Kube-OVN 1.8 Unveiled: Underlay Overhaul, 45% Latency Drop, VPC Power‑Ups

Underlay Network Capability Enhancement

The V1.8 release refactors the Underlay implementation and introduces a new ProviderNetwork Custom Resource Definition (CRD). This CRD manages OVN logical networks, the underlying physical infrastructure, and the mapping of host NICs. It enables flexible Underlay configurations, including:

Single‑NIC hosts

Multi‑NIC hosts with multiple VLANs

Heterogeneous NIC naming across hosts

Host‑specific VLANs

Multicast support in Underlay

Hybrid Overlay/Underlay deployments

Network Latency Optimization

OVN flow‑table organization has been adjusted and a dedicated kernel module for container networking has been added. By bypassing certain network paths and applying CPU‑instruction‑level optimizations, the CPU overhead for small‑packet processing is dramatically reduced. Benchmark tests show an average latency reduction of about 45 % for 1‑byte packets, with container‑network overhead staying within 5 % of host‑network performance; in some cases the container path is even faster than the host path.

Performance test data and tuning guidance are documented at https://github.com/kubeovn/kube-ovn/blob/master/docs/performance-tuning.md. An open‑source network performance testing tool that measures latency, throughput, CPU consumption across packet sizes and generates flame graphs is available at https://github.com/kubeovn/k8s-autoperf.

VPC Capability Enhancements

A new CRD adds VPC‑level SecurityGroup configuration, allowing users to define security policies from a data‑center perspective. The VPC also now supports Service resources, with future work planned to integrate L4 and L7 load‑balancing capabilities.

Other Notable Features

Kubernetes and OpenStack share the same OVN foundation

Pod‑granularity traffic mirroring control

Custom routing for multi‑NIC setups

Dynamic Tunnel IP adjustment

Upgrade to OVN 21.03