How Kube-OVN Enhances KubeVirt with Fixed IP, Multi‑Tenant, and SR‑IOV Support
This article explains how Kube-OVN extends KubeVirt networking by providing fixed and stable VM IP addresses, multi‑tenant VPC/Subnet isolation, live‑migration IP preservation, and high‑performance SR‑IOV/OVS‑DPDK acceleration, along with practical configuration examples and reference links.
Background
Enterprises increasingly run virtualized workloads on Kubernetes with KubeVirt. VM networking requires stable addressing and higher performance than typical container networks, which can become a bottleneck for cloud‑native virtualization.
Kube‑OVN enhancements for KubeVirt
Fixed IP for VMs
Kube‑OVN can allocate a specific IP that remains unchanged for the entire lifecycle of a VirtualMachine, including restarts, upgrades, and live migrations. The IP is set via an annotation on the VM spec.
apiVersion: kubevirt.io/v1alpha3
kind: VirtualMachine
metadata:
name: testvm
spec:
template:
metadata:
annotations:
ovn.kubernetes.io/ip_address: 10.16.0.15Random IP with lifetime stability
If administrators prefer automatic IP assignment but still need the address to stay constant, Kube‑OVN links the allocated IP to the VirtualMachine resource. Enable the feature by adding the controller flag:
--keep-vm-ip=trueFixed IP during live migration
KubeVirt’s live migration uses the default network for state transfer, which can conflict with a fixed IP. Kube‑OVN solves this by attaching an auxiliary NIC via Multus and applying two annotations.
Attach Kube‑OVN as an auxiliary NIC to the VM.
Add the annotation
<attach>.<ns>.ovn.kubernetes.io/allow_live_migration: "true"to enable live‑migration support.
Add the annotation
<attach>.<ns>.ovn.kubernetes.io/default_route: "true"to correct the default route set by KubeVirt’s DHCP.
Multi‑tenant network support
Kube‑OVN introduces CRDs for VPC, Subnet, and NAT‑Gateway, providing Kubernetes‑level multi‑tenant isolation. By assigning VMs to specific VPCs and subnets, workloads are isolated per tenant. Additional tenant‑level services such as LoadBalancer, Elastic IP, NAT, and route tables are also available.
SR‑IOV and OVS‑DPDK acceleration
Kube‑OVN integrates OVS offload to pass SR‑IOV devices directly to KubeVirt VMs, delivering high‑performance networking while retaining OVN logical flow management. Experimental support for OVS‑DPDK enables user‑space acceleration for VM traffic, even on standard NICs.
References
https://github.com/kubeovn/kube-ovn/issues/1297
https://github.com/kubeovn/kube-ovn/pull/1307
https://github.com/kubeovn/kube-ovn/pull/1001
https://github.com/kubeovn/kube-ovn/blob/master/docs/static-ip.md
https://github.com/kubeovn/kube-ovn/blob/master/docs/vpc.md
https://github.com/kubeovn/kube-ovn/blob/master/docs/hw-offload-mellanox.md
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Cloud Native Technology Community
The Cloud Native Technology Community, part of the CNBPA Cloud Native Technology Practice Alliance, focuses on evangelizing cutting‑edge cloud‑native technologies and practical implementations. It shares in‑depth content, case studies, and event/meetup information on containers, Kubernetes, DevOps, Service Mesh, and other cloud‑native tech, along with updates from the CNBPA alliance.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.