Key Features and Practices of Kube‑OVN in Cloud‑Native Environments

The content is based on Liu Mengxin’s online presentation (June 11) about the open‑source Kube‑OVN project and its continuous improvements in cloud‑native practice.

1. Subnet Model Kube‑OVN replaces the traditional Subnet‑Per‑Node model with Subnet‑Per‑Namespace, allowing subnets to be distributed across all nodes, decoupling network addresses from host addresses, and simplifying scaling by adding or removing subnets without touching the whole cluster. Each namespace can have an independent address space, enabling direct tenant‑to‑namespace‑to‑subnet mapping and allowing namespace‑level firewall, gateway, NAT, and IPv4/IPv6 policies.

2. Fixed IP Kube‑OVN provides full support for fixed IP/MAC addresses. Pods can request fixed IPs via annotations, and workloads (Deployment, StatefulSet, DaemonSet, Job) can reuse the same IP throughout their lifecycle. StatefulSets receive deterministic IPs based on pod names, and a default fixed‑IP feature is offered, with the option to fall back to random allocation if not needed.

3. Gateway To handle mixed workloads (some inside Kubernetes, some outside), Kube‑OVN offers multiple egress methods. The default distributed gateway mirrors Flannel/Calico behavior, but it can cause IP “floating” when pods migrate. A namespace‑level gateway binds egress to a specific node, enabling consistent IP for auditing and whitelist purposes, and supports high‑availability with active‑standby nodes. Users can also choose whether egress traffic undergoes NAT.

4. Performance Kube‑OVN focuses on both control‑plane and data‑plane performance. Early versions suffered latency at thousands of pods; optimizations include reducing rule changes, merging OVN updates, and moving from full‑mesh to incremental updates (cutting update time from ~6 seconds to 200‑300 ms). Network partitioning by tenant or zone reduces per‑node load. Disaster‑recovery speed is improved by deduplicating configurations and cleaning up evicted/failed resources. Data‑plane enhancements switch from Geneve encapsulation to VLAN (when supported) for near‑native throughput, and DPDK support enables ultra‑low‑latency packet processing for edge/5G scenarios.

5. Monitoring and Troubleshooting Kube‑OVN integrates tools such as Tcpdump and ovn‑trace for packet capture and path tracing, and provides comprehensive metrics (Pod‑to‑Pod, Pod‑to‑Node, Pod‑to‑Service, Pod‑to‑DNS, Pod‑to‑External) exported to Prometheus & Grafana. Continuous monitoring of latency and connectivity helps operators detect network issues before they affect applications, and traffic mirroring enables fine‑grained analysis and security inspection.

6. User Cases The project is adopted by several public‑cloud providers and edge‑computing partners. Use cases include dynamic bandwidth QoS adjustments without restarting containers, fixed‑IP/NAT mapping for public‑IP exposure, and integration with Intel OpenNESS for 5G edge deployments using OVS‑DPDK.

7. Presentation Video The original talk video and PPT are available via the WeChat public account; interested readers can request the PPT by replying “0611” and join the community chat groups for further discussion.