How Kube-OVN Redefines Cloud‑Native Networking for Modern Enterprises

Background of Cloud‑Native Networking in China

Since the term “cloud native” was introduced in 2010 and Docker was released in 2013, Chinese enterprises began experimenting with containers around 2015, initially focusing on Container‑as‑a‑Service (CaaS) to improve development and operations efficiency. By 2018 Kubernetes became the de‑facto standard, driving large‑scale adoption in banks, securities, utilities and other enterprises. From 2020 two major trends emerged: platformization – treating Kubernetes as a full platform that requires DevOps, micro‑services and data services, and underlay – moving Kubernetes to bare‑metal to reduce management overhead.

Fundamentals of Cloud‑Native Networking

Kubernetes networking provides external traffic ingress, service discovery, inter‑pod communication, external database access, IP address management and security policies. The Container Network Interface (CNI) standard allows third‑party plugins to implement these capabilities.

Limitations of Traditional Container Network Solutions

Fixed‑IP requirements for licensing and legacy applications.

Multi‑NIC support for separate traffic classes (e.g., multicast vs. business).

Incomplete NetworkPolicy enforcement in many plugins.

IP address churn that breaks traditional monitoring.

Resource contention among co‑existing workloads.

Performance degradation at massive pod scales.

Birth and Evolution of Kube‑OVN

Kube‑OVN was open‑sourced in 2019 by the Lingque Cloud team. It is a Kubernetes‑native CNI built on Open vSwitch (OVS) and OVN, bringing mature SDN capabilities to containers. In 2021 Kube‑OVN entered the CNCF as the first sandbox CNI project.

Design Principles

Kube‑OVN follows cloud‑native principles: subnets are the smallest management unit, subnets map to Kubernetes namespaces, and multi‑tenant VPC‑style isolation is provided. This contrasts with host‑level subnet designs used by Calico and Flannel.

Key Features

Multi‑tenant VPC support.

Subnet management with configurable IP range, ACL, QoS and gateway policies.

VLAN and multicast support.

Fixed IP and Elastic IP assignment (both overlay and underlay).

IPv4/IPv6 dual‑stack.

Multi‑NIC per pod (simultaneous overlay & underlay).

Full NetworkPolicy compliance.

Cross‑cluster (multi‑cluster) communication.

DPDK and smart‑NIC acceleration.

Traffic mirroring.

Virtual machine networking integration.

Integrated observability via Prometheus metrics.

Architecture Overview

Kube‑OVN operates in two modes:

Overlay : Each host runs an OVS bridge that creates virtual subnets; a centralized gateway handles egress traffic. This mode enables centralized traffic control and can be combined with F5 solutions.

Underlay : Pods use physical network VLANs for native layer‑2 connectivity and multicast, allowing direct egress without encapsulation.

Roadmap and Future Vision

Multi‑NIC support for individual subnets.

Productized enterprise‑grade VPC offering.

Integration with MetalLB for load‑balancing services.

Pod QoS prioritization and pre‑emptive traffic scheduling.

Enhanced KubeVirt support for VM networking.

Continuous performance optimization for large‑scale clusters.

Compatibility with white‑box switches for data‑center SDN deployments.

The long‑term goal is to become the SDN backbone for “dual‑mode IT”, providing a stable infrastructure for traditional workloads while delivering a dynamic, Kubernetes‑driven environment for modern digital applications.

Resources

Official website: https://www.kube-ovn.io

GitHub repository: https://github.com/kubeovn/kube-ovn

Slack community: https://kube-ovn-slackin.herokuapp.com