What Cloud‑Native Networking Trends Kube‑OVN Reveals and How DeepFlow Enables Full‑Stack Observability

Session Overview

The tenth "Force Release – Cloud‑Native Observability" sharing session featured Liu Mengxin, an expert engineer at Lingque Cloud, presenting "From the Open‑Source Project Kube‑OVN to Cloud‑Native Network Trend Development," and Song Jianchang, a cloud‑native engineer at Yunshan Network, sharing "DeepFlow Observability Practices in a Kube‑OVN Environment." The speakers explored current challenges and user demands across traditional cloud migration, data‑center infrastructure, edge, multi‑cluster, and hardware‑software integration scenarios, and examined how open‑source and commercial solutions address these trends.

Key Topics Discussed

Analysis of Kube‑OVN’s role in evolving cloud‑native networking.

DeepFlow’s implementation of full‑stack, end‑to‑end observability for Kube‑OVN CNI.

Practical considerations for IP stability, underlay networking on public clouds, and integration with various CNI plugins.

Q&A Highlights

Q1: Does Kube‑OVN keep the IP unchanged after a pod restart?

A: Kube‑OVN natively preserves IPs for StatefulSet and VM workloads; other workloads require an annotation to set a static IP (see documentation).

Q2: How does Kube‑OVN support underlay networking on public clouds such as AWS or Alibaba Cloud?

A: Underlay networking sends container IP/MAC directly to the underlying network, which public‑cloud providers often block as illegal packets, making underlay difficult to support.

Q3: Can Kubernetes + KubeVirt + Rook + OVN replace traditional OpenStack and vSphere?

A: The solution is still early, but many enterprises are adopting it for next‑generation infrastructure, suggesting it may become mainstream as the technology matures.

Q4: Does Kube‑OVN avoid overlay overhead and how does its performance compare to Calico?

A: Custom kernel modules and compilation optimizations enable Kube‑OVN to achieve performance comparable to or better than overlay solutions; detailed tuning steps are documented.

Q5: How to manage complex Kube‑OVN firewall policies and traffic tracing?

A: Policies are configured via API; traffic tracing can be achieved using DeepFlow.

Q6: Which is more adaptable for container networking, overlay or underlay?

A: Both have advantages and suitable scenarios; selection should be based on specific requirements.

Q7: eBPF vs. DPDK performance comparison?

A: The choice depends on implementation details and hardware support; testing is recommended.

Q8: Does Kube‑OVN include an ingress component?

A: No, the community provides mature ingress solutions that can be integrated.

Q9: Can Kube‑OVN integrate with enterprise SDN products from Cisco or Huawei?

A: No known integration cases exist yet.

Q10: What challenges arise when adopting underlay networking?

A: Underlay is relatively simple; it mainly requires coordination with the network team to reserve appropriate IP ranges for containers.

Q11: Does Kube‑OVN support Submariner for cross‑cluster overlay connectivity?

A: Yes, see the relevant documentation.

Q12: Differences between community and enterprise editions?

A: The codebase is identical; the enterprise edition offers timely support, security patches, and prioritized feature requests.

DeepFlow Specific Q&A

Q1: Does DeepFlow Server support traditional host deployment?

A: No; DeepFlow is designed for Kubernetes deployment, which abstracts underlying differences and provides scaling benefits. Deployment on bare hosts can be achieved via tools like Sealos to create a K8s cluster.

Q2: Future plans for protocol parsing in DeepFlow?

A: DeepFlow currently parses HTTP 1/2/S, Dubbo, MySQL, Redis, Kafka, DNS, MQTT, and plans to extend support through community contributions via PRs or issues.

Q3: Does DeepFlow support domestic architectures such as Phytium + Kylin?

A: The DeepFlow agent is being adapted for eBPF on arm64; other components already have arm64 images. Deployment on domestic OSes is handled by Kubernetes tools like Sealos.

Q4: Which CNI plugins does DeepFlow support?

A: Default support includes Flannel, Calico, Cilium, Multus, Open vSwitch, Weave, IPVlan, TKE GlobalRouter, TKE VPC‑CNI, ACK Terway, QKE HostNIC, and kube‑OVN. Additional CNI can be added via configuration or community contributions.

Q5: How does DeepFlow differ from Prometheus/Istio network metrics?

A: Prometheus provides basic metrics; Istio offers coarse metrics. DeepFlow adds extensive standardized tags, richer data, and higher granularity.

Q6: Comparison of network observability vs. microservice call‑chain tracing?

A: DeepFlow’s network call chain is built from Layer 4 traffic, showing aggregated metrics (throughput, latency, reconnects). Microservice call chains are derived from Layer 7 application data, focusing on request counts, error rates, and latency.

Q7: Is DeepFlow based on eBPF and how are kernel version requirements handled?

A: DeepFlow Agent uses eBPF on kernels ≥ 4.14, providing tracing and HTTPS performance collection. On older kernels, core functionalities like topology and flow logs remain available.

Q8: Is DeepFlow’s code open source?

A: Yes, both server and agent are hosted on GitHub: https://github.com/deepflowys/deepflow

Q9: How does DeepFlow trace connections that pass through NAT?

A: NAT does not affect tracing; DeepFlow uses TCP sequence numbers and other flow data to follow the entire path.

Q10: Does DeepFlow’s detailed data cause large storage consumption?

A: DeepFlow employs SmartEncoding to compress tags into integer IDs, reducing storage by up to 10× and lowering query overhead. Data can be retained in ClickHouse or offloaded to object storage for cold data.

Q11: How are alerting data from Prometheus handled?

A: Alerts are typically forwarded to Alertmanager, which can integrate with tools like alertmanager‑es to push alerts to Elasticsearch.

Reference Links

Static IP/MAC documentation: https://kubeovn.github.io/docs/v1.10.x/guide/static-ip-mac/

Performance tuning guide: https://kubeovn.github.io/docs/v1.10.x/advance/performance-tuning/

Submariner integration: https://kubeovn.github.io/docs/v1.10.x/advance/with-submariner/

DeepFlow network metrics: https://github.com/deepflowys/deepflow/blob/main/server/querier/db_descriptions/clickhouse/metrics/flow_metrics/vtap_flow_port

DeepFlow application metrics: https://github.com/deepflowys/deepflow/blob/main/server/querier/db_descriptions/clickhouse/metrics/flow_metrics/vtap_app_port

DeepFlow repository: https://github.com/deepflowys/deepflow