OVN network¶
OVN is a software-defined networking system that supports virtual network abstraction.
You can use it to build your own private cloud.
See www.ovn.org for more information.
The ovn network type allows to create logical networks using the OVN SDN.
This kind of network can be useful for labs and multi-tenant environments where the same logical subnets are used in multiple discrete networks.
An Incus OVN network can be connected to an existing managed Bridge network or Physical network to gain access to the wider network. By default, all connections from the OVN logical networks are NATed to an IP allocated from the uplink network.
See How to set up OVN with Incus for basic instructions for setting up an OVN network.
Note
Static DHCP assignments depend on the client using its MAC address as the DHCP identifier. This method prevents conflicting leases when copying an instance, and thus makes statically assigned leases work properly.
Configuration options¶
The following configuration key namespaces are currently supported for the ovn network type:
bridge(L2 interface configuration)dns(DNS server and resolution configuration)ipv4(L3 IPv4 configuration)ipv6(L3 IPv6 configuration)security(network ACL configuration)user(free-form key/value for user metadata)
Note
Incus uses the CIDR notation where network subnet information is required, for example, 192.0.2.0/24 or 2001:db8::/32. This does not apply to cases where a single address is required, for example, local/remote addresses of tunnels, NAT addresses or specific addresses to apply to an instance.
The following configuration options are available for the ovn network type:
Key |
Type |
Condition |
Default |
Description |
|---|---|---|---|---|
|
string |
- |
- |
Uplink network to use for external network access or |
|
string |
- |
- |
Comma-separated list of unconfigured network interfaces to include in the bridge |
|
string |
- |
- |
MAC address for the bridge |
|
integer |
- |
|
Bridge MTU (default allows host to host Geneve tunnels) |
|
string |
- |
|
Domain to advertise to DHCP clients and use for DNS resolution |
|
string |
- |
- |
Full comma-separated domain search list, defaulting to |
|
string |
- |
- |
Comma-separated list of DNS zone names for forward DNS records |
|
string |
- |
- |
DNS zone name for IPv4 reverse DNS records |
|
string |
- |
- |
DNS zone name for IPv6 reverse DNS records |
|
string |
standard mode |
- (initial value on creation: |
IPv4 address for the bridge (use |
|
bool |
IPv4 address |
|
Whether to allocate addresses using DHCP |
|
bool |
IPv4 address |
|
Whether to enable layer 3 only mode. |
|
bool |
IPv4 address |
|
Whether to NAT |
|
string |
IPv4 address |
- |
The source address used for outbound traffic from the network (requires uplink |
|
string |
standard mode |
- (initial value on creation: |
IPv6 address for the bridge (use |
|
bool |
IPv6 address |
|
Whether to provide additional network configuration over DHCP |
|
bool |
IPv6 DHCP |
|
Whether to allocate addresses using DHCP |
|
bool |
IPv6 DHCP stateful |
|
Whether to enable layer 3 only mode. |
|
bool |
IPv6 address |
|
Whether to NAT |
|
string |
IPv6 address |
- |
The source address used for outbound traffic from the network (requires uplink |
|
string |
- |
- |
Comma-separated list of Network ACLs to apply to NICs connected to this network |
|
string |
|
|
Action to use for egress traffic that doesn’t match any ACL rule |
|
bool |
|
|
Whether to log egress traffic that doesn’t match any ACL rule |
|
string |
|
|
Action to use for ingress traffic that doesn’t match any ACL rule |
|
bool |
|
|
Whether to log ingress traffic that doesn’t match any ACL rule |
|
string |
- |
- |
User-provided free-form key/value pairs |
Supported features¶
The following features are supported for the ovn network type: