# List all bridges
ovs-vsctl show
ovs-vsctl list-br
# Create a bridge
ovs-vsctl add-br br0
# Delete a bridge
ovs-vsctl del-br br0
# Set bridge properties
ovs-vsctl set bridge br0 datapath_type=netdev
ovs-vsctl set bridge br0 protocols=OpenFlow13# Add port to bridge
ovs-vsctl add-port br0 eth0
# Add internal port
ovs-vsctl add-port br0 vnet0 -- set interface vnet0 type=internal
# Add patch port (connect two bridges)
ovs-vsctl add-port br0 patch0 -- set interface patch0 type=patch options:peer=patch1
ovs-vsctl add-port br1 patch1 -- set interface patch1 type=patch options:peer=patch0
# Add VXLAN tunnel
ovs-vsctl add-port br0 vxlan0 -- set interface vxlan0 type=vxlan options:remote_ip=192.168.1.100
# Add GRE tunnel
ovs-vsctl add-port br0 gre0 -- set interface gre0 type=gre options:remote_ip=192.168.1.100
# Delete port
ovs-vsctl del-port br0 eth0
# List ports on bridge
ovs-vsctl list-ports br0
# Get port details
ovs-vsctl list interface eth0# Set port as VLAN trunk
ovs-vsctl set port eth0 vlan_mode=trunk
# Set port as VLAN access (untagged)
ovs-vsctl set port eth0 tag=100
# Set port to trunk specific VLANs
ovs-vsctl set port eth0 trunks=100,200,300
# Native VLAN on trunk
ovs-vsctl set port eth0 vlan_mode=native-untagged tag=100# Show all flows
ovs-ofctl dump-flows br0
# Show flows for specific table
ovs-ofctl dump-flows br0 table=0
# Add flow
ovs-ofctl add-flow br0 "priority=100,in_port=1,actions=output:2"
# Add flow with multiple actions
ovs-ofctl add-flow br0 "priority=100,dl_type=0x0800,nw_dst=10.0.0.1,actions=mod_dl_dst:aa:bb:cc:dd:ee:ff,output:3"
# Delete all flows
ovs-ofctl del-flows br0
# Delete specific flow
ovs-ofctl del-flows br0 "in_port=1"
# Modify flows
ovs-ofctl mod-flows br0 "priority=100,in_port=1,actions=output:3"
# Show flow statistics
ovs-ofctl dump-flows br0 --names# Drop all packets from port 1
ovs-ofctl add-flow br0 "in_port=1,actions=drop"
# Forward based on MAC address
ovs-ofctl add-flow br0 "dl_dst=00:11:22:33:44:55,actions=output:2"
# Forward based on IP
ovs-ofctl add-flow br0 "ip,nw_dst=192.168.1.0/24,actions=output:3"
# VLAN tagging
ovs-ofctl add-flow br0 "in_port=1,actions=mod_vlan_vid:100,output:2"
# VLAN stripping
ovs-ofctl add-flow br0 "in_port=1,dl_vlan=100,actions=strip_vlan,output:2"
# Resubmit to another table
ovs-ofctl add-flow br0 "table=0,in_port=1,actions=resubmit(,1)"
# Normal L2 learning
ovs-ofctl add-flow br0 "actions=normal"# Show bridge statistics
ovs-ofctl show br0
# Show port statistics
ovs-ofctl dump-ports br0
# Show port descriptions
ovs-ofctl dump-ports-desc br0
# Trace packet through flow tables
ovs-appctl ofproto/trace br0 in_port=1,dl_src=00:11:22:33:44:55,dl_dst=aa:bb:cc:dd:ee:ff
# Show datapath info
ovs-dpctl show
# Show datapath flows
ovs-dpctl dump-flows
# Connection tracking
ovs-appctl dpctl/dump-conntrack
# Show OVS version
ovs-vsctl --version
ovs-ofctl --version
# View logs
journalctl -u openvswitch -f# Create QoS rule (rate limiting)
ovs-vsctl set interface eth0 ingress_policing_rate=1000
ovs-vsctl set interface eth0 ingress_policing_burst=100
# Create QoS queue
ovs-vsctl set port eth0 qos=@newqos -- --id=@newqos create qos type=linux-htb \
other-config:max-rate=10000000 queues=0=@q0 -- --id=@q0 create queue \
other-config:min-rate=1000000 other-config:max-rate=5000000# Create bond
ovs-vsctl add-bond br0 bond0 eth0 eth1
# Create LACP bond
ovs-vsctl add-bond br0 bond0 eth0 eth1 lacp=active
# Set bond mode
ovs-vsctl set port bond0 bond_mode=balance-slbovs-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/status OVN_Northbound
# Show all logical switches
ovn-nbctl show
ovn-nbctl ls-list
# Create logical switch
ovn-nbctl ls-add ls1
# Delete logical switch
ovn-nbctl ls-del ls1
# Add logical switch port
ovn-nbctl lsp-add ls1 vm1-port
# Set port MAC address
ovn-nbctl lsp-set-addresses vm1-port "00:00:00:00:00:01 192.168.1.10"
# Set port to use dynamic addressing (DHCP)
ovn-nbctl lsp-set-addresses vm1-port dynamic
# Delete logical switch port
ovn-nbctl lsp-del vm1-port
# List ports on logical switch
ovn-nbctl lsp-list ls1# Create logical router
ovn-nbctl lr-add lr1
# Delete logical router
ovn-nbctl lr-del lr1
# Add router port
ovn-nbctl lrp-add lr1 lr1-ls1 00:00:00:00:01:01 192.168.1.1/24
# Connect switch to router
ovn-nbctl lsp-add ls1 ls1-lr1
ovn-nbctl lsp-set-type ls1-lr1 router
ovn-nbctl lsp-set-addresses ls1-lr1 router
ovn-nbctl lsp-set-options ls1-lr1 router-port=lr1-ls1
# Add static route
ovn-nbctl lr-route-add lr1 10.0.0.0/24 192.168.1.254
# List routes
ovn-nbctl lr-route-list lr1
# Delete route
ovn-nbctl lr-route-del lr1 10.0.0.0/24
ovn-nbctl list Logical_Router_Port# Add ACL to allow traffic
ovn-nbctl acl-add ls1 to-lport 1000 "ip4.src==192.168.1.0/24" allow
# Drop traffic
ovn-nbctl acl-add ls1 to-lport 900 "ip4.dst==192.168.1.50" drop
# Allow specific protocol/port
ovn-nbctl acl-add ls1 to-lport 1000 "tcp.dst==80" allow-related
# List ACLs
ovn-nbctl acl-list ls1
# Delete ACL
ovn-nbctl acl-del ls1 to-lport 1000 "ip4.src==192.168.1.0/24"
# Delete all ACLs
ovn-nbctl acl-del ls1# Create DHCP options
ovn-nbctl dhcp-options-create 192.168.1.0/24
# Set DHCP options (get UUID from above command)
ovn-nbctl dhcp-options-set-options <UUID> \
lease_time=3600 router=192.168.1.1 server_id=192.168.1.1 \
server_mac=00:00:00:00:01:01 dns_server=8.8.8.8
# Associate port with DHCP
ovn-nbctl lsp-set-dhcpv4-options vm1-port <UUID>
# List DHCP options
ovn-nbctl dhcp-options-list# Create load balancer
ovn-nbctl lb-add lb1 "192.168.1.100:80" "192.168.1.10:80,192.168.1.11:80"
# Add load balancer to switch
ovn-nbctl ls-lb-add ls1 lb1
# Add load balancer to router
ovn-nbctl lr-lb-add lr1 lb1
# List load balancers
ovn-nbctl lb-list
# Delete load balancer
ovn-nbctl lb-del lb1# Add SNAT (source NAT)
ovn-nbctl lr-nat-add lr1 snat 203.0.113.10 192.168.1.0/24
# Add DNAT (destination NAT)
ovn-nbctl lr-nat-add lr1 dnat 203.0.113.10 192.168.1.10
# Add DNAT with port forwarding
ovn-nbctl lr-nat-add lr1 dnat_and_snat 203.0.113.10 192.168.1.10
# List NAT rules
ovn-nbctl lr-nat-list lr1
# Delete NAT rule
ovn-nbctl lr-nat-del lr1 dnat 203.0.113.10# Set gateway chassis
ovn-nbctl lrp-set-gateway-chassis lr1-public gw1 20
# Set external IDs for localnet port
ovn-nbctl lsp-add ls-ext ext-port
ovn-nbctl lsp-set-type ext-port localnet
ovn-nbctl lsp-set-addresses ext-port unknown
ovn-nbctl lsp-set-options ext-port network_name=physnet1# Show southbound database
ovn-sbctl show
# List chassis (hypervisors)
ovn-sbctl list chassis
# Get specific chassis details
ovn-sbctl get chassis <chassis-name> hostname
# Show port bindings
ovn-sbctl list port_binding
# Find chassis by criteria
ovn-sbctl find chassis name=<chassis-name>
# Trace packet through OVN
ovn-trace ls1 'inport == "vm1-port" && eth.src == 00:00:00:00:00:01 && ip4.dst == 192.168.1.20'# Start OVN northbound database
ovn-ctl start_northd
# Start OVN controller (on each chassis)
ovn-ctl start_controller
# Stop OVN services
ovn-ctl stop_northd
ovn-ctl stop_controller
# Check OVN status
ovn-ctl status_northd
ovn-ctl status_controller# Check OVS kernel module
lsmod | grep openvswitch
# Check OVS services
systemctl status openvswitch
systemctl status ovn-controller
systemctl status ovn-northd
# View OVN logs
journalctl -u ovn-controller -f
journalctl -u ovn-northd -f
# Test connectivity between OVN DBs
ovn-nbctl --db=tcp:192.168.1.10:6641 show
ovn-sbctl --db=tcp:192.168.1.10:6642 show
# Check OpenFlow version support
ovs-ofctl --version
# Monitor flow additions/deletions
ovs-ofctl monitor br0 watch:
# Real-time packet capture on OVS port
ovs-tcpdump -i eth0
# Dump entire OVS database
ovsdb-client dump unix:/var/run/openvswitch/db.sock Open_vSwitchovsdb-client
ovsdb-client list-dbs
ovsdb-client list-tables
ovsdb-client list-columns
Statistics
ovs-vsctl get Interface $INTERFACE statistics
ovs-ofctl dump-ports br-int
ovs-ofctl -O OpenFlow13 dump-meters br-int
ovs-ofctl dump-aggregate br0 tun_id=0x6f4
For R1
ovs-vsctl get open . external-ids
ovs-vsctl get open . external-ids:ovn-bridge-mappings
# be careful this is a set command
ovs-vsctl set open . external-ids:ovn-bridge-mappings="physnet1:br-ex,physnet2:br0"
ovs-vsctl set-controller br0 tcp:127.0.0.1:6633
ovn-nbctl list Logical_Router_Port
ovs-vsctl get Bridge br0 datapath_id
ovs-vsctl find Port name='vtep'
ovn-nbctl --db=tcp:172.X.0.1:6641 show
ovn-sbctl --db=tcp:172.x.0.1:6642 show
ovn-nbctl --db=tcp:172.x.0.1:6641 list Logical_Router_Port
ovn-nbctl --db=tcp:172.x.0.1:6641 list Logical_Switch_Port
ovn-nbctl --db=tcp:172.x.0.1:6641 list Logical_Switch
ovn-nbctl --db=tcp:172.x.0.1:6641 list Logical_Router
ovn-nbctl --db=tcp:172.x.0.1:6641 find Logical_Router_Static_Route
ovn-sbctl --db=tcp:172.x.0.1:6642 list port_binding
ovn-nbctl --db=tcp:172.x.0.1:6641 find NAT
ovn-nbctl --db=tcp:172.x.0.1:6641 lr-nat-list neutron-68e24edf-0461-4d52-a738-8bec30b55fad
ovn-nbctl --db=tcp:172.x.0.1:6641 lr-nat-del neutron-68e24edf-0461-4d52-a738-8bec30b55fad snat 192.168.1.0/24
ovn-nbctl --db=tcp:172.x.0.1:6641 find Gateway_chassis
ovsdb-client monitor Open_vSwitch Port
# how to find OpenFlow Port Number (ofport)
ovs-ofctl show br-int
ovs-vsctl find interface ofport=3
ovs-vsctl get interface br-int ofport