第 13 章 OVN-Kubernetes default CNI network provider
13.1. About the OVN-Kubernetes default Container Network Interface (CNI) network provider
The OpenShift Container Platform cluster uses a virtualized network for pod and service networks. The OVN-Kubernetes Container Network Interface (CNI) plug-in is a network provider for the default cluster network.
13.1.1. OVN-Kubernetes features
The OVN-Kubernetes default Container Network Interface (CNI) network provider implements the following features:
- Uses OVN (Open Virtual Network) to manage network traffic flows. OVN is a community developed, vendor agnostic network virtualization solution.
- Implements Kubernetes network policy support, including ingress and egress rules.
- Uses the Geneve (Generic Network Virtualization Encapsulation) protocol rather than VXLAN to create an overlay network between nodes.
13.1.2. Supported default CNI network provider feature matrix
OpenShift Container Platform offers two supported choices, OpenShift SDN and OVN-Kubernetes, for the default Container Network Interface (CNI) network provider. The following table summarizes the current feature support for both network providers:
| Feature | OVN-Kubernetes [1] | OpenShift SDN |
|---|---|---|
| Egress IPs | Not supported | Supported |
| Egress firewall [2] | Not supported | Supported |
| Egress router | Not supported | Supported |
| Kubernetes network policy | Supported | Partially supported [3] |
| Multicast | Supported | Supported |
- Available only as a Technology Preview feature in OpenShift Container Platform 4.5.
- Egress firewall is also known as egress network policy in OpenShift SDN. This is not the same as network policy egress.
-
Does not support egress rules and some
ipBlockrules.
13.1.3. Exposed metrics for OVN-Kubernetes
The OVN-Kubernetes default Container Network Interface (CNI) network provider exposes certain metrics for use by the Prometheus-based OpenShift Container Platform cluster monitoring stack.
| Name | Description |
|---|---|
|
| The latency between when a pod is created and when the pod is annotated by OVN-Kubernetes. The higher the latency, the more time that elapses before a pod is available for network connectivity. |
Additional resources
