Provided by: ovn-common_2.5.0-0ubuntu1_amd64 bug

NAME

       ovn-nbctl - Open Virtual Network northbound db management utility

SYNOPSYS

       ovn-nbctl [options] command [arg...]

DESCRIPTION

       This utility can be used to manage the OVN northbound database.

GENERAL COMMANDS

              show [lswitch]
                     Prints  a  brief overview of the database contents.  If lswitch is provided,
                     only records related to that logical switch are shown.

LOGICAL SWITCH COMMANDS

              lswitch-add [lswitch]
                     Creates a new logical switch named lswitch.  If lswitch is not provided, the
                     switch  will  not have a name so other commands must refer to this switch by
                     its UUID.  Initially the switch will have no ports.

              lswitch-del lswitch
                     Deletes lswitch.

              lswitch-list
                     Lists all existing switches on standard output, one per line.

ACL COMMANDS

              [--log] acl-add lswitch direction priority match action
                     Adds the specified ACL to lswitch.  direction must be either  from-lport  or
                     to-lport.   priority  must  be  between 1 and 65534, inclusive.  If --log is
                     specified, packet logging is enabled for the ACL.  A full description of the
                     fields are in ovn-nb(5).

              acl-del lswitch [direction [priority match]]
                     Deletes  ACLs  from lswitch.  If only lswitch is supplied, all the ACLs from
                     the logical switch are deleted.  If direction is also  specified,  then  all
                     the flows in that direction will be deleted from the logical switch.  If all
                     the fields are given, then a single flow that matches all the fields will be
                     deleted.

              acl-list lswitch
                     Lists the ACLs on lswitch.

LOGICAL PORT COMMANDS

              lport-add lswitch lport
                     Creates on lswitch a new logical port named lport.

              lport-add lswitch lport parent tag
                     Creates on lswitch a logical port named lport that is a child of parent that
                     is identifed with VLAN ID tag.  This is useful in cases such as  virtualized
                     container  environments where Open vSwitch does not have a direct connection
                     to the container’s port and it must be shared  with  the  virtual  machine’s
                     port.

              lport-del lport
                     Deletes lport.

              lport-list lswitch
                     Lists all the logical ports within lswitch on standard output, one per line.

              lport-get-parent lport
                     If set, get the parent port of lport.  If not set, print nothing.

              lport-get-tag lport
                     If set, get the tag for lport traffic.  If not set, print nothing.

              lport-set-addresses lport [address]...
                     Sets the addresses associated with lport to address.  Each address should be
                     either an Ethernet address or an Ethernet address followed by an IP  address
                     (separated  by  a  space and quoted to form a single command-line argument).
                     The special form unknown is also  valid.   Multiple  Ethernet  addresses  or
                     Ethernet+IP  pairs  may  be set. If no address argument is given, lport will
                     have no addresses associated with it.

              lport-get-addresses lport
                     Lists all the addresses associated with lport on standard  output,  one  per
                     line.

              lport-set-port-security lport [addrs]...
                     Sets  the  port security addresses associated with lport to addrs.  Multiple
                     sets of addresses may be set by using multiple addrs arguments.  If no addrs
                     argument is given, lport will not have port security enabled.

                     Port  security  limits  the  addresses  from  which  a logical port may send
                     packets  and  to  which  it  may  receive  packets.    See   the   ovn-nb(5)
                     documentation  for  the  port_security  column in the Logical_Port table for
                     details.

              lport-get-port-security lport
                     Lists all the port security addresses  associated  with  lport  on  standard
                     output, one per line.

              lport-get-up lport
                     Prints the state of lport, either up or down.

              lport-set-enabled lport state
                     Set  the  administrative state of lport, either enabled or disabled.  When a
                     port is disabled, no traffic is allowed into or out of the port.

              lport-get-enabled lport
                     Prints the administrative state of lport, either enabled or disabled.

              lport-set-type lport type
                     Set the type for the logical port.  No special types have  been  implemented
                     yet.

              lport-get-type lport
                     Get the type for the logical port.

              lport-set-options lport [key=value]...
                     Set type-specific key-value options for the logical port.

              lport-get-options lport
                     Get the type-specific options for the logical port.

OPTIONS

              --db database
                     The OVSDB database remote to contact.  If the OVN_NB_DB environment variable
                     is set, its value is  used  as  the  default.   Otherwise,  the  default  is
                     unix:/var/run/openvswitch/db.sock, but this default is unlikely to be useful
                     outside of single-machine OVN test environments.

              -h | --help
              -o | --options
              -V | --version

LOGGING OPTIONS

              -vspec, --verbose=spec
              -v, --verbose
              --log-file[=file]
              --syslog-target=host:port

PKI CONFIGURATION (REQUIRED TO USE SSL)

              -p, --private-key=file  file with private key
              -c, --certificate=file  file with certificate for private key
              -C, --ca-cert=file      file with peer CA certificate