ovs−vsctl Commands
- Tracy Yang (Unlicensed)
Owned by Tracy Yang (Unlicensed)
Mar 03, 2023
18 min read
Loading data...
The command ovs-vsctl is a utility for querying and configuring the Open vSwitch. The Open vSwitch configuration is kept in a database managed by the ovsdb-server process.The ovs-vsctl command connects to ovsdb-server, which maintains the Open vSwitch configuration database. Using this connection, ovs-vsctl queries and applies changes to the database, based on the supplied commands.
See ovs-vsctl help for more information about the utility.
admin@PICOS-OVS:~$ ovs-vsctl --help
ovs-vsctl: ovs-vswitchd management utility
usage: ovs-vsctl [OPTIONS] COMMAND [ARG...]
Open vSwitch commands:
init initialize database, if not yet initialized
show print overview of database contents
emer-reset reset configuration to clean state
Bridge commands:
add-br BRIDGE create a new bridge named BRIDGE
add-br BRIDGE PARENT VLAN create new fake BRIDGE in PARENT on VLAN
del-br BRIDGE delete BRIDGE and all of its ports
list-br print the names of all the bridges
br-exists BRIDGE exit 2 if BRIDGE does not exist
br-to-vlan BRIDGE print the VLAN which BRIDGE is on
br-to-parent BRIDGE print the parent of BRIDGE
br-set-external-id BRIDGE KEY VALUE set KEY on BRIDGE to VALUE
br-set-external-id BRIDGE KEY unset KEY on BRIDGE
br-get-external-id BRIDGE KEY print value of KEY on BRIDGE
br-get-external-id BRIDGE list key-value pairs on BRIDGE
Port commands (a bond is considered to be a single port):
list-ports BRIDGE print the names of all the ports on BRIDGE
add-port BRIDGE PORT add network device PORT to BRIDGE
add-bond BRIDGE PORT IFACE... add bonded port PORT in BRIDGE from IFACES
del-port [BRIDGE] PORT delete PORT (which may be bonded) from BRIDGE
port-to-br PORT print name of bridge that contains PORT
Interface commands (a bond consists of multiple interfaces):
list-ifaces BRIDGE print the names of all interfaces on BRIDGE
iface-to-br IFACE print name of bridge that contains IFACE
Controller commands:
get-controller BRIDGE print the controllers for BRIDGE
del-controller BRIDGE delete the controllers for BRIDGE
set-controller BRIDGE TARGET... set the controllers for BRIDGE
get-fail-mode BRIDGE print the fail-mode for BRIDGE
del-fail-mode BRIDGE delete the fail-mode for BRIDGE
set-fail-mode BRIDGE MODE set the fail-mode for BRIDGE to MODE
Manager commands:
get-manager print the managers
del-manager delete the managers
set-manager TARGET... set the list of managers to TARGET...
SSL commands:
get-ssl print the SSL configuration
del-ssl delete the SSL configuration
set-ssl PRIV-KEY CERT CA-CERT set the SSL configuration
Switch commands:
emer-reset reset switch to known good state
Database commands:
list TBL [REC] list RECord (or all records) in TBL
find TBL CONDITION... list records satisfying CONDITION in TBL
get TBL REC COL[:KEY] print values of COLumns in RECord in TBL
set TBL REC COL[:KEY]=VALUE set COLumn values in RECord in TBL
add TBL REC COL [KEY=]VALUE add (KEY=)VALUE to COLumn in RECord in TBL
remove TBL REC COL [KEY=]VALUE remove (KEY=)VALUE from COLumn
clear TBL REC COL clear values from COLumn in RECord in TBL
create TBL COL[:KEY]=VALUE create and initialize new record
destroy TBL REC delete RECord from TBL
wait-until TBL REC [COL[:KEY]=VALUE] wait until condition is true
Potentially unsafe database commands require --force option.
Options:
--db=DATABASE connect to DATABASE
(default: unix:/ovs/var/run/openvswitch/db.sock)
--no-wait do not wait for ovs-vswitchd to reconfigure
--retry keep trying to connect to server forever
-t, --timeout=SECS wait at most SECS seconds for ovs-vswitchd
--dry-run do not commit changes to database
--oneline print exactly one line of output per command
Pica commands:
show-running-config print current ovsdb config
show-valid-port [FRONT] print all valid ports or one
set-port-breakout ALL|FRONT TRUE|FALSE use breakout cable or not
set-port-name FRONT [1,4]=default|XXX modify name of sub-port on FRONT
set-match-mode MODE:OPTIONS=PRIORITY set match-modes
show-match-mode print current match-modes
set-gtp-udp-dst-ports PORT... set gtp udp ports, PORT is up to 4
show-gtp-udp-dst-ports show gtp udp ports
set-match-vxlan-vni-enable TRUE|FALSE enable or disable vxlan vni matching
show-match-vxlan-vni show vxlan vni matching
set-vxlan-udp-dst-port [1, 65535] set vxlan udp destination port
show-vxlan-udp-dst-port show vxlan udp destination port
set-vntag-ethertype [0x6000, 0xffff] set VN tag ethertype
show-vntag-ethertype show VN tag ethertype
set-snmp-enable TRUE|FALSE enable or disable snmp
show-snmp show snmp
set-snmp-trap-targets IPv4(s) set snmp trap targets
show-snmp-trap-targets show snmp trap targets
set-snmp-community-name set snmp agent community name
show-snmp-community-name show snmp agent community name
set-cos-map TRUE|FALSE enable or disable cos-mapping
show-cos-map [IFACE] show cos-mapping
set-vlan-priority-cos-map TRUE|FALSE enable or disable vlan-priority-cos-mapping
show-vlan-priority-cos-map show vlan-priority-cos-mapping
set-egress-mode TRUE|FALSE [TABLE] set egress mode
show-egress-mode show egress-mode
set-combinated-mode TRUE|FALSE enable or disable combinated-mode
show-combinated-mode show combinated-mode
set-l2gre-key-length set l2gre key length
show-l2gre-key-length show l2gre key length
set-proxy-arp TRUE|FALSE SUBNETS set proxy arp
show-proxy-arp show proxy arp
set-proxy-icmpv6 TRUE|FALSE SUBNETS set proxy icmpv6 for NS/NA
show-proxy-icmpv6 show proxy icmpv6
set-l2-mode TRUE|FALSE [TABLE] set l2 mode
show-l2-mode show l2 mode
set-l3-mode TRUE|FALSE [TABLE] set l3 mode
show-l3-mode show l3 mode
set-l2-l3-buffer-mode [0, 5] set l2/l3 buffer mode(0-5)
show-l2-l3-buffer-mode show l2/l3 buffer mode
set-l2-l3-preference TRUE|FALSE set l2/l3 flow preference
show-l2-l3-preference show l2/l3 flow preference
set-max-ecmp-ports NUM set l3 max ecmp ports to NUM(2~32 and a power of 2)
show-max-ecmp-ports show l3 max ecmp ports
set-lag-advance-hash-mapping-fields FIELDS set hash fields of advance hash-mapping
show-lag-advance-hash-mapping-fields show hash fields of advance hash-mapping
set-udf-mode MODE set udf mode, MODE's format is udfN(l2|l3,offset=OFS,length=LEN),...
only up to 4 udfs(udf0,udf1,udf2,udf3) are supported
show-udf-mode show udf mode
set-max-resilient-hash-lag-count COUNT set lag-max-resilient-hash-lag-count.
COUNT is max count of lags which,
can be set to resilient hash,
the valid value of COUNT is
1, 2, 4, 8, 16, 32, 64.
The default value is 1.
show-max-resilient-hash-lag-count show lag-max-resilient-hash-lag-count.
set-macro-udf MODE set macro udf mode instead of offset and length, look up show udf field
show-macro-udf show macro udf mode
show-udf-field options for macro udf
set-egress-mc-queue-dynamic [0,7] TRUE|FALSE set certain queue id multicast dynamic buffer enable
set-egress-shared-queue-ratio [0,7] [0,100] set certain queue id shared buffer ratio
show-egress-shared-queue-ratio show added queue id shared buffer ratio
set-loopback-enable TRUE|FALSE set loopback enable or disable
set-option-match-vlan-type TRUE|FALSE enable or disable matching untagged pakcets
show-option-match-vlan-type show vlan format enable or disable
set-select-group-hash-fields [FIELDS] set select-group-hash-fields
show-select-group-hash-fields show current select-group-hash-fields
set-flow-handling-mode [MODE] set flow-handling-mode
show-flow-handling-mode show current flow-handling-mode
set-rdbgc4 [TYPE] set rdbgc4
show-rdbgc4 show current rdbgc4
set-lag-members-sorted set lag members sorted
show-lag-members-sorted show lag members sorted
set-group-ranges [GROUPS] set special groups(lag-select-groups, ecmp-select-groups,
ingress-mirror-groups, egress-mirror-groups) ranges
show-group-ranges show current group ranges
set-meter-ranges [METERS] set special meters(egress-meter) ranges
show-meter-ranges show current meter ranges
set-l3-ecmp-hash-fields FIELDS set l3 ecmp hash fields
show-l3-ecmp-hash-fields show l3 ecmp hash fields
set-l3-egress-keep-fields [FIELDS] set default keep fields in l3 egress interface
show-l3-egress-keep-fields show default keep fields in l3 egress interface
disable-extend-group TRUE|FALSE disable or enable extend group for arp/mpls flows
show-extend-group show extend group config
set-symmetric-hash [LAG|ECMP] TRUE|FALSE disable or enable symmetric hash
show-symmetric-hash show symmetric hash config
set-flow-counter-mode both|bytes|packets set flow counter mode
show-flow-counter-mode show flow counter mode
set-ttp-enable TRUE|FALSE set ttp module enable or disable
set-ttp-file FILE set ttp file name
show-ttp show ttp status and file name
set-counter-interval [10,1000] set counter interval
show-counter-interval show counter interval
display-settings show the configurations in OVSDB through ovs-vsctl comands
Logging options:
-vSPEC, --verbose=SPEC set logging levels
-v, --verbose set maximum verbosity level
--log-file[=FILE] enable logging to specified FILE
(default: /ovs/var/log/openvswitch/ovs-vsctl.log)
--syslog-target=HOST:PORT also send syslog msgs to HOST:PORT via UDP
--no-syslog equivalent to --verbose=vsctl:syslog:warn
Active database connection methods:
tcp:IP:PORT PORT at remote IP
ssl:IP:PORT SSL PORT at remote IP
unix:FILE Unix domain socket named FILE
Passive database connection methods:
ptcp:PORT[:IP] listen to TCP PORT on IP
pssl:PORT[:IP] listen for SSL on PORT on IP
punix:FILE listen on Unix domain socket FILE
PKI configuration (required to use SSL):
-p, --private-key=FILE file with private key
-c, --certificate=FILE file with certificate for private key
-C, --ca-cert=FILE file with peer CA certificate
Other options:
-h, --help display this help message
-V, --version display version information
admin@PICOS-OVS:~$
See ovs-vsctl main page for detailed syntax and additional information.
admin@Switch$man ovs-vsctl
ovs-vsctl(8) Open vSwitch Manual ovs-vsctl(8)
NAME
ovs-vsctl - utility for querying and configuring ovs-vswitchd
SYNOPSIS
ovs-vsctl [options] -- [options] command [args] [-- [options] command [args]]...
DESCRIPTION
The ovs-vsctl program configures ovs-vswitchd(8) by providing a high-level interface to its configuration data-
base. See ovs-vswitchd.conf.db(5) for comprehensive documentation of the database schema.
ovs-vsctl connects to an ovsdb-server process that maintains an Open vSwitch configuration database. Using this
connection, it queries and possibly applies changes to the database, depending on the supplied commands. Then, if
it applied any changes, by default it waits until ovs-vswitchd has finished reconfiguring itself before it exits.
(If you use ovs-vsctl when ovs-vswitchd is not running, use --no-wait.)
ovs-vsctl can perform any number of commands in a single run, implemented as a single atomic transaction against
the database.
The ovs-vsctl command line begins with global options (see OPTIONS below for details). The global options are
followed by one or more commands. Each command should begin with -- by itself as a command-line argument, to sep-
arate it from the following commands. (The -- before the first command is optional.) The command itself starts
with command-specific options, if any, followed by the command name and any arguments. See EXAMPLES below for
syntax examples.
Linux VLAN Bridging Compatibility
The ovs-vsctl program supports the model of a bridge implemented by Open vSwitch, in which a single bridge sup-
ports ports on multiple VLANs. In this model, each port on a bridge is either a trunk port that potentially
passes packets tagged with 802.1Q headers that designate VLANs or it is assigned a single implicit VLAN that is
never tagged with an 802.1Q header.
For compatibility with software designed for the Linux bridge, ovs-vsctl also supports a model in which traffic
associated with a given 802.1Q VLAN is segregated into a separate bridge. A special form of the add-br command
(see below) creates a ``fake bridge'' within an Open vSwitch bridge to simulate this behavior. When such a ``fake
bridge'' is active, ovs-vsctl will treat it much like a bridge separate from its ``parent bridge,'' but the actual
implementation in Open vSwitch uses only a single bridge, with ports on the fake bridge assigned the implicit VLAN
of the fake bridge of which they are members. (A fake bridge for VLAN 0 receives packets that have no 802.1Q tag
or a tag with VLAN 0.)
<Some output omitted>
Copyright © 2024 Pica8 Inc. All Rights Reserved.