No that isn’t correct. The LXD instances will not connect to the normal lxdbr0 bridge.
With OVN, you define one or more OVN networks (with
lxc network create <name> --type=ovn network=<uplink network>). The
uplink network specified can be an existing normal bridge, such as
lxdbr0, or it can be a
physical type network which then uses a spare physical NIC interface to connect the OVN network to a real external network.
When the OVN network is created it sets up the following items:
- A virtual router (providing NAT, DHCP, IPv6 RA and DNS forwarding services).
- A virtual switch (providing a place for LXD instances to connect to and firewal ACL services).
- An OVS switch on each LXD host which is connected to the uplink network (either via a veth pair for
bridge uplink networks or by adding the
physical uplink network parent directly to the OVS bridge).
- OVS configuration to link the OVS bridge to the virtual OVN router’s external ‘port’.
- It will configure geneve tunnels between the LXD cluster members in order to tunnel traffic for each of the OVN networks created.
When a LXD instance is started that has an OVN NIC (added using
lxc config device add <instance> <nic name> nic network=<ovn network name>) LXD will create a veth pair between the instance and the LXD host, and connect the host side to the shared OVN “integration” OVS bridge (this is a special OVS bridge used by OVN, where each port is isolated from one and other and is just used to connect host ports into the virtual OVN space).
So you can think of it like this:
Uplink network (bridge or physical) <-> OVS bridge for uplink network <-> OVN virtual router (NAT, DHCP etc) <-> OVN virtual switch (with ACL and genevel tunnels) <-> OVS integration bridge <-> LXD instance NIC.