OVN network¶
OVN is a software-defined networking system that supports virtual network abstraction.
You can use it to build your own private cloud.
See www.ovn.org
for more information.
The ovn
network type allows to create logical networks using the OVN SDN.
This kind of network can be useful for labs and multi-tenant environments where the same logical subnets are used in multiple discrete networks.
An Incus OVN network can be connected to an existing managed Bridge network or Physical network to gain access to the wider network. By default, all connections from the OVN logical networks are NATed to an IP allocated from the uplink network.
See How to set up OVN with Incus for basic instructions for setting up an OVN network.
Note
Static DHCP assignments depend on the client using its MAC address as the DHCP identifier. This method prevents conflicting leases when copying an instance, and thus makes statically assigned leases work properly.
Configuration options¶
The following configuration key namespaces are currently supported for the ovn
network type:
bridge
(L2 interface configuration)dns
(DNS server and resolution configuration)ipv4
(L3 IPv4 configuration)ipv6
(L3 IPv6 configuration)security
(network ACL configuration)user
(free-form key/value for user metadata)
Note
Incus uses the CIDR notation where network subnet information is required, for example, 192.0.2.0/24
or 2001:db8::/32
. This does not apply to cases where a single address is required, for example, local/remote addresses of tunnels, NAT addresses or specific addresses to apply to an instance.
The following configuration options are available for the ovn
network type:
bridge.external_interfaces
Comma-separated list of unconfigured network interfaces to include in the bridge
Key: | bridge.external_interfaces |
Type: | string |
Key: | bridge.mtu |
Type: | integer |
Default: |
|
Key: | dns.domain |
Type: | string |
Default: |
|
dns.nameservers
DNS server IPs to advertise to DHCP clients and via Router Advertisements. Both IPv4 and IPv6 addresses get pushed via DHCP, and the first IPv6 address is also advertised as RDNSS via RA.
Key: | dns.nameservers |
Type: | string |
Default: | Uplink DNS servers (IPv4 and IPv6 address if no uplink is configured) |
Key: | dns.search |
Type: | string |
Key: | dns.zone.forward |
Type: | string |
Key: | dns.zone.reverse.ipv4 |
Type: | string |
Key: | dns.zone.reverse.ipv6 |
Type: | string |
ipv4.address
IPv4 address for the bridge (use none
to turn off IPv4 or auto
to generate a new random unused subnet) (CIDR)
Key: | ipv4.address |
Type: | string |
Default: | (initial value on creation: |
Condition: | standard mode |
Key: | ipv4.dhcp |
Type: | bool |
Default: |
|
Condition: | IPv4 address |
Key: | ipv4.dhcp.expiry |
Type: | string |
Default: |
|
Condition: | IPv4 DHCP |
Key: | ipv4.dhcp.ranges |
Type: | string |
Default: | all addresses |
Condition: | IPv4 DHCP |
ipv4.dhcp.routes
Static routes to provide via DHCP option 121, as a comma-separated list of alternating subnets (CIDR) and gateway addresses (same syntax as dnsmasq and OVN)
Key: | ipv4.dhcp.routes |
Type: | string |
Condition: | IPv4 DHCP |
Key: | ipv4.l3only |
Type: | bool |
Default: |
|
Condition: | IPv4 address |
Key: | ipv4.nat |
Type: | bool |
Default: |
|
Condition: | IPv4 address |
ipv4.nat.address
The source address used for outbound traffic from the network (requires uplink ovn.ingress_mode=routed
)
Key: | ipv4.nat.address |
Type: | string |
Condition: | IPv4 address |
ipv6.address
IPv6 address for the bridge (use none
to turn off IPv6 or auto
to generate a new random unused subnet) (CIDR)
Key: | ipv6.address |
Type: | string |
Default: | (initial value on creation: |
Condition: | standard mode |
Key: | ipv6.dhcp |
Type: | bool |
Default: |
|
Condition: | IPv6 address |
Key: | ipv6.dhcp.stateful |
Type: | bool |
Default: |
|
Condition: | IPv6 DHCP |
Key: | ipv6.l3only |
Type: | bool |
Default: |
|
Condition: | IPv6 DHCP stateful |
Key: | ipv6.nat |
Type: | bool |
Default: |
|
Condition: | IPv6 address |
ipv6.nat.address
The source address used for outbound traffic from the network (requires uplink ovn.ingress_mode=routed
)
Key: | ipv6.nat.address |
Type: | string |
Condition: | IPv6 address |
Key: | network |
Type: | string |
Key: | security.acls |
Type: | string |
Key: | security.acls.default.egress.action |
Type: | string |
Default: |
|
Condition: |
|
Key: | security.acls.default.egress.logged |
Type: | bool |
Default: |
|
Condition: |
|
security.acls.default.ingress.action
Action to use for ingress traffic that doesn’t match any ACL rule
Key: | security.acls.default.ingress.action |
Type: | string |
Default: |
|
Condition: |
|
Key: | security.acls.default.ingress.logged |
Type: | bool |
Default: |
|
Condition: |
|
Supported features¶
The following features are supported for the ovn
network type: