ovn-ic-nb(5) Open vSwitch Manual ovn-ic-nb(5) NAME ovn-ic-nb - OVN_IC_Northbound database schema This database is the interface for cloud management system (CMS), such as OpenStack, to configure OVN interconnection settings. The CMS pro‐ duces almost all of the contents of the database. The ovn-ic program monitors the database contents, transforms it, and stores it into the OVN_IC_Southbound database. We generally speak of ``the’’ CMS, but one can imagine scenarios in which multiple CMSes manage different parts of OVN interconnection. External IDs Each of the tables in this database contains a special column, named external_ids. This column has the same form and purpose each place it appears. external_ids: map of string-string pairs Key-value pairs for use by the CMS. The CMS might use certain pairs, for example, to identify entities in its own configuration that correspond to those in this data‐ base. TABLE SUMMARY The following list summarizes the purpose of each of the tables in the OVN_IC_Northbound database. Each table is described in more detail on a later page. Table Purpose IC_NB_Global IC Northbound configuration Transit_Switch Transit logical switch SSL SSL configuration. Connection OVSDB client connections. IC_NB_Global TABLE Northbound configuration for OVN interconnection. This table must have exactly one row. Summary: Status: nb_ic_cfg integer sb_ic_cfg integer Common Columns: external_ids map of string-string pairs Common options: options map of string-string pairs options : ic_probe_interval optional string Connection Options: connections set of Connections ssl optional SSL Details: Status: These columns allow a client to track the overall configuration state of the system. nb_ic_cfg: integer Sequence number for client to increment. When a client modifies the interconnect northbound database configuration and wishes to wait for OVN-ICs to handle this change and update the Intercon‐ nect southbound database, it may increment this sequence number. sb_ic_cfg: integer Sequence number that one OVN-IC sets to the value of nb_ic_cfg after waiting to all the OVN-ICs finish applying their changes to interconnect southbound database. Common Columns: external_ids: map of string-string pairs See External IDs at the beginning of this document. Common options: options: map of string-string pairs This column provides general key/value settings. The supported options are described individually below. options : ic_probe_interval: optional string The inactivity probe interval of the connection to the OVN IC Northbound and Southbound databases from ovn-ic, in millisec‐ onds. If the value is zero, it disables the connection keepalive feature. If the value is nonzero, then it will be forced to a value of at least 1000 ms. Connection Options: connections: set of Connections Database clients to which the Open vSwitch database server should connect or on which it should listen, along with options for how these connections should be configured. See the Connec‐‐ tion table for more information. ssl: optional SSL Global SSL configuration. Transit_Switch TABLE Each row represents one transit logical switch for interconnection be‐ tween different OVN deployments (availability zones). Summary: Naming: name string (must be unique within table) Common Columns: other_config map of string-string pairs external_ids map of string-string pairs Details: Naming: name: string (must be unique within table) A name that uniquely identifies the transit logical switch. Common Columns: other_config: map of string-string pairs external_ids: map of string-string pairs See External IDs at the beginning of this document. SSL TABLE SSL configuration for ovn-nb database access. Summary: private_key string certificate string ca_cert string bootstrap_ca_cert boolean ssl_protocols string ssl_ciphers string Common Columns: external_ids map of string-string pairs Details: private_key: string Name of a PEM file containing the private key used as the switch’s identity for SSL connections to the controller. certificate: string Name of a PEM file containing a certificate, signed by the cer‐ tificate authority (CA) used by the controller and manager, that certifies the switch’s private key, identifying a trustworthy switch. ca_cert: string Name of a PEM file containing the CA certificate used to verify that the switch is connected to a trustworthy controller. bootstrap_ca_cert: boolean If set to true, then Open vSwitch will attempt to obtain the CA certificate from the controller on its first SSL connection and save it to the named PEM file. If it is successful, it will im‐ mediately drop the connection and reconnect, and from then on all SSL connections must be authenticated by a certificate signed by the CA certificate thus obtained. This option exposes the SSL connection to a man-in-the-middle attack obtaining the initial CA certificate. It may still be useful for bootstrap‐ ping. ssl_protocols: string List of SSL protocols to be enabled for SSL connections. The de‐ fault when this option is omitted is TLSv1,TLSv1.1,TLSv1.2. ssl_ciphers: string List of ciphers (in OpenSSL cipher string format) to be sup‐ ported for SSL connections. The default when this option is omitted is HIGH:!aNULL:!MD5. Common Columns: The overall purpose of these columns is described under Common Columns at the beginning of this document. external_ids: map of string-string pairs Connection TABLE Configuration for a database connection to an Open vSwitch database (OVSDB) client. This table primarily configures the Open vSwitch database server (ovsdb-server). The Open vSwitch database server can initiate and maintain active con‐ nections to remote clients. It can also listen for database connec‐ tions. Summary: Core Features: target string (must be unique within table) Client Failure Detection and Handling: max_backoff optional integer, at least 1,000 inactivity_probe optional integer Status: is_connected boolean status : last_error optional string status : state optional string, one of ACTIVE, BACKOFF, CONNECTING, IDLE, or VOID status : sec_since_connect optional string, containing an integer, at least 0 status : sec_since_disconnect optional string, containing an integer, at least 0 status : locks_held optional string status : locks_waiting optional string status : locks_lost optional string status : n_connections optional string, containing an integer, at least 2 status : bound_port optional string, containing an integer Common Columns: external_ids map of string-string pairs other_config map of string-string pairs Details: Core Features: target: string (must be unique within table) Connection methods for clients. The following connection methods are currently supported: ssl:host[:port] The specified SSL port on the host at the given host, which can either be a DNS name (if built with unbound li‐ brary) or an IP address. A valid SSL configuration must be provided when this form is used, this configuration can be specified via command-line options or the SSL ta‐ ble. If port is not specified, it defaults to 6640. SSL support is an optional feature that is not always built as part of Open vSwitch. tcp:host[:port] The specified TCP port on the host at the given host, which can either be a DNS name (if built with unbound li‐ brary) or an IP address. If host is an IPv6 address, wrap it in square brackets, e.g. tcp:[::1]:6640. If port is not specified, it defaults to 6640. pssl:[port][:host] Listens for SSL connections on the specified TCP port. Specify 0 for port to have the kernel automatically choose an available port. If host, which can either be a DNS name (if built with unbound library) or an IP ad‐ dress, is specified, then connections are restricted to the resolved or specified local IPaddress (either IPv4 or IPv6 address). If host is an IPv6 address, wrap in square brackets, e.g. pssl:6640:[::1]. If host is not specified then it listens only on IPv4 (but not IPv6) addresses. A valid SSL configuration must be provided when this form is used, this can be specified either via command-line options or the SSL table. If port is not specified, it defaults to 6640. SSL support is an optional feature that is not always built as part of Open vSwitch. ptcp:[port][:host] Listens for connections on the specified TCP port. Spec‐ ify 0 for port to have the kernel automatically choose an available port. If host, which can either be a DNS name (if built with unbound library) or an IP address, is specified, then connections are restricted to the re‐ solved or specified local IP address (either IPv4 or IPv6 address). If host is an IPv6 address, wrap it in square brackets, e.g. ptcp:6640:[::1]. If host is not specified then it listens only on IPv4 addresses. If port is not specified, it defaults to 6640. When multiple clients are configured, the target values must be unique. Duplicate target values yield unspecified results. Client Failure Detection and Handling: max_backoff: optional integer, at least 1,000 Maximum number of milliseconds to wait between connection at‐ tempts. Default is implementation-specific. inactivity_probe: optional integer Maximum number of milliseconds of idle time on connection to the client before sending an inactivity probe message. If Open vSwitch does not communicate with the client for the specified number of seconds, it will send a probe. If a response is not received for the same additional amount of time, Open vSwitch assumes the connection has been broken and attempts to recon‐ nect. Default is implementation-specific. A value of 0 disables inactivity probes. Status: Key-value pair of is_connected is always updated. Other key-value pairs in the status columns may be updated depends on the target type. When target specifies a connection method that listens for inbound con‐ nections (e.g. ptcp: or punix:), both n_connections and is_connected may also be updated while the remaining key-value pairs are omitted. On the other hand, when target specifies an outbound connection, all key-value pairs may be updated, except the above-mentioned two key- value pairs associated with inbound connection targets. They are omit‐ ted. is_connected: boolean true if currently connected to this client, false otherwise. status : last_error: optional string A human-readable description of the last error on the connection to the manager; i.e. strerror(errno). This key will exist only if an error has occurred. status : state: optional string, one of ACTIVE, BACKOFF, CONNECTING, IDLE, or VOID The state of the connection to the manager: VOID Connection is disabled. BACKOFF Attempting to reconnect at an increasing period. CONNECTING Attempting to connect. ACTIVE Connected, remote host responsive. IDLE Connection is idle. Waiting for response to keep-alive. These values may change in the future. They are provided only for human consumption. status : sec_since_connect: optional string, containing an integer, at least 0 The amount of time since this client last successfully connected to the database (in seconds). Value is empty if client has never successfully been connected. status : sec_since_disconnect: optional string, containing an integer, at least 0 The amount of time since this client last disconnected from the database (in seconds). Value is empty if client has never dis‐ connected. status : locks_held: optional string Space-separated list of the names of OVSDB locks that the con‐ nection holds. Omitted if the connection does not hold any locks. status : locks_waiting: optional string Space-separated list of the names of OVSDB locks that the con‐ nection is currently waiting to acquire. Omitted if the connec‐ tion is not waiting for any locks. status : locks_lost: optional string Space-separated list of the names of OVSDB locks that the con‐ nection has had stolen by another OVSDB client. Omitted if no locks have been stolen from this connection. status : n_connections: optional string, containing an integer, at least 2 When target specifies a connection method that listens for in‐ bound connections (e.g. ptcp: or pssl:) and more than one con‐ nection is actually active, the value is the number of active connections. Otherwise, this key-value pair is omitted. status : bound_port: optional string, containing an integer When target is ptcp: or pssl:, this is the TCP port on which the OVSDB server is listening. (This is particularly useful when target specifies a port of 0, allowing the kernel to choose any available port.) Common Columns: The overall purpose of these columns is described under Common Columns at the beginning of this document. external_ids: map of string-string pairs other_config: map of string-string pairs Open vSwitch 24.09.90 DB Schema 1.1.0 ovn-ic-nb(5)