OVN dhcp ranges

Freedom_Fury · August 7, 2024, 9:44am

Is there anyway to set a DHCP range for an OVN network. I looked at the documentation and find no option. Searching the internet for a bit I found that you can exclude ip a range from the dhcp pool, which is ideal if you want to set some static ips. The command below effectively achieve the desired effect but it would have to be managed outside of incus.

ovn-nbctl set logical_switch net0 \
  other_config:subnet="10.0.0.0/24" \
  other_config:exclude_ips="10.0.0.1..10.0.0.10"

stgraber · August 7, 2024, 6:16pm

That’s not currently supported. We’d want to have our usual ipv4.dhcp.ranges so the allowed range will need to be turned into exclude ranges internally.

Freedom_Fury · August 8, 2024, 9:21am

I did some testing setting the excluded IPs and it seem to work. Assuming I have the 3 vm below. the next logical IPs would be 2 and 6.

 inc list -c n,4
+-------+-------------------+
| NAME  |       IPV4        |
+-------+-------------------+
| dns00 | 10.100.0.4 (eth0) |
+-------+-------------------+
| dns01 | 10.100.0.5 (eth0) |
+-------+-------------------+
| dns02 | 10.100.0.3 (eth0) |
+-------+-------------------+

For testing purposes, I ran the command below on the OVN switch that incus created.

sudo ovn-nbctl set logical_switch \
 incus-net46-ls-int other_config:exclude_ips="10.100.0.6"

Looking at the DB, I see the constraint was added correctly.

name                : incus-net46-ls-int
other_config        : {exclude_ips="10.100.0.6", subnet="10.100.0.0/24"}
ports               : [6f2cdbeb-872e-4128-9ba5-218341d94fd5,...]

I spun up two additional instances and got the expected results.

inc launch images:alpine/3.20/cloud tst00
inc launch images:alpine/3.20/cloud tst01

inc list -c n,4
+-------+-------------------+
| NAME  |       IPV4        |
+-------+-------------------+
| dns00 | 10.100.0.4 (eth0) |
+-------+-------------------+
| dns01 | 10.100.0.5 (eth0) |
+-------+-------------------+
| dns02 | 10.100.0.3 (eth0) |
+-------+-------------------+
| tst00 | 10.100.0.2 (eth0) |
+-------+-------------------+
| tst01 | 10.100.0.7 (eth0) |
+-------+-------------------+

As we can see it added 2 and skipped 6.

stgraber · August 8, 2024, 4:16pm

That’s good to know. So we basically “just” need logic to convert a ipv4.dhcp.ranges into their negative for that subnet. So look at the subnet and determine the ranges which we won’t be providing DHCP for and then put that as the exclusion.

I opened Add support for `ipv4.dhcp.ranges` on OVN · Issue #1097 · lxc/incus · GitHub for tracking

Freedom_Fury · August 9, 2024, 8:53am

Thanks, @stgraber for adding this to the feature list.

For I temporary solution, I ended up reserving the first 50 IPs.

sudo ovn-nbctl set logical_switch incus-net46-ls-int \ 
  other_config:exclude_ips="10.100.0.1..10.100.0.49"

In my case this works out fine - since, I want to reserve the first continuous set of IPs from the gateway IP 10.100.0.1 to 10.100.0.49. However, If you wanted to reserve the last 50 or so IPs for example (10.100.0.200…10.100.0.254).

Maybe, you would need to exclude the gateway as well.

sudo ovn-nbctl set logical_switch incus-net46-ls-int \ 
  other_config:exclude_ips="10.100.0.1 10.100.0.200..10.100.0.254"

Either way the syntax on the command is space delimited if you need add multiple entires.

ovn-nbctl list logical_switch 7c6cc28c-29a4-4024-8972-6a8c4dda1d28
name                : incus-net46-ls-int
other_config        : {exclude_ips="10.100.0.1 10.100.0.200..10.100.0.254", subnet="10.100.0.0/24"}

Freedom_Fury · August 10, 2024, 10:28pm

Update, there seems to be logic in the code would already exclude_ips if you set them to static.

incus launch images:alpine/3.20/cloud test00 \
  --networkt ovn0 --device eth0,ipv4.address=10.100.0.10

Note: It would clobber any custom settings you might have set manually.

sudo ovn-nbctl list logical_switch
other_config        : {exclude_ips="10.100.0.1 10.100.0.12 10.100.0.10 10.100.0.11", subnet="10.100.0.0/24"}

So, until the code base is updated to support ranges, you won’t be able to manually set a range—unless you don’t ever plan to set the ips using the device switch.

Either way, having a good time experimenting with incus and ovn.

stgraber · August 11, 2024, 12:00am

Ah yeah, I noticed that we were already excluding the gateway IP, but it makes sense that we would also exclude static IP assignments.

tregubovav · June 3, 2025, 5:49am

I’m wondering if I correctly understand the ipv4.dhcp.ranges logic.

Documentation says: Comma-separated list of IP ranges to use for DHCP (FIRST-LAST format). So OVN router should issue address from on of the range in the list. However, my test environment with incus 6.13 and microovn 24.03.2+snapa2c59c105b (667) issues IP addresses sequential from the beginning of network even if ipv4.dhcp.ranges set to specific ip range(s).

After looking to OVN config I have an evidence that the incus configures OVN Logical switches incorrectly.

Here is an example of configurations:
> incus network show ovnTest-03

config:
  bridge.mtu: "1442"
  ipv4.address: 10.0.3.254/24
  ipv4.dhcp.expiry: 10m
  ipv4.dhcp.ranges: 10.0.3.16-10.0.3.31,10.0.3.129-10.0.3.248
  ipv4.nat: "true"
  ipv6.address: none
  network: eth0.90
  volatile.network.ipv4.address: 192.168.90.4
description: ""
name: ovnTest-03
type: ovn
used_by:
- /1.0/instances/test-01
- /1.0/instances/test-02
- /1.0/instances/test-03
- /1.0/instances/test-04
managed: true
status: Created
locations:
- vm-01
- vm-02
- vm-03
project: default

> incus ls test-0* -f compact

   NAME     STATE        IPV4        IPV6    TYPE     SNAPSHOTS  LOCATION
  test-01  RUNNING  10.0.3.4 (eth0)        CONTAINER  0          vm-01
  test-02  RUNNING  10.0.3.2 (eth0)        CONTAINER  0          vm-02
  test-03  RUNNING  10.0.3.3 (eth0)        CONTAINER  0          vm-03
  test-04  RUNNING  10.0.3.5 (eth0)        CONTAINER  0          vm-01

> ovn-nbctl show incus-net115-ls-int

switch ca4f110d-f279-4712-924d-cdff8922f2fc (incus-net115-ls-int)
    port incus-net115-ls-int-lsp-router
        type: router
        router-port: incus-net115-lr-lrp-int
    port incus-net115-instance-09a426e2-5ffe-4739-82bc-9fb0a468d3e4-ovnTest-04
        addresses: ["10:66:6a:4a:ec:e8 dynamic"]
    port incus-net115-instance-cbec7136-848c-4530-a0bc-c4fd15b9992f-ovnTest-04
        addresses: ["10:66:6a:e9:7d:33 dynamic"]
    port incus-net115-instance-2e5b1d8e-cac9-45db-a14e-fe8eb422a26c-ovnTest-04
        addresses: ["10:66:6a:f2:c1:25 dynamic"]

> ovn-nbctl list logical_switch incus-net113-ls-int

other_config        : {exclude_ips="10.0.3.254..10.0.3.15 10.0.3.32..10.0.3.128 10.0.3.249..10.0.3.254", subnet="10.0.3.0/24"}

The exclude_ips list looks wrong, isn’t it?
After fixing the exclude_ips list by the command ovn-nbctl set logical_switch incus-net113-ls-int other_config:exclude_ips="10.0.3.1..10.0.3.15 10.0.3.32..10.0.3.128 10.0.3.249..10.0.3.254" and relaunching containers, the OVN DHCP issued IP addresses from correct range.

I did not have chance to check for regression yet.

tregubovav · June 3, 2025, 4:28pm

Issue 2170 has been created.