ovn-ic-nb(5)                  Open vSwitch Manual                 ovn-ic-nb(5)

NAME
       ovn-ic-nb - OVN_IC_Northbound database schema

       This  database is the interface for cloud management system (CMS), such
       as OpenStack, to configure OVN interconnection settings. The  CMS  pro‐
       duces  almost  all  of the contents of the database. The ovn-ic program
       monitors the database contents, transforms it, and stores it  into  the
       OVN_IC_Southbound database.

       We  generally  speak  of  ``the’’ CMS, but one can imagine scenarios in
       which multiple CMSes manage different parts of OVN interconnection.

   External IDs
       Each of the tables in this database contains a  special  column,  named
       external_ids.  This  column has the same form and purpose each place it
       appears.

              external_ids: map of string-string pairs
                     Key-value pairs for use by the CMS.  The  CMS  might  use
                     certain  pairs,  for example, to identify entities in its
                     own configuration that correspond to those in this  data‐
                     base.

TABLE SUMMARY
       The  following list summarizes the purpose of each of the tables in the
       OVN_IC_Northbound database.  Each table is described in more detail  on
       a later page.

       Table     Purpose
       IC_NB_Global
                 IC Northbound configuration
       Transit_Switch
                 Transit logical switch
       SSL       SSL configuration.
       Connection
                 OVSDB client connections.

IC_NB_Global TABLE
       Northbound  configuration for OVN interconnection. This table must have
       exactly one row.

   Summary:
       Status:
         nb_ic_cfg                   integer
         sb_ic_cfg                   integer
       Common Columns:
         external_ids                map of string-string pairs
       Common options:
         options                     map of string-string pairs
         options : ic_probe_interval
                                     optional string
         options : vxlan_mode        optional string
       Connection Options:
         connections                 set of Connections
         ssl                         optional SSL

   Details:
     Status:

       These columns allow a client to track the overall  configuration  state
       of the system.

       nb_ic_cfg: integer
              Sequence  number for client to increment. When a client modifies
              the interconnect northbound database configuration and wishes to
              wait for OVN-ICs to handle this change and update the  Intercon‐
              nect southbound database, it may increment this sequence number.

       sb_ic_cfg: integer
              Sequence  number  that one OVN-IC sets to the value of nb_ic_cfg
              after waiting to all the OVN-ICs finish applying  their  changes
              to interconnect southbound database.

     Common Columns:

       external_ids: map of string-string pairs
              See External IDs at the beginning of this document.

     Common options:

       options: map of string-string pairs
              This  column  provides general key/value settings. The supported
              options are described individually below.

       options : ic_probe_interval: optional string
              The inactivity probe interval of the connection to  the  OVN  IC
              Northbound  and  Southbound  databases from ovn-ic, in millisec‐
              onds. If the value is zero, it disables the connection keepalive
              feature.

              If the value is nonzero, then it will be forced to a value of at
              least 1000 ms.

       options : vxlan_mode: optional string
              This field allows the client to enable  VXLAN  as  encapsulation
              protocol for for cross-AZ traffic. Default value is false.

     Connection Options:

       connections: set of Connections
              Database  clients  to  which  the  Open  vSwitch database server
              should connect or on which it should listen, along with  options
              for  how these connections should be configured. See the Connec‐‐
              tion table for more information.

       ssl: optional SSL
              Global SSL/TLS configuration.

Transit_Switch TABLE
       Each row represents one transit logical switch for interconnection  be‐
       tween different OVN deployments (availability zones).

   Summary:
       Naming:
         name                        string (must be unique within table)
       Common Columns:
         other_config                map of string-string pairs
         external_ids                map of string-string pairs

   Details:
     Naming:

       name: string (must be unique within table)
              A name that uniquely identifies the transit logical switch.

     Common Columns:

       other_config: map of string-string pairs

       external_ids: map of string-string pairs
              See External IDs at the beginning of this document.

SSL TABLE
       SSL/TLS configuration for ovn-nb database access.

   Summary:
       private_key                   string
       certificate                   string
       ca_cert                       string
       bootstrap_ca_cert             boolean
       ssl_protocols                 string
       ssl_ciphers                   string
       ssl_ciphersuites              string
       Common Columns:
         external_ids                map of string-string pairs

   Details:
       private_key: string
              Name  of  a  PEM  file  containing  the  private key used as the
              switch’s identity for SSL/TLS connections to the controller.

       certificate: string
              Name of a PEM file containing a certificate, signed by the  cer‐
              tificate authority (CA) used by the controller and manager, that
              certifies  the  switch’s  private key, identifying a trustworthy
              switch.

       ca_cert: string
              Name of a PEM file containing the CA certificate used to  verify
              that the switch is connected to a trustworthy controller.

       bootstrap_ca_cert: boolean
              If  set to true, then Open vSwitch will attempt to obtain the CA
              certificate from the controller on its first SSL/TLS  connection
              and  save it to the named PEM file. If it is successful, it will
              immediately drop the connection and reconnect, and from then  on
              all  SSL/TLS  connections must be authenticated by a certificate
              signed by the CA certificate thus obtained. This option  exposes
              the  SSL/TLS  connection to a man-in-the-middle attack obtaining
              the initial CA certificate. It may still  be  useful  for  boot‐
              strapping.

       ssl_protocols: string
              Range  or a comma- or space-delimited list of the SSL/TLS proto‐
              cols to enable for SSL/TLS connections.

              Supported protocols include TLSv1 (deprecated), TLSv1.1  (depre‐
              cated), TLSv1.2 and TLSv1.3. Ranges can be provided in a form of
              two  protocol  names separated with a dash (TLSv1.1-TLSv1.2), or
              as a single protocol name with a plus sign (TLSv1.2+). The value
              can be a list of protocols or exactly one range. The range is  a
              preferred  way of specifying protocols and the configuration al‐
              ways behaves as if the range between the minimum and the maximum
              specified version is provided, i.e., if  the  value  is  set  to
              TLSv1.1,TLSv1.3, the TLSv1.2 will also be enabled as if it was a
              range.  Regardless  of  order, the highest protocol supported by
              both sides will be chosen when making the connection.

              The default when this option is omitted is TLSv1.2+.

       ssl_ciphers: string
              List of ciphers (in OpenSSL cipher string  format)  to  be  sup‐
              ported for SSL/TLS connections with TLSv1.2 and earlier. The de‐
              fault when this option is omitted is DEFAULT:@SECLEVEL=2.

       ssl_ciphersuites: string
              List  of ciphersuites (in OpenSSL ciphersuites string format) to
              be supported for SSL/TLS connections with TLSv1.3 and later. De‐
              fault value from OpenSSL will be used when this option is  omit‐
              ted.

     Common Columns:

       The  overall purpose of these columns is described under Common Columns
       at the beginning of this document.

       external_ids: map of string-string pairs
Connection TABLE
       Configuration for a database connection to  an  Open  vSwitch  database
       (OVSDB) client.

       This  table  primarily  configures  the  Open  vSwitch  database server
       (ovsdb-server).

       The Open vSwitch database server can initiate and maintain active  con‐
       nections  to  remote  clients.  It can also listen for database connec‐
       tions.

   Summary:
       Core Features:
         target                      string (must be unique within table)
       Client Failure Detection and Handling:
         max_backoff                 optional integer, at least 1,000
         inactivity_probe            optional integer
       Status:
         is_connected                boolean
         status : last_error         optional string
         status : state              optional string, one of ACTIVE,  BACKOFF,
                                     CONNECTING, IDLE, or VOID
         status : sec_since_connect  optional  string,  containing an integer,
                                     at least 0
         status : sec_since_disconnect
                                     optional string, containing  an  integer,
                                     at least 0
         status : locks_held         optional string
         status : locks_waiting      optional string
         status : locks_lost         optional string
         status : n_connections      optional  string,  containing an integer,
                                     at least 2
         status : bound_port         optional string, containing an integer
       Common Columns:
         external_ids                map of string-string pairs
         other_config                map of string-string pairs

   Details:
     Core Features:

       target: string (must be unique within table)
              Connection methods for clients.

              The following connection methods are currently supported:

              ssl:host[:port]
                     The specified SSL/TLS port on the host at the given host,
                     which can either be a DNS name (if built with unbound li‐
                     brary) or an IP address. A  valid  SSL/TLS  configuration
                     must  be provided when this form is used, this configura‐
                     tion can be specified via command-line options or the SSL
                     table.

                     If port is not specified, it defaults to 6640.

                     SSL/TLS support is an optional feature that is not always
                     built as part of OVN or Open vSwitch.

              tcp:host[:port]
                     The specified TCP port on the host  at  the  given  host,
                     which can either be a DNS name (if built with unbound li‐
                     brary) or an IP address. If host is an IPv6 address, wrap
                     it in square brackets, e.g. tcp:[::1]:6640.

                     If port is not specified, it defaults to 6640.

              pssl:[port][:host]
                     Listens  for  SSL/TLS  connections  on  the specified TCP
                     port. Specify 0 for port to have the kernel automatically
                     choose an available port. If host, which can either be  a
                     DNS  name  (if  built  with unbound library) or an IP ad‐
                     dress, is specified, then connections are  restricted  to
                     the resolved or specified local IPaddress (either IPv4 or
                     IPv6 address). If host is an IPv6 address, wrap in square
                     brackets,  e.g. pssl:6640:[::1]. If host is not specified
                     then it listens only on IPv4 (but not IPv6) addresses.  A
                     valid  SSL/TLS  configuration  must be provided when this
                     form is used, this can be specified either  via  command-
                     line options or the SSL table.

                     If port is not specified, it defaults to 6640.

                     SSL/TLS support is an optional feature that is not always
                     built as part of OVN or Open vSwitch.

              ptcp:[port][:host]
                     Listens  for connections on the specified TCP port. Spec‐
                     ify 0 for port to have the kernel automatically choose an
                     available port. If host, which can either be a  DNS  name
                     (if  built  with  unbound  library)  or an IP address, is
                     specified, then connections are  restricted  to  the  re‐
                     solved or specified local IP address (either IPv4 or IPv6
                     address).  If  host is an IPv6 address, wrap it in square
                     brackets, e.g. ptcp:6640:[::1]. If host is not  specified
                     then it listens only on IPv4 addresses.

                     If port is not specified, it defaults to 6640.

              When  multiple clients are configured, the target values must be
              unique. Duplicate target values yield unspecified results.

     Client Failure Detection and Handling:

       max_backoff: optional integer, at least 1,000
              Maximum number of milliseconds to wait  between  connection  at‐
              tempts. Default is implementation-specific.

       inactivity_probe: optional integer
              Maximum number of milliseconds of idle time on connection to the
              client  before  sending  an  inactivity  probe  message. If Open
              vSwitch does not communicate with the client for  the  specified
              number  of  seconds,  it will send a probe. If a response is not
              received for the same additional amount of  time,  Open  vSwitch
              assumes  the  connection  has been broken and attempts to recon‐
              nect. Default is implementation-specific. A value of 0  disables
              inactivity probes.

     Status:

       Key-value pair of is_connected is always updated. Other key-value pairs
       in the status columns may be updated depends on the target type.

       When target specifies a connection method that listens for inbound con‐
       nections  (e.g.  ptcp:  or punix:), both n_connections and is_connected
       may also be updated while the remaining key-value pairs are omitted.

       On the other hand, when target specifies an  outbound  connection,  all
       key-value  pairs  may  be  updated, except the above-mentioned two key-
       value pairs associated with inbound connection targets. They are  omit‐
       ted.

       is_connected: boolean
              true if currently connected to this client, false otherwise.

       status : last_error: optional string
              A human-readable description of the last error on the connection
              to  the  manager; i.e. strerror(errno). This key will exist only
              if an error has occurred.

       status : state: optional string, one of ACTIVE, BACKOFF, CONNECTING,
       IDLE, or VOID
              The state of the connection to the manager:

              VOID   Connection is disabled.

              BACKOFF
                     Attempting to reconnect at an increasing period.

              CONNECTING
                     Attempting to connect.

              ACTIVE Connected, remote host responsive.

              IDLE   Connection is idle. Waiting for response to keep-alive.

              These values may change in the future. They  are  provided  only
              for human consumption.

       status : sec_since_connect: optional string, containing an integer, at
       least 0
              The amount of time since this client last successfully connected
              to the database (in seconds). Value is empty if client has never
              successfully been connected.

       status : sec_since_disconnect: optional string, containing an integer,
       at least 0
              The  amount of time since this client last disconnected from the
              database (in seconds). Value is empty if client has  never  dis‐
              connected.

       status : locks_held: optional string
              Space-separated  list  of the names of OVSDB locks that the con‐
              nection holds. Omitted if  the  connection  does  not  hold  any
              locks.

       status : locks_waiting: optional string
              Space-separated  list  of the names of OVSDB locks that the con‐
              nection is currently waiting to acquire. Omitted if the  connec‐
              tion is not waiting for any locks.

       status : locks_lost: optional string
              Space-separated  list  of the names of OVSDB locks that the con‐
              nection has had stolen by another OVSDB client.  Omitted  if  no
              locks have been stolen from this connection.

       status : n_connections: optional string, containing an integer, at
       least 2
              When  target  specifies a connection method that listens for in‐
              bound connections (e.g. ptcp: or pssl:) and more than  one  con‐
              nection  is  actually  active, the value is the number of active
              connections. Otherwise, this key-value pair is omitted.

       status : bound_port: optional string, containing an integer
              When target is ptcp: or pssl:, this is the TCP port on which the
              OVSDB server is listening. (This  is  particularly  useful  when
              target  specifies a port of 0, allowing the kernel to choose any
              available port.)

     Common Columns:

       The overall purpose of these columns is described under Common  Columns
       at the beginning of this document.

       external_ids: map of string-string pairs

       other_config: map of string-string pairs

Open vSwitch 25.03.90           DB Schema 1.2.0                   ovn-ic-nb(5)