<h1>General Commands</h1>
<dl>
- <dt><code>show [<var>lswitch</var>]</code></dt>
+ <dt><code>show [<var>lswitch</var> | <var>router</var>]</code></dt>
<dd>
Prints a brief overview of the database contents. If
<var>lswitch</var> is provided, only records related to that
- logical switch are shown.
+ logical switch are shown. If
+ <var>router</var> is provided, only records related to that
+ logical router are shown.
</dd>
</dl>
<h1>Logical Switch Commands</h1>
<dl>
- <dt><code>lswitch-add</code> [<var>lswitch</var>]</dt> <dd> Creates a new logical switch named <var>lswitch</var>. If
- <var>lswitch</var> is not provided, the switch will not have a
- name so other commands must refer to this switch by its UUID.
- Initially the switch will have no ports.
+ <dt><code>lswitch-add</code></dt>
+ <dd>
+ <p>
+ Creates a new, unnamed logical switch, which initially has no ports.
+ The switch does not have a name, other commands must refer to this
+ switch by its UUID.
+ </p>
+ </dd>
+
+ <dt>[<code>--may-exist</code> | <code>--add-duplicate</code>] <code>lswitch-add</code> <var>lswitch</var></dt>
+ <dd>
+ <p>
+ Creates a new logical switch named <var>lswitch</var>, which
+ initially has no ports.
+ </p>
+
+ <p>
+ The OVN northbound database schema does not require logical switch
+ names to be unique, but the whole point to the names is to provide an
+ easy way for humans to refer to the switches, making duplicate names
+ unhelpful. Thus, without any options, this command regards it as an
+ error if <var>lswitch</var> is a duplicate name. With
+ <code>--may-exist</code>, adding a duplicate name succeeds but does
+ not create a new logical switch. With <code>--add-duplicate</code>,
+ the command really creates a new logical switch with a duplicate
+ name. It is an error to specify both options.
+ </p>
</dd>
- <dt><code>lswitch-del</code> <var>lswitch</var></dt>
+ <dt>[<code>--if-exists</code>] <code>lswitch-del</code> <var>lswitch</var></dt>
<dd>
- Deletes <var>lswitch</var>.
+ Deletes <var>lswitch</var>. It is an error if <var>lswitch</var> does
+ not exist, unless <code>--if-exists</code> is specified.
</dd>
<dt><code>lswitch-list</code></dt>
</dd>
</dl>
- <h1>Logical Port Commands</h1>
+ <h1>Logical Switch Port Commands</h1>
<dl>
- <dt><code>lport-add</code> <var>lswitch</var> <var>lport</var></dt>
+ <dt>[<code>--may-exist</code>] <code>lsp-add</code> <var>lswitch</var> <var>port</var></dt>
<dd>
- Creates on <var>lswitch</var> a new logical port named
- <var>lport</var>.
+ <p>
+ Creates on <var>lswitch</var> a new logical switch port named
+ <var>port</var>.
+ </p>
+
+ <p>
+ It is an error if a logical port named <var>port</var> already
+ exists, unless <code>--may-exist</code> is specified. Regardless of
+ <code>--may-exist</code>, it is an error if the existing port is in
+ some logical switch other than <var>lswitch</var> or if it has a
+ parent port.
+ </p>
</dd>
- <dt><code>lport-add</code> <var>lswitch</var> <var>lport</var> <var>parent</var> <var>tag</var></dt>
+ <dt>[<code>--may-exist</code>] <code>lsp-add</code> <var>lswitch</var> <var>port</var> <var>parent</var> <var>tag</var></dt>
<dd>
- Creates on <var>lswitch</var> a logical port named <var>lport</var>
- that is a child of <var>parent</var> that is identifed with VLAN ID
- <var>tag</var>. This is useful in cases such as virtualized
- container environments where Open vSwitch does not have a direct
- connection to the container's port and it must be shared with
- the virtual machine's port.
+ <p>
+ Creates on <var>lswitch</var> a logical switch port named
+ <var>port</var> that is a child of <var>parent</var> that is
+ identifed with VLAN ID <var>tag</var>. This is useful in
+ cases such as virtualized container environments where Open
+ vSwitch does not have a direct connection to the container's
+ port and it must be shared with the virtual machine's port.
+ </p>
+
+ <p>
+ It is an error if a logical port named <var>port</var> already
+ exists, unless <code>--may-exist</code> is specified. Regardless of
+ <code>--may-exist</code>, it is an error if the existing port is not
+ in <var>lswitch</var> or if it does not have the specified
+ <var>parent</var> and <var>tag</var>.
+ </p>
</dd>
- <dt><code>lport-del</code> <var>lport</var></dt>
+ <dt>[<code>--if-exists</code>] <code>lsp-del</code> <var>port</var></dt>
<dd>
- Deletes <var>lport</var>.
+ Deletes <var>port</var>. It is an error if <var>port</var> does
+ not exist, unless <code>--if-exists</code> is specified.
</dd>
- <dt><code>lport-list</code> <var>lswitch</var></dt>
+ <dt><code>lsp-list</code> <var>lswitch</var></dt>
<dd>
- Lists all the logical ports within <var>lswitch</var> on
+ Lists all the logical switch ports within <var>lswitch</var> on
standard output, one per line.
</dd>
- <dt><code>lport-get-parent</code> <var>lport</var></dt>
+ <dt><code>lsp-get-parent</code> <var>port</var></dt>
<dd>
- If set, get the parent port of <var>lport</var>. If not set, print
+ If set, get the parent port of <var>port</var>. If not set, print
nothing.
</dd>
- <dt><code>lport-get-tag</code> <var>lport</var></dt>
+ <dt><code>lsp-get-tag</code> <var>port</var></dt>
<dd>
- If set, get the tag for <var>lport</var> traffic. If not set, print
+ If set, get the tag for <var>port</var> traffic. If not set, print
nothing.
</dd>
- <dt><code>lport-set-addresses</code> <var>lport</var> [<var>address</var>]...</dt>
+ <dt><code>lsp-set-addresses</code> <var>port</var> [<var>address</var>]...</dt>
<dd>
- Sets the addresses associated with <var>lport</var> to
+ Sets the addresses associated with <var>port</var> to
<var>address</var>. Each <var>address</var> should be either an
Ethernet address or an Ethernet address followed by an IP address
(separated by a space and quoted to form a single command-line
argument). The special form <code>unknown</code> is also valid.
Multiple Ethernet addresses or Ethernet+IP pairs may be set. If no
- <var>address</var> argument is given, <var>lport</var> will have no
+ <var>address</var> argument is given, <var>port</var> will have no
addresses associated with it.
</dd>
- <dt><code>lport-get-addresses</code> <var>lport</var></dt>
+ <dt><code>lsp-get-addresses</code> <var>port</var></dt>
<dd>
- Lists all the addresses associated with <var>lport</var> on standard
+ Lists all the addresses associated with <var>port</var> on standard
output, one per line.
</dd>
- <dt><code>lport-set-port-security</code> <var>lport</var> [<var>addrs</var>]...</dt>
+ <dt><code>lsp-set-port-security</code> <var>port</var> [<var>addrs</var>]...</dt>
<dd>
<p>
- Sets the port security addresses associated with <var>lport</var> to
+ Sets the port security addresses associated with <var>port</var> to
<var>addrs</var>. Multiple sets of addresses may be set by using
multiple <var>addrs</var> arguments. If no <var>addrs</var> argument
- is given, <var>lport</var> will not have port security enabled.
+ is given, <var>port</var> will not have port security enabled.
</p>
<p>
Port security limits the addresses from which a logical port may send
packets and to which it may receive packets. See the
<code>ovn-nb</code>(5) documentation for the <ref
- column="port_security" table="Logical_Port"/> column in the <ref
- table="Logical_Port"/> table for details.
+ column="port_security" table="Logical_Switch_Port"/> column in
+ the <ref table="Logical_Switch_Port"/> table for details.
</p>
</dd>
- <dt><code>lport-get-port-security</code> <var>lport</var></dt>
+ <dt><code>lsp-get-port-security</code> <var>port</var></dt>
<dd>
- Lists all the port security addresses associated with <var>lport</var>
+ Lists all the port security addresses associated with <var>port</var>
on standard output, one per line.
</dd>
- <dt><code>lport-get-up</code> <var>lport</var></dt>
+ <dt><code>lsp-get-up</code> <var>port</var></dt>
<dd>
- Prints the state of <var>lport</var>, either <code>up</code> or
+ Prints the state of <var>port</var>, either <code>up</code> or
<code>down</code>.
</dd>
- <dt><code>lport-set-enabled</code> <var>lport</var> <var>state</var></dt>
+ <dt><code>lsp-set-enabled</code> <var>port</var> <var>state</var></dt>
<dd>
- Set the administrative state of <var>lport</var>, either <code>enabled</code>
+ Set the administrative state of <var>port</var>, either <code>enabled</code>
or <code>disabled</code>. When a port is disabled, no traffic is allowed into
or out of the port.
</dd>
- <dt><code>lport-get-enabled</code> <var>lport</var></dt>
+ <dt><code>lsp-get-enabled</code> <var>port</var></dt>
<dd>
- Prints the administrative state of <var>lport</var>, either <code>enabled</code>
+ Prints the administrative state of <var>port</var>, either <code>enabled</code>
or <code>disabled</code>.
</dd>
- <dt><code>lport-set-type</code> <var>lport</var> <var>type</var></dt>
+ <dt><code>lsp-set-type</code> <var>port</var> <var>type</var></dt>
<dd>
Set the type for the logical port. No special types have been implemented yet.
</dd>
- <dt><code>lport-get-type</code> <var>lport</var></dt>
+ <dt><code>lsp-get-type</code> <var>port</var></dt>
<dd>
Get the type for the logical port.
</dd>
- <dt><code>lport-set-options</code> <var>lport</var> [<var>key=value</var>]...</dt>
+ <dt><code>lsp-set-options</code> <var>port</var> [<var>key=value</var>]...</dt>
<dd>
Set type-specific key-value options for the logical port.
</dd>
- <dt><code>lport-get-options</code> <var>lport</var></dt>
+ <dt><code>lsp-get-options</code> <var>port</var></dt>
<dd>
Get the type-specific options for the logical port.
</dd>
</dl>
+ <h1>Logical Router Commands</h1>
+
+ <dl>
+ <dt><code>lr-add</code></dt>
+ <dd>
+ <p>
+ Creates a new, unnamed logical router, which initially has no ports.
+ The router does not have a name, other commands must refer to this
+ router by its UUID.
+ </p>
+ </dd>
+
+ <dt>[<code>--may-exist</code> | <code>--add-duplicate</code>] <code>lr-add</code> <var>router</var></dt>
+ <dd>
+ <p>
+ Creates a new logical router named <var>router</var>, which
+ initially has no ports.
+ </p>
+
+ <p>
+ The OVN northbound database schema does not require logical router
+ names to be unique, but the whole point to the names is to provide an
+ easy way for humans to refer to the routers, making duplicate names
+ unhelpful. Thus, without any options, this command regards it as an
+ error if <var>router</var> is a duplicate name. With
+ <code>--may-exist</code>, adding a duplicate name succeeds but does
+ not create a new logical router. With <code>--add-duplicate</code>,
+ the command really creates a new logical router with a duplicate
+ name. It is an error to specify both options.
+ </p>
+ </dd>
+
+ <dt>[<code>--if-exists</code>] <code>lr-del</code> <var>router</var></dt>
+ <dd>
+ Deletes <var>router</var>. It is an error if <var>router</var> does
+ not exist, unless <code>--if-exists</code> is specified.
+ </dd>
+
+ <dt><code>lr-list</code></dt>
+ <dd>
+ Lists all existing routers on standard output, one per line.
+ </dd>
+ </dl>
+
+ <h1>Logical Router Port Commands</h1>
+
+ <dl>
+ <dt>[<code>--may-exist</code>] <code>lrp-add</code> <var>router</var> <var>port</var> <var>mac</var> <var>network</var> [<var>peer</var>]</dt>
+ <dd>
+ <p>
+ Creates on <var>router</var> a new logical router port named
+ <var>port</var> with Ethernet address <var>mac</var> and IP
+ address/netmask <var>network</var>. If <var>peer</var> is
+ specified, it identifies a logical router port that connects
+ to this one.
+ </p>
+
+ <p>
+ It is an error if a logical router port named <var>port</var>
+ already exists, unless <code>--may-exist</code> is specified.
+ Regardless of <code>--may-exist</code>, it is an error if the
+ existing router port is in some logical router other than
+ <var>router</var>.
+ </p>
+ </dd>
+
+ <dt>[<code>--if-exists</code>] <code>lrp-del</code> <var>port</var></dt>
+ <dd>
+ Deletes <var>port</var>. It is an error if <var>port</var> does
+ not exist, unless <code>--if-exists</code> is specified.
+ </dd>
+
+ <dt><code>lrp-list</code> <var>router</var></dt>
+ <dd>
+ Lists all the logical router ports within <var>router</var> on
+ standard output, one per line.
+ </dd>
+
+ <dt><code>lrp-set-enabled</code> <var>port</var> <var>state</var></dt>
+ <dd>
+ Set the administrative state of <var>port</var>, either
+ <code>enabled</code> or <code>disabled</code>. When a port is
+ disabled, no traffic is allowed into or out of the port.
+ </dd>
+
+ <dt><code>lrp-get-enabled</code> <var>port</var></dt>
+ <dd>
+ Prints the administrative state of <var>port</var>, either
+ <code>enabled</code> or <code>disabled</code>.
+ </dd>
+ </dl>
+
+ <h1>Logical Router Static Route Commands</h1>
+
+ <dl>
+ <dt>[<code>--may-exist</code>] <code>lr-route-add</code> <var>router</var> <var>prefix</var> <var>nexthop</var> [<var>port</var>]</dt>
+ <dd>
+ <p>
+ Adds the specified route to <var>router</var>.
+ <var>prefix</var> describes an IPv4 or IPv6 prefix for this
+ route, such as <code>192.168.100.0/24</code>.
+ <var>nexthop</var> specifies the gateway to use for this
+ route, which should be the IP address of one of
+ <var>router</var> logical router ports or the IP address of a
+ logical port. If <var>port</var> is specified, packets that
+ match this route will be sent out that port. When
+ <var>port</var> is omitted, OVN infers the output port based
+ on <var>nexthop</var>.
+ </p>
+
+ <p>
+ It is an error if a route with <var>prefix</var> already exists,
+ unless <code>--may-exist</code> is specified.
+ </p>
+ </dd>
+
+ <dt>[<code>--if-exists</code>] <code>lr-route-del</code> <var>router</var> [<var>prefix</var>]</dt>
+ <dd>
+ <p>
+ Deletes routes from <var>router</var>. If only <var>router</var>
+ is supplied, all the routes from the logical router are
+ deleted. If <var>prefix</var> is also specified, then all the
+ routes that match the prefix will be deleted from the logical
+ router.
+ </p>
+
+ <p>
+ It is an error if <code>prefix</code> is specified and there
+ is no matching route entry, unless <code>--if-exists</code> is
+ specified.
+ </p>
+ </dd>
+
+ <dt><code>lr-route-list</code> <var>router</var></dt>
+ <dd>
+ Lists the routes on <var>router</var>.
+ </dd>
+ </dl>
+
<h1>Database Commands</h1>
<p>These commands query and modify the contents of <code>ovsdb</code> tables.
They are a slight abstraction of the <code>ovsdb</code> interface and
An L2 logical switch. Records may be identified by name.
</dd>
- <dt><code>Logical_Port</code></dt>
+ <dt><code>Logical_Switch_Port</code></dt>
<dd>
A port within an L2 logical switch. Records may be identified by name.
</dd>
A port within an L3 logical router. Records may be identified by name.
</dd>
+ <dt><code>Logical_Router_Static_Route</code></dt>
+ <dd>
+ A static route belonging to an L3 logical router.
+ </dd>
+
</dl>
<xi:include href="lib/db-ctl-base.xml" xmlns:xi="http://www.w3.org/2003/XInclude"/>