ovn-ic-nb(5) Open vSwitch Manual ovn-ic-nb(5)
NAME
ovn-ic-nb - OVN_IC_Northbound database schema
This database is the interface for cloud management system (CMS), such
as OpenStack, to configure OVN interconnection settings. The CMS pro‐
duces almost all of the contents of the database. The ovn-ic program
monitors the database contents, transforms it, and stores it into the
OVN_IC_Southbound database.
We generally speak of ``the’’ CMS, but one can imagine scenarios in
which multiple CMSes manage different parts of OVN interconnection.
External IDs
Each of the tables in this database contains a special column, named
external_ids. This column has the same form and purpose each place it
appears.
external_ids: map of string-string pairs
Key-value pairs for use by the CMS. The CMS might use
certain pairs, for example, to identify entities in its
own configuration that correspond to those in this data‐
base.
TABLE SUMMARY
The following list summarizes the purpose of each of the tables in the
OVN_IC_Northbound database. Each table is described in more detail on
a later page.
Table Purpose
IC_NB_Global
IC Northbound configuration
Transit_Switch
Transit logical switch
SSL SSL configuration.
Connection
OVSDB client connections.
IC_NB_Global TABLE
Northbound configuration for OVN interconnection. This table must have
exactly one row.
Summary:
Status:
nb_ic_cfg integer
sb_ic_cfg integer
Common Columns:
external_ids map of string-string pairs
Common options:
options map of string-string pairs
options : ic_probe_interval
optional string
Connection Options:
connections set of Connections
ssl optional SSL
Details:
Status:
These columns allow a client to track the overall configuration state
of the system.
nb_ic_cfg: integer
Sequence number for client to increment. When a client modifies
the interconnect northbound database configuration and wishes to
wait for OVN-ICs to handle this change and update the Intercon‐
nect southbound database, it may increment this sequence number.
sb_ic_cfg: integer
Sequence number that one OVN-IC sets to the value of nb_ic_cfg
after waiting to all the OVN-ICs finish applying their changes
to interconnect southbound database.
Common Columns:
external_ids: map of string-string pairs
See External IDs at the beginning of this document.
Common options:
options: map of string-string pairs
This column provides general key/value settings. The supported
options are described individually below.
options : ic_probe_interval: optional string
The inactivity probe interval of the connection to the OVN IC
Northbound and Southbound databases from ovn-ic, in millisec‐
onds. If the value is zero, it disables the connection keepalive
feature.
If the value is nonzero, then it will be forced to a value of at
least 1000 ms.
Connection Options:
connections: set of Connections
Database clients to which the Open vSwitch database server
should connect or on which it should listen, along with options
for how these connections should be configured. See the Connec‐�‐
tion table for more information.
ssl: optional SSL
Global SSL configuration.
Transit_Switch TABLE
Each row represents one transit logical switch for interconnection be‐
tween different OVN deployments (availability zones).
Summary:
Naming:
name string (must be unique within table)
Common Columns:
other_config map of string-string pairs
external_ids map of string-string pairs
Details:
Naming:
name: string (must be unique within table)
A name that uniquely identifies the transit logical switch.
Common Columns:
other_config: map of string-string pairs
external_ids: map of string-string pairs
See External IDs at the beginning of this document.
SSL TABLE
SSL configuration for ovn-nb database access.
Summary:
private_key string
certificate string
ca_cert string
bootstrap_ca_cert boolean
ssl_protocols string
ssl_ciphers string
Common Columns:
external_ids map of string-string pairs
Details:
private_key: string
Name of a PEM file containing the private key used as the
switch’s identity for SSL connections to the controller.
certificate: string
Name of a PEM file containing a certificate, signed by the cer‐
tificate authority (CA) used by the controller and manager, that
certifies the switch’s private key, identifying a trustworthy
switch.
ca_cert: string
Name of a PEM file containing the CA certificate used to verify
that the switch is connected to a trustworthy controller.
bootstrap_ca_cert: boolean
If set to true, then Open vSwitch will attempt to obtain the CA
certificate from the controller on its first SSL connection and
save it to the named PEM file. If it is successful, it will im‐
mediately drop the connection and reconnect, and from then on
all SSL connections must be authenticated by a certificate
signed by the CA certificate thus obtained. This option exposes
the SSL connection to a man-in-the-middle attack obtaining the
initial CA certificate. It may still be useful for bootstrap‐
ping.
ssl_protocols: string
List of SSL protocols to be enabled for SSL connections. The de‐
fault when this option is omitted is TLSv1,TLSv1.1,TLSv1.2.
ssl_ciphers: string
List of ciphers (in OpenSSL cipher string format) to be sup‐
ported for SSL connections. The default when this option is
omitted is HIGH:!aNULL:!MD5.
Common Columns:
The overall purpose of these columns is described under Common Columns
at the beginning of this document.
external_ids: map of string-string pairs
Connection TABLE
Configuration for a database connection to an Open vSwitch database
(OVSDB) client.
This table primarily configures the Open vSwitch database server
(ovsdb-server).
The Open vSwitch database server can initiate and maintain active con‐
nections to remote clients. It can also listen for database connec‐
tions.
Summary:
Core Features:
target string (must be unique within table)
Client Failure Detection and Handling:
max_backoff optional integer, at least 1,000
inactivity_probe optional integer
Status:
is_connected boolean
status : last_error optional string
status : state optional string, one of ACTIVE, BACKOFF,
CONNECTING, IDLE, or VOID
status : sec_since_connect optional string, containing an integer,
at least 0
status : sec_since_disconnect
optional string, containing an integer,
at least 0
status : locks_held optional string
status : locks_waiting optional string
status : locks_lost optional string
status : n_connections optional string, containing an integer,
at least 2
status : bound_port optional string, containing an integer
Common Columns:
external_ids map of string-string pairs
other_config map of string-string pairs
Details:
Core Features:
target: string (must be unique within table)
Connection methods for clients.
The following connection methods are currently supported:
ssl:host[:port]
The specified SSL port on the host at the given host,
which can either be a DNS name (if built with unbound li‐
brary) or an IP address. A valid SSL configuration must
be provided when this form is used, this configuration
can be specified via command-line options or the SSL ta‐
ble.
If port is not specified, it defaults to 6640.
SSL support is an optional feature that is not always
built as part of Open vSwitch.
tcp:host[:port]
The specified TCP port on the host at the given host,
which can either be a DNS name (if built with unbound li‐
brary) or an IP address. If host is an IPv6 address, wrap
it in square brackets, e.g. tcp:[::1]:6640.
If port is not specified, it defaults to 6640.
pssl:[port][:host]
Listens for SSL connections on the specified TCP port.
Specify 0 for port to have the kernel automatically
choose an available port. If host, which can either be a
DNS name (if built with unbound library) or an IP ad‐
dress, is specified, then connections are restricted to
the resolved or specified local IPaddress (either IPv4 or
IPv6 address). If host is an IPv6 address, wrap in square
brackets, e.g. pssl:6640:[::1]. If host is not specified
then it listens only on IPv4 (but not IPv6) addresses. A
valid SSL configuration must be provided when this form
is used, this can be specified either via command-line
options or the SSL table.
If port is not specified, it defaults to 6640.
SSL support is an optional feature that is not always
built as part of Open vSwitch.
ptcp:[port][:host]
Listens for connections on the specified TCP port. Spec‐
ify 0 for port to have the kernel automatically choose an
available port. If host, which can either be a DNS name
(if built with unbound library) or an IP address, is
specified, then connections are restricted to the re‐
solved or specified local IP address (either IPv4 or IPv6
address). If host is an IPv6 address, wrap it in square
brackets, e.g. ptcp:6640:[::1]. If host is not specified
then it listens only on IPv4 addresses.
If port is not specified, it defaults to 6640.
When multiple clients are configured, the target values must be
unique. Duplicate target values yield unspecified results.
Client Failure Detection and Handling:
max_backoff: optional integer, at least 1,000
Maximum number of milliseconds to wait between connection at‐
tempts. Default is implementation-specific.
inactivity_probe: optional integer
Maximum number of milliseconds of idle time on connection to the
client before sending an inactivity probe message. If Open
vSwitch does not communicate with the client for the specified
number of seconds, it will send a probe. If a response is not
received for the same additional amount of time, Open vSwitch
assumes the connection has been broken and attempts to recon‐
nect. Default is implementation-specific. A value of 0 disables
inactivity probes.
Status:
Key-value pair of is_connected is always updated. Other key-value pairs
in the status columns may be updated depends on the target type.
When target specifies a connection method that listens for inbound con‐
nections (e.g. ptcp: or punix:), both n_connections and is_connected
may also be updated while the remaining key-value pairs are omitted.
On the other hand, when target specifies an outbound connection, all
key-value pairs may be updated, except the above-mentioned two key-
value pairs associated with inbound connection targets. They are omit‐
ted.
is_connected: boolean
true if currently connected to this client, false otherwise.
status : last_error: optional string
A human-readable description of the last error on the connection
to the manager; i.e. strerror(errno). This key will exist only
if an error has occurred.
status : state: optional string, one of ACTIVE, BACKOFF, CONNECTING,
IDLE, or VOID
The state of the connection to the manager:
VOID Connection is disabled.
BACKOFF
Attempting to reconnect at an increasing period.
CONNECTING
Attempting to connect.
ACTIVE Connected, remote host responsive.
IDLE Connection is idle. Waiting for response to keep-alive.
These values may change in the future. They are provided only
for human consumption.
status : sec_since_connect: optional string, containing an integer, at
least 0
The amount of time since this client last successfully connected
to the database (in seconds). Value is empty if client has never
successfully been connected.
status : sec_since_disconnect: optional string, containing an integer,
at least 0
The amount of time since this client last disconnected from the
database (in seconds). Value is empty if client has never dis‐
connected.
status : locks_held: optional string
Space-separated list of the names of OVSDB locks that the con‐
nection holds. Omitted if the connection does not hold any
locks.
status : locks_waiting: optional string
Space-separated list of the names of OVSDB locks that the con‐
nection is currently waiting to acquire. Omitted if the connec‐
tion is not waiting for any locks.
status : locks_lost: optional string
Space-separated list of the names of OVSDB locks that the con‐
nection has had stolen by another OVSDB client. Omitted if no
locks have been stolen from this connection.
status : n_connections: optional string, containing an integer, at
least 2
When target specifies a connection method that listens for in‐
bound connections (e.g. ptcp: or pssl:) and more than one con‐
nection is actually active, the value is the number of active
connections. Otherwise, this key-value pair is omitted.
status : bound_port: optional string, containing an integer
When target is ptcp: or pssl:, this is the TCP port on which the
OVSDB server is listening. (This is particularly useful when
target specifies a port of 0, allowing the kernel to choose any
available port.)
Common Columns:
The overall purpose of these columns is described under Common Columns
at the beginning of this document.
external_ids: map of string-string pairs
other_config: map of string-string pairs
Open vSwitch 24.03.90 DB Schema 1.1.0 ovn-ic-nb(5)