1 <?xml version="1.0" encoding="utf-8"?>
2 <manpage program="ovn-controller" section="8" title="ovn-controller">
4 <p>ovn-controller -- Open Virtual Network local controller</p>
7 <p><code>ovn-controller</code> [<var>options</var>] [<var>ovs-database</var>]</p>
11 <code>ovn-controller</code> is the local controller daemon for
12 OVN, the Open Virtual Network. It connects up to the OVN
13 Southbound database (see <code>ovn-sb</code>(5)) over the OVSDB
14 protocol, and down to the Open vSwitch database (see
15 <code>ovs-vswitchd.conf.db</code>(5)) over the OVSDB protocol and
16 to <code>ovs-vswitchd</code>(8) via OpenFlow. Each hypervisor and
17 software gateway in an OVN deployment runs its own independent
18 copy of <code>ovn-controller</code>; thus,
19 <code>ovn-controller</code>'s downward connections are
20 machine-local and do not run over a physical network.
23 <h1>Configuration</h1>
25 <code>ovn-controller</code> retrieves most of its configuration
26 information from the local Open vSwitch's ovsdb-server instance.
27 The default location is <code>db.sock</code> in the local Open
28 vSwitch's "run" directory. It may be overridden by specifying the
29 <var>ovs-database</var> argument in one of the following forms:
34 <code>ssl:<var>ip</var>:<var>port</var></code>
37 The specified SSL <var>port</var> on the host at the given
38 <var>ip</var>, which must be expressed as an IP address (not a DNS
39 name) in IPv4 or IPv6 address format. If <var>ip</var> is an IPv6
40 address, then wrap <var>ip</var> with square brackets, e.g.:
41 <code>ssl:[::1]:6640</code>. The <code>--private-key</code>,
42 <code>--certificate</code> and either of <code>--ca-cert</code>
43 or <code>--bootstrap-ca-cert</code> options are mandatory when this
49 <code>tcp:<var>ip</var>:<var>port</var></code>
52 Connect to the given TCP <var>port</var> on <var>ip</var>, where
53 <var>ip</var> can be IPv4 or IPv6 address. If <var>ip</var> is an
54 IPv6 address, then wrap <var>ip</var> with square brackets, e.g.:
55 <code>tcp:[::1]:6640</code>.
60 <code>unix:<var>file</var></code>
63 On POSIX, connect to the Unix domain server socket named
67 On Windows, connect to a localhost TCP port whose value is written
73 <code>ovn-controller</code> assumes it gets configuration
74 information from the following keys in the <code>Open_vSwitch</code>
75 table of the local OVS instance:
78 <dt><code>external_ids:system-id</code></dt>
79 <dd>The chassis name to use in the Chassis table.</dd>
81 <dt><code>external_ids:ovn-bridge</code></dt>
83 The integration bridge to which logical ports are attached. The
84 default is <code>br-int</code>. If this bridge does not exist when
85 ovn-controller starts, it will be created automatically with the
86 default configuration suggested in <code>ovn-architecture</code>(7).
89 <dt><code>external_ids:ovn-remote</code></dt>
92 The OVN database that this system should connect to for its
97 Currently, <code>ovn-controller</code> does not support changing this
98 setting mid-run. If the value needs to change, the daemon must be
99 restarted. (This behavior should be improved.)
103 <dt><code>external_ids:ovn-encap-type</code></dt>
106 The encapsulation type that a chassis should use to connect to
107 this node. Supported tunnel types for connecting hypervisors
108 are <code>geneve</code> and <code>stt</code>. Gateways may
109 use <code>geneve</code>, <code>vxlan</code>, or
114 Due to the limited amount of metadata in <code>vxlan</code>,
115 the capabilities and performance of connected gateways will be
116 reduced versus other tunnel formats.
120 <dt><code>external_ids:ovn-encap-ip</code></dt>
122 The IP address that a chassis should use to connect to this node
123 using encapsulation type specified by
124 <code>external_ids:ovn-encap-type</code>.
127 <dt><code>external_ids:ovn-bridge-mappings</code></dt>
129 A list of key-value pairs that map a physical network name to a local
130 ovs bridge that provides connectivity to that network. An example
131 value mapping two physical network names to two ovs bridges would be:
132 <code>physnet1:br-eth0,physnet2:br-eth1</code>.
136 <h1>Open vSwitch Database Usage</h1>
139 <code>ovn-controller</code> uses a number of <code>external-ids</code>
140 keys in the Open vSwitch database to keep track of ports and interfaces.
141 For proper operation, users should not change or clear these keys:
146 <code>external_ids:ovn-chassis-id</code> in the <code>Port</code> table
149 The presence of this key identifies a tunnel port within the
150 integration bridge as one created by <code>ovn-controller</code> to
151 reach a remote chassis. Its value is the chassis ID of the remote
156 <code>external-ids:ovn-patch-port</code> in the <code>Port</code> table
160 The presence of this key identifies a patch port as one created by
161 <code>ovn-controller</code> to connect the integration bridge and
162 another bridge to implement a <code>localnet</code> logical port.
163 Its value is the name of the physical network that the port
164 implements. See <code>external_ids:ovn-bridge-mappings</code>,
165 above, for more information.
169 Each <code>localnet</code> logical port is implemented as a pair of
170 patch ports, one in the integration bridge, one in a different
171 bridge, with the same <code>external-ids:ovn-patch-port</code> value.
176 <h1>Runtime Management Commands</h1>
178 <code>ovs-appctl</code> can send commands to a running
179 <code>ovn-controller</code> process. The currently supported
180 commands are described below.
182 <dt><code>exit</code></dt>
184 Causes <code>ovn-controller</code> to gracefully terminate.
187 <dt><code>ct-zone-list</code></dt>
189 Lists each local logical port and its connection tracking zone.