ovn-nbctl(8) Open vSwitch Manual ovn-nbctl(8)
NAME
ovn-nbctl - Open Virtual Network northbound db management utility
SYNOPSYS
ovn-nbctl [options] command [arg...]
DESCRIPTION
This utility can be used to manage the OVN northbound database.
GENERAL COMMANDS
show [lswitch]
Prints a brief overview of the database contents. If
lswitch is provided, only records related to that logical
switch are shown.
LOGICAL SWITCH COMMANDS
lswitch-add [lswitch]
Creates a new logical switch named lswitch. If lswitch
is not provided, the switch will not have a name so other
commands must refer to this switch by its UUID. Ini‐
tially the switch will have no ports.
lswitch-del lswitch
Deletes lswitch.
lswitch-list
Lists all existing switches on standard output, one per
line.
ACL COMMANDS
[--log] acl-add lswitch direction priority match action
Adds the specified ACL to lswitch. direction must be
either from-lport or to-lport. priority must be between
1 and 65534, inclusive. If --log is specified, packet
logging is enabled for the ACL. A full description of
the fields are in ovn-nb(5).
acl-del lswitch [direction [priority match]]
Deletes ACLs from lswitch. If only lswitch is supplied,
all the ACLs from the logical switch are deleted. If
direction is also specified, then all the flows in that
direction will be deleted from the logical switch. If
all the fields are given, then a single flow that matches
all the fields will be deleted.
acl-list lswitch
Lists the ACLs on lswitch.
LOGICAL PORT COMMANDS
lport-add lswitch lport
Creates on lswitch a new logical port named lport.
lport-add lswitch lport parent tag
Creates on lswitch a logical port named lport that is a
child of parent that is identifed with VLAN ID tag. This
is useful in cases such as virtualized container environ‐
ments where Open vSwitch does not have a direct connec‐
tion to the container’s port and it must be shared with
the virtual machine’s port.
lport-del lport
Deletes lport.
lport-list lswitch
Lists all the logical ports within lswitch on standard
output, one per line.
lport-get-parent lport
If set, get the parent port of lport. If not set, print
nothing.
lport-get-tag lport
If set, get the tag for lport traffic. If not set, print
nothing.
lport-set-addresses lport [address]...
Sets the addresses associated with lport to address.
Each address should be either an Ethernet address or an
Ethernet address followed by an IP address (separated by
a space and quoted to form a single command-line argu‐
ment). The special form unknown is also valid. Multiple
Ethernet addresses or Ethernet+IP pairs may be set. If no
address argument is given, lport will have no addresses
associated with it.
lport-get-addresses lport
Lists all the addresses associated with lport on standard
output, one per line.
lport-set-port-security lport [addrs]...
Sets the port security addresses associated with lport to
addrs. Multiple sets of addresses may be set by using
multiple addrs arguments. If no addrs argument is given,
lport will not have port security enabled.
Port security limits the addresses from which a logical
port may send packets and to which it may receive pack‐
ets. See the ovn-nb(5) documentation for the port_secu‐
rity column in the Logical_Port table for details.
lport-get-port-security lport
Lists all the port security addresses associated with
lport on standard output, one per line.
lport-get-up lport
Prints the state of lport, either up or down.
lport-set-enabled lport state
Set the administrative state of lport, either enabled or
disabled. When a port is disabled, no traffic is allowed
into or out of the port.
lport-get-enabled lport
Prints the administrative state of lport, either enabled
or disabled.
lport-set-type lport type
Set the type for the logical port. No special types have
been implemented yet.
lport-get-type lport
Get the type for the logical port.
lport-set-options lport [key=value]...
Set type-specific key-value options for the logical port.
lport-get-options lport
Get the type-specific options for the logical port.
OPTIONS
--db database
The OVSDB database remote to contact. If the OVN_NB_DB
environment variable is set, its value is used as the
default. Otherwise, the default is unix:/var/run/open‐
vswitch/db.sock, but this default is unlikely to be use‐
ful outside of single-machine OVN test environments.
-h | --help
-o | --options
-V | --version
LOGGING OPTIONS
-vspec, --verbose=spec
-v, --verbose
--log-file[=file]
--syslog-target=host:port
PKI CONFIGURATION (REQUIRED TO USE SSL)
-p, --private-key=file file with private key
-c, --certificate=file file with certificate for private key
-C, --ca-cert=file file with peer CA certificate
Open vSwitch 2.4.90 ovn-nbctl ovn-nbctl(8)