I’m looking the way to have fully managed OVN network connected to the physical/vlan/bridge network without intermediate OVN router.
Problem statement
I use incus cluster with unmanaged, vlan based bridges. There are several containers running as failover clusters for specific services inside the incus cluster.
Everything works fine, but this solution is not flexible enough. Any network configuration changes requires network config modification on every cluster node.
I’m looking for ability to switch networking configuration to the OVN managed networks and having benefits like ACLs, IP Assignments from the instance config, etc. However, I’m facing several challenges:
- I need at least one IP subnet to be routed or directly connected to my root router (without NAT and forwarders). Looking to the current OVN network implementation I see the
incusalways creates intermediaterouterbetween theparentnetwork (physical/vlan/bridge) andincusnetwork. So I’m not able to createovntype network which utilize full address space defined in theipv4.gatewayoption in theparent network - As my root router does not support a
BGPprotocol and theOVNdoes not supportospforRIPprotocols I’m unable to utilize dynamic routes updates for the root router. - It would be possible to configure a static route for group if subnets, but the
incuscreates separate IP in theparentnetwork for every new OVN network. So, I will need to create new route on the root router every time when I create/delete/modifyovn networkin theincuscluster.
One of the possible solutions for my case is ability to create OVN network where logical switch is connected to the parent bridge without intermediate router. In this case the only network can be configured for the 'parent` physical uplink network.
