ovn-nbctl(8) Open vSwitch Manual ovn-nbctl(8)
ovn-nbctl - Open Virtual Network northbound db management utility
ovn-nbctl [options] command [arg...]
This utility can be used to manage the OVN northbound database.
Prints a brief overview of the database contents. If
lswitch is provided, only records related to that logical
switch are shown.
LOGICAL SWITCH COMMANDS
Creates a new logical switch named lswitch. If lswitch
is not provided, the switch will not have a name so other
commands must refer to this switch by its UUID. Ini‐
tially the switch will have no ports.
Lists all existing switches on standard output, one per
[--log] acl-add lswitch direction priority match action
Adds the specified ACL to lswitch. direction must be
either from-lport or to-lport. priority must be between
1 and 65534, inclusive. If --log is specified, packet
logging is enabled for the ACL. A full description of
the fields are in ovn-nb(5).
acl-del lswitch [direction [priority match]]
Deletes ACLs from lswitch. If only lswitch is supplied,
all the ACLs from the logical switch are deleted. If
direction is also specified, then all the flows in that
direction will be deleted from the logical switch. If
all the fields are given, then a single flow that matches
all the fields will be deleted.
Lists the ACLs on lswitch.
LOGICAL PORT COMMANDS
lport-add lswitch lport
Creates on lswitch a new logical port named lport.
lport-add lswitch lport parent tag
Creates on lswitch a logical port named lport that is a
child of parent that is identifed with VLAN ID tag. This
is useful in cases such as virtualized container environ‐
ments where Open vSwitch does not have a direct connec‐
tion to the container’s port and it must be shared with
the virtual machine’s port.
Lists all the logical ports within lswitch on standard
output, one per line.
If set, get the parent port of lport. If not set, print
If set, get the tag for lport traffic. If not set, print
lport-set-addresses lport [address]...
Sets the addresses associated with lport to address.
Each address should be either an Ethernet address or an
Ethernet address followed by an IP address (separated by
a space and quoted to form a single command-line argu‐
ment). The special form unknown is also valid. Multiple
Ethernet addresses or Ethernet+IP pairs may be set. If no
address argument is given, lport will have no addresses
associated with it.
Lists all the addresses associated with lport on standard
output, one per line.
lport-set-port-security lport [addrs]...
Sets the port security addresses associated with lport to
addrs. Multiple sets of addresses may be set by using
multiple addrs arguments. If no addrs argument is given,
lport will not have port security enabled.
Port security limits the addresses from which a logical
port may send packets and to which it may receive pack‐
ets. See the ovn-nb(5) documentation for the port_secu‐
rity column in the Logical_Port table for details.
Lists all the port security addresses associated with
lport on standard output, one per line.
Prints the state of lport, either up or down.
lport-set-enabled lport state
Set the administrative state of lport, either enabled or
disabled. When a port is disabled, no traffic is allowed
into or out of the port.
Prints the administrative state of lport, either enabled
lport-set-type lport type
Set the type for the logical port. No special types have
been implemented yet.
Get the type for the logical port.
lport-set-options lport [key=value]...
Set type-specific key-value options for the logical port.
Get the type-specific options for the logical port.
The OVSDB database remote to contact. If the OVN_NB_DB
environment variable is set, its value is used as the
default. Otherwise, the default is unix://var/run/open‐
vswitch/db.sock, but this default is unlikely to be use‐
ful outside of single-machine OVN test environments.
-h | --help
-o | --options
-V | --version
PKI CONFIGURATION (REQUIRED TO USE SSL)
-p, --private-key=file file with private key
-c, --certificate=file file with certificate for private key
-C, --ca-cert=file file with peer CA certificate
Open vSwitch 2.5.1 ovn-nbctl ovn-nbctl(8)