1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
|
<?xml version="1.0" encoding="utf-8"?>
<manpage program="ovn-nbctl" section="8" title="ovn-nbctl">
<h1>Name</h1>
<p>ovn-nbctl -- Open Virtual Network northbound db management utility</p>
<h1>Synopsys</h1>
<p><code>ovn-nbctl</code> [<var>options</var>] <var>command</var> [<var>arg</var>...]</p>
<h1>Description</h1>
<p>This utility can be used to manage the OVN northbound database.</p>
<h1>General Commands</h1>
<dl>
<dt><code>show [<var>lswitch</var>]</code></dt>
<dd>
Prints a brief overview of the database contents. If
<var>lswitch</var> is provided, only records related to that
logical switch are shown.
</dd>
</dl>
<h1>Logical Switch Commands</h1>
<dl>
<dt><code>lswitch-add</code> [<var>lswitch</var>]</dt> <dd> Creates a new logical switch named <var>lswitch</var>. If
<var>lswitch</var> is not provided, the switch will not have a
name so other commands must refer to this switch by its UUID.
Initially the switch will have no ports.
</dd>
<dt><code>lswitch-del</code> <var>lswitch</var></dt>
<dd>
Deletes <var>lswitch</var>.
</dd>
<dt><code>lswitch-list</code></dt>
<dd>
Lists all existing switches on standard output, one per line.
</dd>
</dl>
<h1>ACL Commands</h1>
<dl>
<dt>[<code>--log</code>] <code>acl-add</code> <var>lswitch</var> <var>direction</var> <var>priority</var> <var>match</var> <var>action</var></dt>
<dd>
Adds the specified ACL to <var>lswitch</var>.
<var>direction</var> must be either <code>from-lport</code> or
<code>to-lport</code>. <var>priority</var> must be between
<code>1</code> and <code>65534</code>, inclusive. If
<code>--log</code> is specified, packet logging is enabled for the
ACL. A full description of the fields are in <code>ovn-nb</code>(5).
</dd>
<dt><code>acl-del</code> <var>lswitch</var> [<var>direction</var> [<var>priority</var> <var>match</var>]]</dt>
<dd>
Deletes ACLs from <var>lswitch</var>. If only
<var>lswitch</var> is supplied, all the ACLs from the logical
switch are deleted. If <var>direction</var> is also specified,
then all the flows in that direction will be deleted from the
logical switch. If all the fields are given, then a single flow
that matches all the fields will be deleted.
</dd>
<dt><code>acl-list</code> <var>lswitch</var></dt>
<dd>
Lists the ACLs on <var>lswitch</var>.
</dd>
</dl>
<h1>Logical Port Commands</h1>
<dl>
<dt><code>lport-add</code> <var>lswitch</var> <var>lport</var></dt>
<dd>
Creates on <var>lswitch</var> a new logical port named
<var>lport</var>.
</dd>
<dt><code>lport-add</code> <var>lswitch</var> <var>lport</var> <var>parent</var> <var>tag</var></dt>
<dd>
Creates on <var>lswitch</var> a logical port named <var>lport</var>
that is a child of <var>parent</var> that is identifed with VLAN ID
<var>tag</var>. This is useful in cases such as virtualized
container environments where Open vSwitch does not have a direct
connection to the container's port and it must be shared with
the virtual machine's port.
</dd>
<dt><code>lport-del</code> <var>lport</var></dt>
<dd>
Deletes <var>lport</var>.
</dd>
<dt><code>lport-list</code> <var>lswitch</var></dt>
<dd>
Lists all the logical ports within <var>lswitch</var> on
standard output, one per line.
</dd>
<dt><code>lport-get-parent</code> <var>lport</var></dt>
<dd>
If set, get the parent port of <var>lport</var>. If not set, print
nothing.
</dd>
<dt><code>lport-get-tag</code> <var>lport</var></dt>
<dd>
If set, get the tag for <var>lport</var> traffic. If not set, print
nothing.
</dd>
<dt><code>lport-set-addresses</code> <var>lport</var> [<var>address</var>]...</dt>
<dd>
Sets the addresses associated with <var>lport</var> to
<var>address</var>. Multiple MACs may be sets by using multiple
<var>address</var> arguments. If no <var>mac</var> argument is given,
<var>lport</var> will have no addresses associated with it.
</dd>
<dt><code>lport-get-addresses</code> <var>lport</var></dt>
<dd>
Lists all the addresses associated with <var>lport</var> on standard
output, one per line.
</dd>
<dt><code>lport-set-port-security</code> <var>lport</var> [<var>addrs</var>]...</dt>
<dd>
<p>
Sets the port security addresses associated with <var>lport</var> to
<var>addrs</var>. Multiple sets of addresses may be set by using
multiple <var>addrs</var> arguments. If no <var>addrs</var> argument
is given, <var>lport</var> will not have port security enabled.
</p>
<p>
Port security limits the addresses from which a logical port may send
packets and to which it may receive packets. See the
<code>ovn-nb</code>(5) documentation for the <ref
column="port_security" table="Logical_Port"/> column in the <ref
table="Logical_Port"/> table for details.
</p>
</dd>
<dt><code>lport-get-port-security</code> <var>lport</var></dt>
<dd>
Lists all the port security addresses associated with <var>lport</var>
on standard output, one per line.
</dd>
<dt><code>lport-get-up</code> <var>lport</var></dt>
<dd>
Prints the state of <var>lport</var>, either <code>up</code> or
<code>down</code>.
</dd>
<dt><code>lport-set-enabled</code> <var>lport</var> <var>state</var></dt>
<dd>
Set the administrative state of <var>lport</var>, either <code>enabled</code>
or <code>disabled</code>. When a port is disabled, no traffic is allowed into
or out of the port.
</dd>
<dt><code>lport-get-enabled</code> <var>lport</var></dt>
<dd>
Prints the administrative state of <var>lport</var>, either <code>enabled</code>
or <code>disabled</code>.
</dd>
<dt><code>lport-set-type</code> <var>lport</var> <var>type</var></dt>
<dd>
Set the type for the logical port. No special types have been implemented yet.
</dd>
<dt><code>lport-get-type</code> <var>lport</var></dt>
<dd>
Get the type for the logical port.
</dd>
<dt><code>lport-set-options</code> <var>lport</var> [<var>key=value</var>]...</dt>
<dd>
Set type-specific key-value options for the logical port.
</dd>
<dt><code>lport-get-options</code> <var>lport</var></dt>
<dd>
Get the type-specific options for the logical port.
</dd>
</dl>
<h1>Options</h1>
<dl>
<dt><code>--db</code> <var>database</var></dt>
<dd>
The OVSDB database remote to contact. If the <env>OVN_NB_DB</env>
environment variable is set, its value is used as the default.
Otherwise, the default is <code>unix:@RUNDIR@/db.sock</code>, but this
default is unlikely to be useful outside of single-machine OVN test
environments.
</dd>
<dt><code>-h</code> | <code>--help</code></dt>
<dt><code>-o</code> | <code>--options</code></dt>
<dt><code>-V</code> | <code>--version</code></dt>
</dl>
<h1>Logging options</h1>
<dl>
<dt><code>-v</code><var>spec</var>, <code>--verbose=</code><var>spec</var></dt>
<dt><code>-v</code>, <code>--verbose</code></dt>
<dt><code>--log-file</code>[<code>=</code><var>file</var>]</dt>
<dt><code>--syslog-target=</code><var>host</var><code>:</code><var>port</var></dt>
</dl>
<h1>PKI configuration (required to use SSL)</h1>
<dl>
<dt><code>-p</code>, <code>--private-key=</code><var>file</var> file with private key</dt>
<dt><code>-c</code>, <code>--certificate=</code><var>file</var> file with certificate for private key</dt>
<dt><code>-C</code>, <code>--ca-cert=</code><var>file</var> file with peer CA certificate</dt>
</dl>
</manpage>
|
