLE

116       Each row in this table represents a interconnection gateway chassis  in
117       an availability zone.
118
119   Summary:
120       name                          string (must be unique within table)
121       availability_zone             Availability_Zone
122       hostname                      string
123       Common Columns:
124         external_ids                map of string-string pairs
125       Encapsulation Configuration:
126         encaps                      set of 1 or more Encaps
127
128   Details:
129       name: string (must be unique within table)
130              The  name  of the gateway. See name column of the OVN Southbound
131              database’s Chassis table.
132
133       availability_zone: Availability_Zone
134              The availabilty zone that the gateway belongs to.
135
136       hostname: string
137              The hostname of the gateway.
138
139     Common Columns:
140
141       The overall purpose of these columns is described under Common  Columns
142       at the beginning of this document.
143
144       external_ids: map of string-string pairs
145
146     Encapsulation Configuration:
147
148       OVN  uses  encapsulation  to transmit logical dataplane packets between
149       gateways.
150
151       encaps: set of 1 or more Encaps
152              Points to supported  encapsulation  configurations  to  transmit
153              logical dataplane packets to this gateway. Each entry is a Encap
154              record that describes the configuration. See  encaps  column  of
155              the OVN Southbound database’s Chassis table.

Encap TABLE

157       The  encaps column in the Gateway table refers to rows in this table to
158       identify how OVN may transmit logical dataplane packets to  this  gate‐
159       way.
160
161   Summary:
162       type                          string, one of geneve, stt, or vxlan
163       options                       map of string-string pairs
164       ip                            string
165       gateway_name                  string
166
167   Details:
168       type: string, one of geneve, stt, or vxlan
169              The  encapsulation  to  use to transmit packets to this gateway.
170              See type column of the OVN Southbound database’s Encap table.
171
172       options: map of string-string pairs
173              Options for configuring the encapsulation,  which  may  be  type
174              specific.  See  options  column of the OVN Southbound database’s
175              Encap table.
176
177       ip: string
178              The IPv4 address of the encapsulation tunnel endpoint.
179
180       gateway_name: string
181              The name of the gateway that created this encap.
182

Datapath_Binding TABLE

184       Each row in this table represents a logical datapath for a transit log‐
185       ical switch configured in the OVN Interconnection Northbound database’s
186       Transit_Switch table.
187
188   Summary:
189       transit_switch                string
190       tunnel_key                    integer, in range 1 to  16,777,215  (must
191                                     be unique within table)
192       Common Columns:
193         external_ids                map of string-string pairs
194
195   Details:
196       transit_switch: string
197              The name of the transit logical switch that is configured in the
198              OVN Interconnection Northbound database’s Transit_Switch table.
199
200       tunnel_key: integer, in range 1 to 16,777,215 (must  be  unique  within
201       table)
202              The tunnel key value to which the logical datapath is bound. The
203              key can be generated by any ovn-ic but the same key is shared by
204              all  availability  zones  so  that  the logical datapaths can be
205              peered across them. A tunnel key  for  transit  switch  datapath
206              binding must be globally unique.
207
208              For  more  information  about  the meanings of a tunnel key, see
209              tunnel_key  column  of  the  OVN  Southbound  database’s   Data‐
210              path_Binding table.
211
212     Common Columns:
213
214       The  overall purpose of these columns is described under Common Columns
215       at the beginning of this document.
216
217       external_ids: map of string-string pairs
218

Port_Binding TABLE

220       Each row in this table binds a logical port on the transit switch to  a
221       physical  gateway and a tunnel key. Each port on the transit switch be‐
222       longs to a specific availability zone.
223
224   Summary:
225       Core Features:
226         transit_switch              string
227         logical_port                string (must be unique within table)
228         availability_zone           Availability_Zone
229         encap                       optional weak reference to Encap
230         gateway                     string
231         tunnel_key                  integer, in range 1 to 32,767
232         address                     string
233       Common Columns:
234         external_ids                map of string-string pairs
235
236   Details:
237     Core Features:
238
239       transit_switch: string
240              The name of the transit switch that  the  corresponding  logical
241              port belongs to.
242
243       logical_port: string (must be unique within table)
244              A logical port, taken from name in the OVN_Northbound database’s
245              Logical_Switch_Port table. The logical port name must be  unique
246              across all availability zones.
247
248       availability_zone: Availability_Zone
249              The availability zone that the port belongs to.
250
251       encap: optional weak reference to Encap
252              Points  to  supported  encapsulation  configurations to transmit
253              logical dataplane packets to this gateway. Each entry is a Encap
254              record that describes the configuration.
255
256       gateway: string
257              The name of the gateway that this port is physically located.
258
259       tunnel_key: integer, in range 1 to 32,767
260              A  number  that represents the logical port in the key (e.g. STT
261              key or Geneve TLV) field carried within tunnel protocol packets.
262              The  key  can  be  generated  by  any ovn-ic but the same key is
263              shared by all availability zones so  that  the  packets  can  go
264              through the datapath pipelines of different availability zones.
265
266              The tunnel ID must be unique within the scope of a logical data‐
267              path.
268
269              For more information about tunnel key, see tunnel_key column  of
270              the OVN Southbound database’s Port_Binding table.
271
272       address: string
273              The  Ethernet address and IP addresses used by the corresponding
274              logical router port peering with the transit switch port. It  is
275              a  string  combined with the value of mac column followed by the
276              values in networks column in Logical_Router_Port table.
277
278     Common Columns:
279
280       external_ids: map of string-string pairs
281              See External IDs at the beginning of this document.
282

Route TABLE

284       Each row in this table represents a route advertised.
285
286   Summary:
287       Core Features:
288         transit_switch              string
289         availability_zone           Availability_Zone
290         ip_prefix                   string
291         nexthop                     string
292       Common Columns:
293         external_ids                map of string-string pairs
294
295   Details:
296     Core Features:
297
298       transit_switch: string
299              The name of the transit switch, upon which the route  is  adver‐
300              tised.
301
302       availability_zone: Availability_Zone
303              The availability zone that has advertised the route.
304
305       ip_prefix: string
306              IP prefix of this route (e.g. 192.168.100.0/24).
307
308       nexthop: string
309              Nexthop IP address for this route.
310
311     Common Columns:
312
313       external_ids: map of string-string pairs
314              See External IDs at the beginning of this document.
315

Connection TABLE

317       Configuration  for  a  database  connection to an Open vSwitch database
318       (OVSDB) client.
319
320       This table  primarily  configures  the  Open  vSwitch  database  server
321       (ovsdb-server).
322
323       The  Open vSwitch database server can initiate and maintain active con‐
324       nections to remote clients. It can also  listen  for  database  connec‐
325       tions.
326
327   Summary:
328       Core Features:
329         target                      string (must be unique within table)
330       Client Failure Detection and Handling:
331         max_backoff                 optional integer, at least 1,000
332         inactivity_probe            optional integer
333       Status:
334         is_connected                boolean
335         status : last_error         optional string
336         status : state              optional  string, one of ACTIVE, BACKOFF,
337                                     CONNECTING, IDLE, or VOID
338         status : sec_since_connect  optional string, containing  an  integer,
339                                     at least 0
340         status : sec_since_disconnect
341                                     optional  string,  containing an integer,
342                                     at least 0
343         status : locks_held         optional string
344         status : locks_waiting      optional string
345         status : locks_lost         optional string
346         status : n_connections      optional string, containing  an  integer,
347                                     at least 2
348         status : bound_port         optional string, containing an integer
349       Common Columns:
350         external_ids                map of string-string pairs
351         other_config                map of string-string pairs
352
353   Details:
354     Core Features:
355
356       target: string (must be unique within table)
357              Connection methods for clients.
358
359              The following connection methods are currently supported:
360
361              ssl:host[:port]
362                     The  specified  SSL port on the given host, which can ei‐
363                     ther be a DNS name (if built with unbound library) or  an
364                     IP  address.  A  valid SSL configuration must be provided
365                     when this form is used, this configuration can be  speci‐
366                     fied via command-line options or the SSL table.
367
368                     If port is not specified, it defaults to 6640.
369
370                     SSL  support  is  an  optional feature that is not always
371                     built as part of Open vSwitch.
372
373              tcp:host[:port]
374                     The specified TCP port on the given host, which  can  ei‐
375                     ther  be a DNS name (if built with unbound library) or an
376                     IP address (IPv4 or IPv6). If host is  an  IPv6  address,
377                     wrap it in square brackets, e.g. tcp:[::1]:6640.
378
379                     If port is not specified, it defaults to 6640.
380
381              pssl:[port][:host]
382                     Listens  for  SSL  connections on the specified TCP port.
383                     Specify 0 for  port  to  have  the  kernel  automatically
384                     choose  an available port. If host, which can either be a
385                     DNS name (if built with unbound library)  or  an  IP  ad‐
386                     dress,  is  specified, then connections are restricted to
387                     the resolved or specified local IP address  (either  IPv4
388                     or  IPv6  address).  If  host is an IPv6 address, wrap in
389                     square brackets, e.g. pssl:6640:[::1].  If  host  is  not
390                     specified then it listens only on IPv4 (but not IPv6) ad‐
391                     dresses. A valid SSL configuration must be provided  when
392                     this  form is used, this can be specified either via com‐
393                     mand-line options or the SSL table.
394
395                     If port is not specified, it defaults to 6640.
396
397                     SSL support is an optional feature  that  is  not  always
398                     built as part of Open vSwitch.
399
400              ptcp:[port][:host]
401                     Listens  for connections on the specified TCP port. Spec‐
402                     ify 0 for port to have the kernel automatically choose an
403                     available  port.  If host, which can either be a DNS name
404                     (if built with unbound library)  or  an  IP  address,  is
405                     specified,  then  connections  are  restricted to the re‐
406                     solved or specified local IP address (either IPv4 or IPv6
407                     address).  If  host is an IPv6 address, wrap it in square
408                     brackets, e.g. ptcp:6640:[::1]. If host is not  specified
409                     then it listens only on IPv4 addresses.
410
411                     If port is not specified, it defaults to 6640.
412
413              When  multiple clients are configured, the target values must be
414              unique. Duplicate target values yield unspecified results.
415
416     Client Failure Detection and Handling:
417
418       max_backoff: optional integer, at least 1,000
419              Maximum number of milliseconds to wait  between  connection  at‐
420              tempts. Default is implementation-specific.
421
422       inactivity_probe: optional integer
423              Maximum number of milliseconds of idle time on connection to the
424              client before sending  an  inactivity  probe  message.  If  Open
425              vSwitch  does  not communicate with the client for the specified
426              number of seconds, it will send a probe. If a  response  is  not
427              received  for  the  same additional amount of time, Open vSwitch
428              assumes the connection has been broken and  attempts  to  recon‐
429              nect.  Default is implementation-specific. A value of 0 disables
430              inactivity probes.
431
432     Status:
433
434       Key-value pair of is_connected is always updated. Other key-value pairs
435       in the status columns may be updated depends on the target type.
436
437       When target specifies a connection method that listens for inbound con‐
438       nections (e.g. ptcp: or punix:), both  n_connections  and  is_connected
439       may also be updated while the remaining key-value pairs are omitted.
440
441       On  the  other  hand, when target specifies an outbound connection, all
442       key-value pairs may be updated, except  the  above-mentioned  two  key-
443       value  pairs associated with inbound connection targets. They are omit‐
444       ted.
445
446       is_connected: boolean
447              true if currently connected to this client, false otherwise.
448
449       status : last_error: optional string
450              A human-readable description of the last error on the connection
451              to  the  manager; i.e. strerror(errno). This key will exist only
452              if an error has occurred.
453
454       status : state: optional string, one of  ACTIVE,  BACKOFF,  CONNECTING,
455       IDLE, or VOID
456              The state of the connection to the manager:
457
458              VOID   Connection is disabled.
459
460              BACKOFF
461                     Attempting to reconnect at an increasing period.
462
463              CONNECTING
464                     Attempting to connect.
465
466              ACTIVE Connected, remote host responsive.
467
468              IDLE   Connection is idle. Waiting for response to keep-alive.
469
470              These  values  may  change in the future. They are provided only
471              for human consumption.
472
473       status : sec_since_connect: optional string, containing an integer,  at
474       least 0
475              The amount of time since this client last successfully connected
476              to the database (in seconds). Value is empty if client has never
477              successfully been connected.
478
479       status  : sec_since_disconnect: optional string, containing an integer,
480       at least 0
481              The amount of time since this client last disconnected from  the
482              database  (in  seconds). Value is empty if client has never dis‐
483              connected.
484
485       status : locks_held: optional string
486              Space-separated list of the names of OVSDB locks that  the  con‐
487              nection  holds.  Omitted  if  the  connection  does not hold any
488              locks.
489
490       status : locks_waiting: optional string
491              Space-separated list of the names of OVSDB locks that  the  con‐
492              nection  is currently waiting to acquire. Omitted if the connec‐
493              tion is not waiting for any locks.
494
495       status : locks_lost: optional string
496              Space-separated list of the names of OVSDB locks that  the  con‐
497              nection  has  had  stolen by another OVSDB client. Omitted if no
498              locks have been stolen from this connection.
499
500       status : n_connections: optional  string,  containing  an  integer,  at
501       least 2
502              When  target  specifies a connection method that listens for in‐
503              bound connections (e.g. ptcp: or pssl:) and more than  one  con‐
504              nection  is  actually  active, the value is the number of active
505              connections. Otherwise, this key-value pair is omitted.
506
507       status : bound_port: optional string, containing an integer
508              When target is ptcp: or pssl:, this is the TCP port on which the
509              OVSDB  server  is  listening.  (This is particularly useful when
510              target specifies a port of 0, allowing the kernel to choose  any
511              available port.)
512
513     Common Columns:
514
515       The  overall purpose of these columns is described under Common Columns
516       at the beginning of this document.
517
518       external_ids: map of string-string pairs
519
520       other_config: map of string-string pairs
521

SSL TABLE

523       SSL configuration for ovn-sb database access.
524
525   Summary:
526       private_key                   string
527       certificate                   string
528       ca_cert                       string
529       bootstrap_ca_cert             boolean
530       ssl_protocols                 string
531       ssl_ciphers                   string
532       Common Columns:
533         external_ids                map of string-string pairs
534
535   Details:
536       private_key: string
537              Name of a PEM file  containing  the  private  key  used  as  the
538              switch’s identity for SSL connections to the controller.
539
540       certificate: string
541              Name  of a PEM file containing a certificate, signed by the cer‐
542              tificate authority (CA) used by the controller and manager, that
543              certifies  the  switch’s  private key, identifying a trustworthy
544              switch.
545
546       ca_cert: string
547              Name of a PEM file containing the CA certificate used to  verify
548              that the switch is connected to a trustworthy controller.
549
550       bootstrap_ca_cert: boolean
551              If  set to true, then Open vSwitch will attempt to obtain the CA
552              certificate from the controller on its first SSL connection  and
553              save  it to the named PEM file. If it is successful, it will im‐
554              mediately drop the connection and reconnect, and  from  then  on
555              all  SSL  connections  must  be  authenticated  by a certificate
556              signed by the CA certificate thus obtained. This option  exposes
557              the  SSL  connection to a man-in-the-middle attack obtaining the
558              initial CA certificate. It may still be  useful  for  bootstrap‐
559              ping.
560
561       ssl_protocols: string
562              List of SSL protocols to be enabled for SSL connections. The de‐
563              fault when this option is omitted is TLSv1,TLSv1.1,TLSv1.2.
564
565       ssl_ciphers: string
566              List of ciphers (in OpenSSL cipher string  format)  to  be  sup‐
567              ported  for  SSL  connections.  The  default when this option is
568              omitted is HIGH:!aNULL:!MD5.
569
570     Common Columns:
571
572       The overall purpose of these columns is described under Common  Columns
573       at the beginning of this document.
574
575       external_ids: map of string-string pairs
576
577
578
579Open vSwitch 21.03.1            DB Schema 1.0.0                   ovn-ic-sb(5)
Impressum