OVN network

OVN is a software-defined networking system that supports virtual network abstraction. You can use it to build your own private cloud. See www.ovn.org for more information.

The ovn network type allows to create logical networks using the OVN SDN. This kind of network can be useful for labs and multi-tenant environments where the same logical subnets are used in multiple discrete networks.

A LXD OVN network can be connected to an existing managed Bridge network or Physical network to gain access to the wider network. By default, all connections from the OVN logical networks are NATed to an IP allocated from the uplink network.

See How to set up OVN with LXD for basic instructions for setting up an OVN network.

Note

Static DHCP assignments depend on the client using its MAC address as the DHCP identifier. This method prevents conflicting leases when copying an instance, and thus makes statically assigned leases work properly.

Configuration options

The following configuration key namespaces are currently supported for the ovn network type:

  • bridge (L2 interface configuration)

  • dns (DNS server and resolution configuration)

  • ipv4 (L3 IPv4 configuration)

  • ipv6 (L3 IPv6 configuration)

  • security (network ACL configuration)

  • user (free-form key/value for user metadata)

Note

LXD uses the CIDR notation where network subnet information is required, for example, 192.0.2.0/24 or 2001:db8::/32. This does not apply to cases where a single address is required, for example, local/remote addresses of tunnels, NAT addresses or specific addresses to apply to an instance.

The following configuration options are available for the ovn network type:

bridge.hwaddr

MAC address for the bridge

Key: bridge.hwaddr
Type:

string

bridge.mtu

Bridge MTU

Key: bridge.mtu
Type:

integer

Default:

1442

The default value allows the host to host Geneve tunnels.

dns.domain

Domain to advertise to DHCP clients and use for DNS resolution

Key: dns.domain
Type:

string

Default:

lxd

dns.search

Full domain search list

Key: dns.search
Type:

string

Default:

dns.domain value

Specify a comma-separated list of domains.

dns.zone.forward

DNS zone names for forward DNS records

Key: dns.zone.forward
Type:

string

Specify a comma-separated list of DNS zone names.

dns.zone.reverse.ipv4

DNS zone name for IPv4 reverse DNS records

Key: dns.zone.reverse.ipv4
Type:

string

dns.zone.reverse.ipv6

DNS zone name for IPv6 reverse DNS records

Key: dns.zone.reverse.ipv6
Type:

string

ipv4.address

IPv4 address for the bridge

Key: ipv4.address
Type:

string

Default:

initial value on creation: auto

Condition:

standard mode

Use CIDR notation.

You can set the option to none to turn off IPv4, or to auto to generate a new random unused subnet.

ipv4.dhcp

Whether to allocate IPv4 addresses using DHCP

Key: ipv4.dhcp
Type:

bool

Default:

true

Condition:

IPv4 address

ipv4.l3only

Whether to enable layer 3 only mode for IPv4

Key: ipv4.l3only
Type:

bool

Default:

false

Condition:

IPv4 address

ipv4.nat

Whether to use NAT for IPv4

Key: ipv4.nat
Type:

bool

Default:

false (initial value on creation if ipv4.address is set to auto: true)

Condition:

IPv4 address

ipv4.nat.address

Source address used for outbound traffic from the network

Key: ipv4.nat.address
Type:

string

Condition:

IPv4 address; requires uplink ovn.ingress_mode=routed

ipv6.address

IPv6 address for the bridge

Key: ipv6.address
Type:

string

Default:

initial value on creation: auto

Condition:

standard mode

Use CIDR notation.

You can set the option to none to turn off IPv6, or to auto to generate a new random unused subnet.

ipv6.dhcp

Whether to provide additional network configuration over DHCP

Key: ipv6.dhcp
Type:

bool

Default:

true

Condition:

IPv6 address

ipv6.dhcp.stateful

Whether to allocate IPv6 addresses using DHCP

Key: ipv6.dhcp.stateful
Type:

bool

Default:

false

Condition:

IPv6 DHCP

ipv6.l3only

Whether to enable layer 3 only mode for IPv6

Key: ipv6.l3only
Type:

bool

Default:

false

Condition:

IPv6 DHCP stateful

ipv6.nat

Whether to use NAT for IPv6

Key: ipv6.nat
Type:

bool

Default:

false (initial value on creation if ipv6.address is set to auto: true)

Condition:

IPv6 address

ipv6.nat.address

Source address used for outbound traffic from the network

Key: ipv6.nat.address
Type:

string

Condition:

IPv6 address; requires uplink ovn.ingress_mode=routed

network

Uplink network to use for external network access

Key: network
Type:

string

security.acls

Network ACLs to apply to NICs connected to this network

Key: security.acls
Type:

string

Specify a comma-separated list of network ACLs.

security.acls.default.egress.action

Default action to use for egress traffic

Key: security.acls.default.egress.action
Type:

string

Default:

reject

Condition:

security.acls

The specified action is used for all egress traffic that doesn’t match any ACL rule.

security.acls.default.egress.logged

Whether to log egress traffic that doesn’t match any ACL rule

Key: security.acls.default.egress.logged
Type:

bool

Default:

false

Condition:

security.acls

security.acls.default.ingress.action

Default action to use for ingress traffic

Key: security.acls.default.ingress.action
Type:

string

Default:

reject

Condition:

security.acls

The specified action is used for all ingress traffic that doesn’t match any ACL rule.

security.acls.default.ingress.logged

Whether to log ingress traffic that doesn’t match any ACL rule

Key: security.acls.default.ingress.logged
Type:

bool

Default:

false

Condition:

security.acls

user.*

User-provided free-form key/value pairs

Key: user.*
Type:

string

Supported features

The following features are supported for the ovn network type: