Configuring OVSDB with NetVisor OS

The NetVisor OS implementation of OVSDB provides a means of communication between SDN controllers and Arista switches. By leveraging OVSDB, Arista devices exchange control and network information with SDN controllers, thereby enabling VM traffic from the entities in a virtualized network to be forwarded to entities in a physical network and vice versa.

The OVSDB service runs in a container in NetVisor OS. This service maintains a database schema that stores information regarding Arista devices and SDN controllers in various tables. The OVSDB schema also includes the MAC address information of the physical servers and virtual hosts. SDN Controllers such as Ericsson ODL (Open-Day Light) controller communicates with OVSDB for provisioning and configuration of the overlay network. The overlay network configuration involves creating tunnels between local and remote hardware and software VTEPs.

Any configuration change in NetVisor OS updates the OVSDB schema which makes the SDN controller aware of the current configuration. A VTEP agent in NetVisor OS closely tracks the configuration updates pushed into OVSDB by the SDN controller as well as the changes in NetVisor OS. The VTEP agent then derives the required actions and executes the CLI commands needed to create VLANs and tunnels between local and remote VTEPs.

Follow the steps below to configure OVSDB using NetVisor OS.


  • Configure the vNET with private VLANs, VXLANs, and managed ports:

CLI (network-admin@switch) > vnet-create name vpod1 scope fabric vlan-type private num-private-vlans 100 managed-ports 12 vxlans 10000-10099

  • Specify the VLANs reserved for the vNET by using the vnet-public-vlans-modify command. If you add managed ports to the vNET configuration, VLAN IDs from this range is assigned as public VLANs for the private VLANs. 

CLI (network-admin@switch) > vnet-public-vlans-modify vlans 200-210

You can also define shared ports in a vNET configuration. Ideally, you can configure the border leaf ports that connect to the DC gateway as shared ports. If you add shared ports to the vNET configuration, specify a public VLAN range for the ports by using the command:

CLI (network-admin@switch) > vnet-modify name vpod1 public-vlans 300-310

For shared ports, private VLAN IDs should have the same range as that of public VLAN IDs configured in the vNET.

  • Configure the underlay network:

CLI (network-admin@switch) > vrouter-create name vpod1-vr1 vnet vpod1 router-type hardware 

CLI (network-admin@switch) > vrouter-interface-add vrouter-name vpod1-vr1 ip vlan 50

  • Create the SSL/TLS certificate for OVSDB if you want to create an SSL connection with the controller.

CLI (network-admin@switch) > cert-create country US state California city PA organization "Pluribus Networks Inc" organizational-unit Engineering common-name CN1 name cert1

Successfully generated self-signed certificate.

For detailed steps on how to configure and deploy TLS certificates for OVSDB, see Using OpenSSL TLS certificates for OVSDB and other Services.

  • Create Open vSwitch configuration:

Use the openvswitch-create command to configure Open vSwitch. This command creates the OVS container and services.


Create an OVS instance.

name name-string

Specify a name for the OVS instance.

vnet vnet-name

Specify the name of the vNET for OVS.

tunnel-ip ip-address

Specify the IP address for the tunnel.

Specify any of the following options:


Specify if Open vSwitch is a dedicated or shared vNET service.

shared-vnet-mgr vnet-manager name

Specify the vNET manager to share with if this is a shared service.

location fabric-node-name

Specify the location of the service.

storage-pool storage-pool-name

Specify a storage pool to apply to the vNET.

gateway ip-address        

Specify gateway IP address for service.

cert-name cert-name-string

Specify the certificate name for SSL connections

ca-cert-name ca-cert-name-string

Specify the CA Certificate name for SSL connections

cert-location none|global|container

Specify the Certificate location - global or within container.


Specify the hardware VTEP associated with Open vSwitch.


Specify if you want to enable BFD for OVSDB created tunnels.

For example: 

CLI (network-admin@switch) > openvswitch-create name ovs-1 vnet vpod1 tunnel-ip cert-name cert1 ca-cert-name ca-cert1

  • Create an OVSDB interface using the openvswitch-interface-add command. 


Add an interface to OVS.

ovs-name name-string

This parameter is not configurable. It assumes the name of the OVS service.

Specify one or more of the following options:

ip ip-address

Specify the IP address for the interface.

netmask netmask

Specify the netmask.

assignment none|static|dhcp|dhcpv6|autov6   

Specify the method of IP address assignment.

linklocal ip-address

Specify the IPv6 Link Local address.

vnet vnet-name

Specify interface VLAN vNET.

bd bridge-domain name

Specify the bridge domain name.

vlan vlan-id

Specify the VLAN assigned to the interface.

vlan-type public|private

Specify the type of VLAN for the interface.

if mgmt|data|span|span2|span3

Specify the interface type.

alias-on alias-on-string

Specify an alias if desired.


Specify if the interface is exclusive or not.


Specify to enable or disable the NIC.

vrrp-id id

Specify the ID assigned by VRRP.

vrrp-primary vrrp-primary-string

Specify the primary interface for VRRP.

vrrp-priority 0..254

Specify the VRRP priority for the interface.

vrrp-adv-int milliseconds

Specify the VRRP advertisement interval in milliseconds. The range is 10 to 40950 with a default value of 1000.

vrrp-preempt-mode disable|enable

Used to allow/prevent high priority VRRP backup from becoming VRRP primary.

secondary-macs secondary-macs-string

Specify a secondary MAC address for the interface.

if-nat-realm internal|external

Specify the NAT interface realm.


Specify to add priority tag on forwarded traffic.

For example:

CLI (network-admin@switch) > openvswitch-interface-add ovs-name ovs-1 ip netmask 24 vlan 3001 vlan-type public

Configuring the interface as data or mgmt depends on if the SDN controller is located on the data network or the management network.

If the controller is on a Layer 3 network several hops away, use openvswitch-modify command to configure a gateway IP address.

CLI (network-admin@switch) > openvswitch-modify name ovs-1 gateway

  • Add the hardware VTEP manager:

Use the openvswitch-hwvtep-manager-add command to configure the connection between OVSDB and the SDN controller.


Create a VTEP manager for OVSDB.

name name-string

This parameter is not configurable. The parameter assumes the name of the OVS service.

Specify the following options:

manager-type odl|nsx

Specify the type of SDN controller.

Note: NetVisor OS only supports ODL controller currently.

connection-method unix-socket|tcp||unix-socketlisten|tcp-listen|ssl|default

Specify the connection method.

ip ip-address

Specify the IP address of the SDN controller.

username username-string

Specify the username.

password password-string

Specify the password.

port port-number

Specify the port number of the database.

CLI (network-admin@switch) > opensvswitch-hwvtep-manager-add name ovs-1 manager-type odl connection-method ssl ip

When you execute the command above, the connection to the ODL controller is established. You can now define the tunnel networks for software and hardware VTEPs by using the following commands:

CLI (network-admin@switch) > vnet-tunnel-network-add name vpod1 network description SWVTEPS

CLI (network-admin@switch) > vnet-tunnel-network-add name vpod1 network description HWVTEPS

You can establish a connection between the ODL controller and OVSDB by using SSL, TCP, or unix-socket options.

NetVisor OS features an error reporting mechanism to make the SDN controller aware of any error that occurs while orchestrating tunnels. If an error occurs while the ODL controller provisions tunnels between VTEPs, NetVisor OS updates the OVSDB VTEP schema with the error, thereby notifying the ODL controller.