Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-OVSDB VTEP commands | 78.65 KB |
OVSDB VTEP commands
ovsdb server bootstrap ca-certificate
Use ovsdb server bootstrap ca-certificate to specify a CA certificate file for establishing OVSDB SSL connections.
Use undo ovsdb server bootstrap ca-certificate to restore the default.
Syntax
ovsdb server bootstrap ca-certificate ca-filename
undo ovsdb server bootstrap ca-certificate
Default
SSL uses the CA certificate file in the PKI domain.
Views
System view
Predefined user roles
network-admin
Parameters
ca-filename: Specifies the CA certificate file name, a case-insensitive string. The file name cannot contain the slot string, and the file must be stored on the active MPU.
Usage guidelines
For the specified certificate to take effect, you must execute the ovsdb server enable command to enable the OVSDB server. You must disable and then re-enable the OVSDB server if it has been enabled.
If the specified CA certificate file does not exist, the device obtains a self-signed certificate from the controller. The obtained file uses the name specified for the ca-filename argument.
Examples
# Specify CA certificate file ca-new for establishing OVSDB SSL connections.
<Sysname> system-view
[Sysname] ovsdb server bootstrap ca-certificate ca-new
Related commands
ovsdb server enable
ovsdb server pki domain
ovsdb server pssl
ovsdb server ssl
ovsdb server enable
Use ovsdb server enable to enable the OVSDB server.
Use undo ovsdb server enable to disable the OVSDB server.
Syntax
ovsdb server enable
undo ovsdb server enable
Default
The OVSDB server is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To obtain configuration data from controllers, you must enable the OVSDB server.
Before you enable the OVSDB server, you must establish an OVSDB SSL or TCP connection with a minimum of one controller.
Examples
# Enable the OVSDB server.
<Sysname> system-view
ovsdb server pki domain
Use ovsdb server pki domain to specify a PKI domain for establishing OVSDB SSL connections.
Use undo ovsdb bootstrap server pki domain to restore the default.
Syntax
ovsdb server pki domain domain-name
undo ovsdb server pki domain
Default
No PKI domain is specified for establishing OVSDB SSL connections.
Views
System view
Predefined user roles
network-admin
Parameters
domain-name: Specifies a PKI domain name, a case-sensitive string of 1 to 31 characters. The PKI domain must already exist and contain a complete certificate and key.
Usage guidelines
To communicate with controllers through SSL, you must specify a PKI domain.
For the specified PKI domain to take effect, you must execute the ovsdb server enable command to enable the OVSDB server. You must disable and then re-enable the OVSDB server if it has been enabled.
For more information about PKI domains, see PKI in Security Configuration Guide.
Examples
# Specify PKI domain ovsdb_test for establishing OVSDB SSL connections.
<Sysname> system-view
[Sysname] ovsdb server pki domain ovsdb_test
Related commands
ovsdb server bootstrap ca-certificate
ovsdb server enable
ovsdb server pssl
ovsdb server ssl
ovsdb server pssl
Use ovsdb server pssl to enable the device to listen for OVSDB SSL connection requests.
Use undo ovsdb server pssl to restore the default.
Syntax
ovsdb server pssl [ port port-number ]
undo ovsdb server pssl
Default
The device does not listen for OVSDB SSL connection requests.
Views
System view
Predefined user roles
network-admin
Parameters
port port-number: Specifies a port to listen for OVSDB SSL connection requests. The value range for the port-number argument is 1 to 65535. If you do not specify a port, the device uses the port number 6640.
Usage guidelines
Before you use this command, you must specify a PKI domain for SSL.
You can specify only one port to listen for OVSDB SSL connection requests. If you execute this command multiple times, the most recent configuration takes effect.
For the specified port setting to take effect, you must execute the ovsdb server enable command to enable the OVSDB server. You must disable and then re-enable the OVSDB server if it has been enabled.
Examples
# Enable the device to listen for OVSDB SSL connection requests on port 6640.
<Sysname> system-view
[Sysname] ovsdb server pssl
ovsdb server bootstrap ca-certificate
ovsdb server enable
ovsdb server pki domain
ovsdb server ssl
ovsdb server ptcp
Use ovsdb server ptcp to enable the device to listen for OVSDB TCP connection requests.
Use undo ovsdb server ptcp to restore the default.
Syntax
ovsdb server ptcp [ port port-number ]
undo ovsdb server ptcp
Default
The device does not listen for OVSDB TCP connection requests.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a port to listen for OVSDB TCP connection requests. The value range for the port-number argument is 1 to 65535. If you do not specify a port, the device uses the port number 6640.
Usage guidelines
You can specify only one port to listen for OVSDB TCP connection requests. If you execute this command multiple times, the most recent configuration takes effect.
For the specified port setting to take effect, you must execute the ovsdb server enable command to enable the OVSDB server. You must disable and then re-enable the OVSDB server if it has been enabled.
Examples
# Enable the device to listen for OVSDB TCP connection requests on port 6640.
<Sysname> system-view
[Sysname] ovsdb server ptcp
ovsdb server enable
ovsdb server tcp
ovsdb server ssl
Use ovsdb server ssl to set up an active OVSDB SSL connection to a controller.
Use undo ovsdb server ssl to remove an OVSDB SSL connection from a controller.
Syntax
ovsdb server ssl ip ip-address port port-number
undo ovsdb server ssl ip ip-address port port-number
Default
The device does not have active OVSDB SSL connections to a controller.
Views
System view
Predefined user roles
network-admin
Parameters
ip ip-address: Specifies the destination IP address for the SSL connection.
port port-number: Specifies the destination port for the SSL connection. The value range for the port-number argument is 1 to 65535.
Usage guidelines
Before you use this command, you must specify a PKI domain for SSL.
The device can have a maximum of eight active SSL connections.
To establish the connection, you must execute the ovsdb server enable command. You must disable and then re-enable the OVSDB server if it has been enabled.
Examples
# Set up an active SSL connection to port 6632 at 192.168.12.2.
<Sysname> system-view
[Sysname] ovsdb server ssl ip 192.168.12.2 port 6632
ovsdb server bootstrap ca-certificate
ovsdb server enable
ovsdb server pki domain
ovsdb server pssl
ovsdb server tcp
Use ovsdb server tcp to set up an active OVSDB TCP connection to a controller.
Use undo ovsdb server tcp to remove an OVSDB TCP connection.
Syntax
ovsdb server tcp ip ip-address port port-number
undo ovsdb server tcp ip ip-address port port-number
Default
The device does not have active OVSDB TCP connections.
Views
System view
Predefined user roles
network-admin
Parameters
ip ip-address: Specifies the destination IP address for the TCP connection.
port port-number: Specifies the destination port for the TCP connection. The value range for the port-number argument is 1 to 65535.
Usage guidelines
The device can have a maximum of eight active OVSDB TCP connections.
To establish the connection, you must execute the ovsdb server enable command. You must disable and then re-enable the OVSDB server if it has been enabled.
Examples
# Set up an active OVSDB TCP connection to port 6632 at 192.168.12.2.
<Sysname> system-view
[Sysname] ovsdb server tcp ip 192.168.12.2 port 6632
ovsdb server enable
ovsdb server ptcp
vtep access port
Use vtep access port to specify a site-facing interface as a VTEP access port.
Use undo vtep access port to restore the default.
Syntax
vtep access port
undo vtep access port
Default
An interface is not a VTEP access port.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
For controllers to manage a site-facing interface, you must specify the interface as a VTEP access port.
Examples
# Specify Twenty-FiveGigE 1/0/1 as a VTEP access port.
<Sysname> system-view
[Sysname] interface twenty-fivegige 1/0/1
[Sysname-Twenty-FiveGigE1/0/1] vtep access port
vtep acl disable
Use vtep acl disable to disable the ACLs issued by the OVSDB controller.
Use undo vtep acl disable to enable the ACLs issued by the OVSDB controller.
Syntax
vtep acl disable
undo vtep acl disable
Default
The ACLs issued by the OVSDB controller are enabled on the device.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Before you use this command, you must use the vtep enable command to enable the OVSDB VTEP service.
Use the vtep acl disable command on a VTEP to disable all the ACLs issued by the OVSDB controller in order to save ACL resources on the VTEP.
Examples
# Disable the ACLs issued by the OVSDB controller.
<Sysname> system-view
[Sysname] vtep enable
[sysname] vtep acl disable
Related commands
vtep enable
vtep enable
Use vtep enable to enable the OVSDB VTEP service.
Use undo vtep enable to disable the OVSDB VTEP service.
Syntax
vtep enable
undo vtep enable
Default
The OVSDB VTEP service is disabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable the OVSDB VTEP service.
<Sysname> system-view
[Sysname] vtep enable
vxlan tunnel flooding-proxy
Use vxlan tunnel flooding-proxy to enable flood proxy on multicast VXLAN tunnels.
Use undo vxlan tunnel flooding-proxy to disable flood proxy on multicast VXLAN tunnels.
Syntax
vxlan tunnel flooding-proxy
undo vxlan tunnel flooding-proxy
Default
Flood proxy is disabled on multicast VXLAN tunnels.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Flood proxy is supported on multicast VXLAN tunnels only when the OVSDB controller is a NSX controller from VMware.
If you use a flood proxy server, you must enable flood proxy globally on multicast tunnels. Then the multicast tunnels are converted into flood proxy tunnels. The VTEP sends broadcast, multicast, and unknown unicast traffic for a VXLAN to the flood proxy server through the tunnels. The flood proxy server then replicates and forwards flood traffic to remote VTEPs.
After you enable flood proxy on multicast VXLAN tunnels, if the controller issues VSI configuration, the system automatically disables ARP flood suppression on all VSIs issued by the controller. If the controller does not issue VSI configuration, the system does not automatically change the state of ARP flood suppression.
If you do not enable flood proxy on multicast VXLAN tunnels, the system does not automatically change the state of ARP flood suppression regardless of whether the controller issues VSI configuration.
The vxlan tunnel flooding-proxy command and its undo form affect only VXLAN tunnels that are issued after the vxlan tunnel flooding-proxy command.
Examples
# Enable flood proxy on all multicast VXLAN tunnels.
<Sysname> system
[Sysname] vxlan tunnel flooding-proxy
