On default both networks incus default bridge and ovn network have “nat=true” set. (using default options during installation, followin the docs)
Observed network behaviour:
- instances on incus network can reach the outside world. => works
- instances on OVN network can reach the outside world. => works
- Instances on OVN network can reach instances in incus bridge => works
- instances in incus bridge can’t reach OVN network instances => default behaviour I guess
Looking at the host routes incus bridge has no idea about OVN network:
root@tom:~# ip route
default via 10.102.89.1 dev enp5s0 proto dhcp src 10.102.89.104 metric 1024
10.102.89.0/24 dev enp5s0 proto kernel scope link src 10.102.89.104 metric 1024
10.102.89.1 dev enp5s0 proto dhcp scope link src 10.102.89.104 metric 1024
It is expected because of default settings. Looking at the docs you can define routes on incus manages networks. Adding a route using “ipv4.routes: 10.8.11.0/24 (OVN range)” to incus bridge results into the following table:
root@tom:~# ip route
default via 10.102.89.1 dev enp5s0 proto dhcp src 10.102.89.104 metric 1024
10.8.11.0/24 dev incusbr0 proto static scope link
10.102.89.0/24 dev enp5s0 proto kernel scope link src 10.102.89.104 metric 1024
10.102.89.1 dev enp5s0 proto dhcp scope link src 10.102.89.104 metric 1024
Looks promising but any attempts to ping any instances from incus bridge into ovn network are failing. However, editing the OVN network and set “nat=false” changes the behaviour after restarting instances or rebooting the box. Downgrade is OVN network instances loose access to internet. => not that convenient
Wonder if this is the desired behaviour as I thought adding a route to incus bridge would allow access to OVN network (which works without OVN nat).
Is there any possible configuration get both working
- incus bridge has access to OVN
- OVN can reach internet
Or is this rather a wired config and I’m better off using two OVN with network peering?