Hello, is possible using OVN for incus that I can create a OVN network without being connected to any bridge/uplink? My setup is to have multiple OVN networks, but some of them don’t require external connectivity (I’m not sure if this “traditional setup” makes sense).
I’m asking this, because since from what I understand, I’m limited to create ovn networks as the number of IPs defined ipv4.ovn.ranges.
Also, what this configuration does: ipv4.l3only ?
Thank you
There’s currently no way to create an OVN network which isn’t attached to an uplink network.
You could however create another disconnected uplink network and use that for those networks.
ipv4.l3only runs OVN in a way where each instance gets a /32 and doesn’t have functional broadcast/multicast.
Ok, thanks for the information. However, if I use a disconnected network, I will still be limited to the number of ovn as the number of IPs defined in ipv4.ovn.ranges. Can I also use duplicated address space if I use different bridges?
Yeah, but given that uplink network doesn’t need to be functional at all, you can just feed it 10.0.0.0/8 or something as its subnet which will then be more than enough IP addresses to go around.
So since every OVN creates a router with an interface in the bridge as mandatory, you say that if I set the ipv4.ovn.ranges with a 10.0.0.0/8 network I can have a plenty of ovn networks (with overlapping address space because those are isolated)?
But if I define this address space: 10.0.0.0/8 I have always to define the ipv4.address when I create a ovn network?
And what is the limit number of the bridges that can be created?
If we use projects, is any chance that in millions of networks within the project, two of them having the same address space (overlapping addresses)?
Thanks for the help 
My hackish was around this would be to define a dummy ethernet device on all machines, say call it dummy-isolated:
ip link add dev dummy-isolated type dummy
Do that on all servers, then do:
incus network create UPLINK-ISOLATED --type physical parent=dummy-isolated --target SERVER1
incus network create UPLINK-ISOLATED --type physical parent=dummy-isolated --target SERVER2
incus network create UPLINK-ISOLATED --type physical parent=dummy-isolated --target SERVER3
incus network create UPLINK-ISOLATED --type physical ipv4.gateway=10.0.0.1/16 ipv4.ovn.ranges=10.0.0.2-10.255.255.254
Then whenever you want an isolated OVN network you can do:
incus network create foo --type ovn network=UPLINK-ISOLATED
Incus will then pick a random address in that 10.0.0.0/16 subnet for the network but it won’t have any connectivity because it’s all backed by that dummy device, so even though an address is allocated, it doesn’t really do anything.
That way you can run 65536 OVN networks. If you need more, you could technically go bigger since the subnet really doesn’t matter, so you may even be able to do 0.0.0.1/0 as the address and then put 0.0.0.0.2-230.255.255.254 or something along those lines as the range, but that’s unlikely to be needed and would look pretty weird.
Note that you can set a limit to the number of networks that one can create within a project (limits.networks in project config).
1 Like
Hello Stéphane, thanks a lot for sharing this information. It helped understanding OVN. I think is good to let the incus manage all the address space, and with this I come with a question:
if I create a bridge (normally /24), and we create several OVN networks (of course will be limited to maybe 252 IPs for the routers of the OVN networks), if we create another bridge and use that new to create more OVN networks, can we connect two OVN networks in different bridges using: peer routing relationships like in the doc: How to create peer routing relationships - Incus documentation ?
yep, that works fine
1 Like
Cool!! Thanks!! Nice job also!!