ovn-nbctl(8) Open vSwitch Manual ovn-nbctl(8) NAME ovn-nbctl - Open Virtual Network northbound db management utility SYNOPSYS ovn-nbctl [options] command [arg...] DESCRIPTION This utility can be used to manage the OVN northbound database. GENERAL COMMANDS show [lswitch] Prints a brief overview of the database contents. If lswitch is provided, only records related to that logical switch are shown. LOGICAL SWITCH COMMANDS lswitch-add [lswitch] Creates a new logical switch named lswitch. If lswitch is not provided, the switch will not have a name so other commands must refer to this switch by its UUID. Ini‐ tially the switch will have no ports. lswitch-del lswitch Deletes lswitch. lswitch-list Lists all existing switches on standard output, one per line. ACL COMMANDS [--log] acl-add lswitch direction priority match action Adds the specified ACL to lswitch. direction must be either from-lport or to-lport. priority must be between 1 and 65534, inclusive. If --log is specified, packet logging is enabled for the ACL. A full description of the fields are in ovn-nb(5). acl-del lswitch [direction [priority match]] Deletes ACLs from lswitch. If only lswitch is supplied, all the ACLs from the logical switch are deleted. If direction is also specified, then all the flows in that direction will be deleted from the logical switch. If all the fields are given, then a single flow that matches all the fields will be deleted. acl-list lswitch Lists the ACLs on lswitch. LOGICAL PORT COMMANDS lport-add lswitch lport Creates on lswitch a new logical port named lport. lport-add lswitch lport parent tag Creates on lswitch a logical port named lport that is a child of parent that is identifed with VLAN ID tag. This is useful in cases such as virtualized container environ‐ ments where Open vSwitch does not have a direct connec‐ tion to the container’s port and it must be shared with the virtual machine’s port. lport-del lport Deletes lport. lport-list lswitch Lists all the logical ports within lswitch on standard output, one per line. lport-get-parent lport If set, get the parent port of lport. If not set, print nothing. lport-get-tag lport If set, get the tag for lport traffic. If not set, print nothing. lport-set-addresses lport [address]... Sets the addresses associated with lport to address. Each address should be either an Ethernet address or an Ethernet address followed by an IP address (separated by a space and quoted to form a single command-line argu‐ ment). The special form unknown is also valid. Multiple Ethernet addresses or Ethernet+IP pairs may be set. If no address argument is given, lport will have no addresses associated with it. lport-get-addresses lport Lists all the addresses associated with lport on standard output, one per line. lport-set-port-security lport [addrs]... Sets the port security addresses associated with lport to addrs. Multiple sets of addresses may be set by using multiple addrs arguments. If no addrs argument is given, lport will not have port security enabled. Port security limits the addresses from which a logical port may send packets and to which it may receive pack‐ ets. See the ovn-nb(5) documentation for the port_secu‐ rity column in the Logical_Port table for details. lport-get-port-security lport Lists all the port security addresses associated with lport on standard output, one per line. lport-get-up lport Prints the state of lport, either up or down. lport-set-enabled lport state Set the administrative state of lport, either enabled or disabled. When a port is disabled, no traffic is allowed into or out of the port. lport-get-enabled lport Prints the administrative state of lport, either enabled or disabled. lport-set-type lport type Set the type for the logical port. No special types have been implemented yet. lport-get-type lport Get the type for the logical port. lport-set-options lport [key=value]... Set type-specific key-value options for the logical port. lport-get-options lport Get the type-specific options for the logical port. OPTIONS --db database The OVSDB database remote to contact. If the OVN_NB_DB environment variable is set, its value is used as the default. Otherwise, the default is unix:/var/run/open‐ vswitch/db.sock, but this default is unlikely to be use‐ ful outside of single-machine OVN test environments. -h | --help -o | --options -V | --version LOGGING OPTIONS -vspec, --verbose=spec -v, --verbose --log-file[=file] --syslog-target=host:port PKI CONFIGURATION (REQUIRED TO USE SSL) -p, --private-key=file file with private key -c, --certificate=file file with certificate for private key -C, --ca-cert=file file with peer CA certificate Open vSwitch 2.4.90 ovn-nbctl ovn-nbctl(8)