Solutions
Audit & Optimization Platform Design Automation Team Structure
Documentation Blog
Get Started
Networking 2019

OVN-Kubernetes: Open Virtual Network CNI for Advanced Networking

K8s Guru
4 min read
#ovn #openvswitch #cni #kubernetes #openstack #networking
OVN-Kubernetes: Open Virtual Network CNI for Advanced Networking

Table of Contents

Introduction

On June 20, 2019, the OpenStack community released OVN-Kubernetes, a CNI plugin that brings Open Virtual Network (OVN) capabilities to Kubernetes. Built on Open vSwitch (OVS) and OVN, this CNI provides advanced networking features including logical switching, routing, load balancing, and integration with OpenStack environments.

For teams already running OpenStack or familiar with OVN, OVN-Kubernetes offers a familiar networking model with Kubernetes-native integration. It brings enterprise-grade networking features to Kubernetes, including advanced load balancing, distributed routing, and policy enforcement.

Why OVN-Kubernetes?

  • OpenStack Integration: Seamless integration with OpenStack networking for hybrid deployments.
  • Advanced Features: Logical switching, routing, and load balancing at scale.
  • OVN Foundation: Built on OVN, a mature SDN controller with extensive feature set.
  • Enterprise Ready: Battle-tested in OpenStack environments, now available for Kubernetes.

Core Architecture

  • OVN Northbound DB: Stores logical network configuration (switches, routers, policies).
  • OVN Southbound DB: Stores physical network mapping and flow rules.
  • OVN Controller: Translates logical configuration into OVS flow rules.
  • OVS: Handles packet forwarding and flow table management.
  • OVN-Kubernetes CNI: Integrates Kubernetes networking with OVN logical networks.

Key Features

  1. Logical Switching: Virtual switches for pod-to-pod communication.
  2. Distributed Routing: Logical routers for inter-pod and external routing.
  3. Load Balancing: Distributed load balancing for Kubernetes Services.
  4. Network Policies: Kubernetes NetworkPolicy enforcement using OVN ACLs.
  5. OpenStack Integration: Connect Kubernetes pods to OpenStack networks.

Getting Started

Install OVN-Kubernetes:

git clone https://github.com/ovn-org/ovn-kubernetes.git
cd ovn-kubernetes/dist/images
./daemonset.sh --image=docker.io/ovnkube/ovn-kube:latest \
  --net-cidr=10.128.0.0/14 \
  --svc-cidr=172.30.0.0/16 \
  --k8s-apiserver="https://$K8S_API_SERVER:6443"

Verify installation:

kubectl get pods -n ovn-kubernetes

Network Policies

OVN-Kubernetes implements Kubernetes NetworkPolicy using OVN ACLs:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: web-allow-app
spec:
  podSelector:
    matchLabels:
      app: web
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: app
    ports:
    - protocol: TCP
      port: 8080

OVN translates this into ACL rules enforced at the logical switch level.

Service Load Balancing

OVN-Kubernetes provides distributed load balancing for Kubernetes Services:

  • Logical Load Balancer: OVN logical load balancer distributes traffic across endpoints.
  • High Performance: OVS-based load balancing provides efficient packet processing.
  • Session Affinity: Supports sticky sessions using OVN connection tracking.

OpenStack Integration

  • Neutron Integration: Connect Kubernetes pods to OpenStack Neutron networks.
  • Hybrid Deployments: Run Kubernetes workloads alongside OpenStack VMs.
  • Network Sharing: Share network infrastructure between Kubernetes and OpenStack.

Comparison with Other CNIs

FeatureOVN-KubernetesCalicoCilium
FoundationOVN/OVSBGP/iptableseBPF
OpenStack IntegrationNativeLimitedLimited
Load BalancingOVN LBkube-proxyeBPF
Network PolicyOVN ACLsiptables/eBPFeBPF
ComplexityHighMediumMedium

Use Cases

  • OpenStack Environments: Teams running OpenStack benefit from native integration.
  • Hybrid Cloud: Connect Kubernetes clusters to OpenStack-managed networks.
  • Advanced Networking: Teams needing sophisticated routing and load balancing features.
  • Enterprise Deployments: Organizations requiring enterprise-grade networking capabilities.

Operational Considerations

  • Complexity: OVN-Kubernetes is more complex than simpler CNI plugins.
  • Resource Usage: OVN components consume CPU and memory; plan accordingly.
  • Learning Curve: Teams need to understand OVN concepts for troubleshooting.
  • OpenStack Dependency: Full feature set requires OpenStack integration.

Common Patterns

  • Logical Networks: Use OVN logical switches for pod networking.
  • Distributed Routing: Leverage OVN logical routers for inter-pod routing.
  • Service Load Balancing: Use OVN load balancers for Kubernetes Services.
  • OpenStack Integration: Connect Kubernetes pods to OpenStack networks.

Limitations

  • Complexity: More complex than simpler CNI plugins like Flannel.
  • OpenStack Dependency: Some features require OpenStack integration.
  • Resource Overhead: OVN components add resource overhead.
  • Documentation: Less documentation compared to more popular CNI plugins.

Looking Ahead

OVN-Kubernetes would evolve to:

  • Performance Improvements: Continued OVN optimizations and OVS enhancements.
  • Kubernetes Integration: Better alignment with Kubernetes networking features.
  • Simplified Deployment: Easier installation and configuration processes.
  • Community Growth: Growing community and ecosystem support.

Summary

AspectDetails
Release DateJune 20, 2019
Key InnovationsOVN-based CNI, OpenStack integration, advanced networking features
SignificanceBrought OpenStack’s mature networking capabilities to Kubernetes with native integration

OVN-Kubernetes demonstrated that enterprise-grade networking features from OpenStack could be applied to Kubernetes. By leveraging OVN’s logical networking model, it provided advanced capabilities for teams running hybrid OpenStack/Kubernetes environments or requiring sophisticated networking features.