1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <manpage program=
"ovn-controller" section=
"8" title=
"ovn-controller">
4 <p>ovn-controller -- Open Virtual Network local controller
</p>
7 <p><code>ovn-controller
</code> [
<var>options
</var>] [
<var>ovs-database
</var>]
</p>
11 <code>ovn-controller
</code> is the local controller daemon for
12 OVN, the Open Virtual Network. It connects up to the OVN
13 Southbound database (see
<code>ovn-sb
</code>(
5)) over the OVSDB
14 protocol, and down to the Open vSwitch database (see
15 <code>ovs-vswitchd.conf.db
</code>(
5)) over the OVSDB protocol and
16 to
<code>ovs-vswitchd
</code>(
8) via OpenFlow. Each hypervisor and
17 software gateway in an OVN deployment runs its own independent
18 copy of
<code>ovn-controller
</code>; thus,
19 <code>ovn-controller
</code>'s downward connections are
20 machine-local and do not run over a physical network.
23 <h1>Configuration
</h1>
25 <code>ovn-controller
</code> retrieves most of its configuration
26 information from the local Open vSwitch's ovsdb-server instance.
27 The default location is
<code>db.sock
</code> in the local Open
28 vSwitch's
"run" directory. It may be overridden by specifying the
29 <var>ovs-database
</var> argument in one of the following forms:
34 <code>ssl:
<var>ip
</var>:
<var>port
</var></code>
37 The specified SSL
<var>port
</var> on the host at the given
38 <var>ip
</var>, which must be expressed as an IP address (not a DNS
39 name) in IPv4 or IPv6 address format. If
<var>ip
</var> is an IPv6
40 address, then wrap
<var>ip
</var> with square brackets, e.g.:
41 <code>ssl:[::
1]:
6640</code>. The
<code>--private-key
</code>,
42 <code>--certificate
</code> and either of
<code>--ca-cert
</code>
43 or
<code>--bootstrap-ca-cert
</code> options are mandatory when this
49 <code>tcp:
<var>ip
</var>:
<var>port
</var></code>
52 Connect to the given TCP
<var>port
</var> on
<var>ip
</var>, where
53 <var>ip
</var> can be IPv4 or IPv6 address. If
<var>ip
</var> is an
54 IPv6 address, then wrap
<var>ip
</var> with square brackets, e.g.:
55 <code>tcp:[::
1]:
6640</code>.
60 <code>unix:
<var>file
</var></code>
63 On POSIX, connect to the Unix domain server socket named
67 On Windows, connect to a localhost TCP port whose value is written
73 <code>ovn-controller
</code> assumes it gets configuration
74 information from the following keys in the
<code>Open_vSwitch
</code>
75 table of the local OVS instance:
78 <dt><code>external_ids:system-id
</code></dt>
79 <dd>The chassis name to use in the Chassis table.
</dd>
81 <dt><code>external_ids:hostname
</code></dt>
82 <dd>The hostname to use in the Chassis table.
</dd>
84 <dt><code>external_ids:ovn-bridge
</code></dt>
86 The integration bridge to which logical ports are attached. The
87 default is
<code>br-int
</code>. If this bridge does not exist when
88 ovn-controller starts, it will be created automatically with the
89 default configuration suggested in
<code>ovn-architecture
</code>(
7).
92 <dt><code>external_ids:ovn-remote
</code></dt>
95 The OVN database that this system should connect to for its
100 Currently,
<code>ovn-controller
</code> does not support changing this
101 setting mid-run. If the value needs to change, the daemon must be
102 restarted. (This behavior should be improved.)
106 <dt><code>external_ids:ovn-remote-probe-interval
</code></dt>
109 The inactivity probe interval of the connection to the OVN database,
111 If the value is zero, it disables the connection keepalive feature.
115 If the value is nonzero, then it will be forced to a value of
120 <dt><code>external_ids:ovn-encap-type
</code></dt>
123 The encapsulation type that a chassis should use to connect to
124 this node. Multiple encapsulation types may be specified with
125 a comma-separated list. Each listed encapsulation type will
126 be paired with
<code>ovn-encap-ip
</code>.
130 Supported tunnel types for connecting hypervisors
131 are
<code>geneve
</code> and
<code>stt
</code>. Gateways may
132 use
<code>geneve
</code>,
<code>vxlan
</code>, or
137 Due to the limited amount of metadata in
<code>vxlan
</code>,
138 the capabilities and performance of connected gateways will be
139 reduced versus other tunnel formats.
143 <dt><code>external_ids:ovn-encap-ip
</code></dt>
145 The IP address that a chassis should use to connect to this node
146 using encapsulation types specified by
147 <code>external_ids:ovn-encap-type
</code>.
150 <dt><code>external_ids:ovn-bridge-mappings
</code></dt>
152 A list of key-value pairs that map a physical network name to a local
153 ovs bridge that provides connectivity to that network. An example
154 value mapping two physical network names to two ovs bridges would be:
155 <code>physnet1:br-eth0,physnet2:br-eth1
</code>.
159 <h1>Open vSwitch Database Usage
</h1>
162 <code>ovn-controller
</code> uses a number of
<code>external_ids
</code>
163 keys in the Open vSwitch database to keep track of ports and interfaces.
164 For proper operation, users should not change or clear these keys:
169 <code>external_ids:ovn-chassis-id
</code> in the
<code>Port
</code> table
172 The presence of this key identifies a tunnel port within the
173 integration bridge as one created by
<code>ovn-controller
</code> to
174 reach a remote chassis. Its value is the chassis ID of the remote
179 <code>external_ids:ovn-localnet-port
</code> in the
<code>Port
</code>
184 The presence of this key identifies a patch port as one created by
185 <code>ovn-controller
</code> to connect the integration bridge and
186 another bridge to implement a
<code>localnet
</code> logical port.
187 Its value is the name of the logical port with
<code>type
</code>
188 set to
<code>localnet
</code> that the port implements. See
189 <code>external_ids:ovn-bridge-mappings
</code>, above, for more
194 Each
<code>localnet
</code> logical port is implemented as a pair of
195 patch ports, one in the integration bridge, one in a different
196 bridge, with the same
<code>external_ids:ovn-localnet-port
</code>
202 <code>external_ids:ovn-l2gateway-port
</code> in the
<code>Port
</code>
207 The presence of this key identifies a patch port as one created by
208 <code>ovn-controller
</code> to connect the integration bridge and
209 another bridge to implement a
<code>l2gateway
</code> logical port.
210 Its value is the name of the logical port with
<code>type
</code>
211 set to
<code>l3gateway
</code> that the port implements. See
212 <code>external_ids:ovn-bridge-mappings
</code>, above, for more
217 Each
<code>l2gateway
</code> logical port is implemented as a pair
218 of patch ports, one in the integration bridge, one in a different
219 bridge, with the same
<code>external_ids:ovn-l2gateway-port
</code>
225 <code>external_ids:ovn-logical-patch-port
</code> in the
226 <code>Port
</code> table
231 This key identifies a patch port as one created by
232 <code>ovn-controller
</code> to implement an OVN logical patch port
233 within the integration bridge. Its value is the name of the OVN
234 logical patch port that it implements.
239 <h1>Runtime Management Commands
</h1>
241 <code>ovs-appctl
</code> can send commands to a running
242 <code>ovn-controller
</code> process. The currently supported
243 commands are described below.
245 <dt><code>exit
</code></dt>
247 Causes
<code>ovn-controller
</code> to gracefully terminate.
250 <dt><code>ct-zone-list
</code></dt>
252 Lists each local logical port and its connection tracking zone.
projects / mirror_ovs.git / blob