ovn-nbctl(8)                  Open vSwitch Manual                 ovn-nbctl(8)



NAME
       ovn-nbctl - Open Virtual Network northbound db management utility

SYNOPSYS
       ovn-nbctl [options] command [arg...]

DESCRIPTION
       This utility can be used to manage the OVN northbound database.

GENERAL COMMANDS
              show [lswitch]
                     Prints  a  brief  overview  of the database contents.  If
                     lswitch is provided, only records related to that logical
                     switch are shown.

LOGICAL SWITCH COMMANDS
              lswitch-add [lswitch]
                     Creates  a  new logical switch named lswitch.  If lswitch
                     is not provided, the switch will not have a name so other
                     commands  must  refer  to  this switch by its UUID.  Ini‐
                     tially the switch will have no ports.

              lswitch-del lswitch
                     Deletes lswitch.

              lswitch-list
                     Lists all existing switches on standard output,  one  per
                     line.

ACL COMMANDS
              [--log] acl-add lswitch direction priority match action
                     Adds  the  specified  ACL  to lswitch.  direction must be
                     either from-lport or to-lport.  priority must be  between
                     1  and  65534,  inclusive.  If --log is specified, packet
                     logging is enabled for the ACL.  A  full  description  of
                     the fields are in ovn-nb(5).

              acl-del lswitch [direction [priority match]]
                     Deletes  ACLs from lswitch.  If only lswitch is supplied,
                     all the ACLs from the logical  switch  are  deleted.   If
                     direction  is  also specified, then all the flows in that
                     direction will be deleted from the  logical  switch.   If
                     all the fields are given, then a single flow that matches
                     all the fields will be deleted.

              acl-list lswitch
                     Lists the ACLs on lswitch.

LOGICAL PORT COMMANDS
              lport-add lswitch lport
                     Creates on lswitch a new logical port named lport.

              lport-add lswitch lport parent tag
                     Creates on lswitch a logical port named lport that  is  a
                     child of parent that is identifed with VLAN ID tag.  This
                     is useful in cases such as virtualized container environ‐
                     ments  where  Open vSwitch does not have a direct connec‐
                     tion to the container’s port and it must be  shared  with
                     the virtual machine’s port.

              lport-del lport
                     Deletes lport.

              lport-list lswitch
                     Lists  all  the  logical ports within lswitch on standard
                     output, one per line.

              lport-get-parent lport
                     If set, get the parent port of lport.  If not set,  print
                     nothing.

              lport-get-tag lport
                     If set, get the tag for lport traffic.  If not set, print
                     nothing.

              lport-set-addresses lport [address]...
                     Sets the addresses  associated  with  lport  to  address.
                     Each  address  should be either an Ethernet address or an
                     Ethernet address followed by an IP address (separated  by
                     a  space  and  quoted to form a single command-line argu‐
                     ment).  The special form unknown is also valid.  Multiple
                     Ethernet addresses or Ethernet+IP pairs may be set. If no
                     address argument is given, lport will have  no  addresses
                     associated with it.

              lport-get-addresses lport
                     Lists all the addresses associated with lport on standard
                     output, one per line.

              lport-set-port-security lport [addrs]...
                     Sets the port security addresses associated with lport to
                     addrs.   Multiple  sets  of addresses may be set by using
                     multiple addrs arguments.  If no addrs argument is given,
                     lport will not have port security enabled.

                     Port  security  limits the addresses from which a logical
                     port may send packets and to which it may  receive  pack‐
                     ets.   See the ovn-nb(5) documentation for the port_secu
                     rity column in the Logical_Port table for details.

              lport-get-port-security lport
                     Lists all the port  security  addresses  associated  with
                     lport on standard output, one per line.

              lport-get-up lport
                     Prints the state of lport, either up or down.

              lport-set-enabled lport state
                     Set  the administrative state of lport, either enabled or
                     disabled.  When a port is disabled, no traffic is allowed
                     into or out of the port.

              lport-get-enabled lport
                     Prints  the administrative state of lport, either enabled
                     or disabled.

              lport-set-type lport type
                     Set the type for the logical port.  No special types have
                     been implemented yet.

              lport-get-type lport
                     Get the type for the logical port.

              lport-set-options lport [key=value]...
                     Set type-specific key-value options for the logical port.

              lport-get-options lport
                     Get the type-specific options for the logical port.

OPTIONS
              --db database
                     The  OVSDB  database remote to contact.  If the OVN_NB_DB
                     environment variable is set, its value  is  used  as  the
                     default.   Otherwise, the default is unix://var/run/open
                     vswitch/db.sock, but this default is unlikely to be  use‐
                     ful outside of single-machine OVN test environments.

              -h | --help
              -o | --options
              -V | --version

LOGGING OPTIONS
              -vspec, --verbose=spec
              -v, --verbose
              --log-file[=file]
              --syslog-target=host:port

PKI CONFIGURATION (REQUIRED TO USE SSL)
              -p, --private-key=file  file with private key
              -c, --certificate=file  file with certificate for private key
              -C, --ca-cert=file      file with peer CA certificate



Open vSwitch 2.5.1                 ovn-nbctl                      ovn-nbctl(8)