Kubernetes Networking Limitations and the Promise of OVS/OVN Solutions

The presentation begins by highlighting the fragmented nature of Kubernetes networking, where CNI, DNS, Service, and other components are implemented by separate projects, leading to complexity in selection, configuration, and troubleshooting.

It then contrasts the traditional IaaS networking model (VPC, subnet, VNIC, DHCP, routing, security groups, QoS, load balancing) with the relatively thin feature set offered by Kubernetes, emphasizing the need for richer, more flexible network capabilities.

The speaker introduces Open vSwitch (OVS) as a single‑host virtual switch that provides programmable flow control via OpenFlow, and explains that OVN extends OVS with a centralized controller, logical databases, and multi‑host orchestration, effectively acting as a Kubernetes‑style control plane for OVS.

An architectural diagram of OVN is described, mapping components such as ovs-vswitchd , ovn-controller , Southbound DB, Northbound DB, and CMS to familiar Kubernetes elements like kubelet, etcd, and the API server.

The core OVN abstractions—Logical_Switch, Logical_Router, Loadbalancer, ACL, QoS, NAT, DNS, and Gateway—are detailed, showing how they provide L2/L3 networking, security policies, traffic shaping, and service discovery beyond what vanilla Kubernetes offers.

The article then maps these OVN features to Kubernetes equivalents (e.g., Loadbalancer ↔ Service, ACL ↔ NetworkPolicy, DNS ↔ CoreDNS), demonstrating that OVN can replace or enhance existing CNI plugins while adding capabilities such as multi‑tenant VPC‑style routing, NAT, and QoS.

Future enhancement directions are proposed: aligning Kubernetes networking with IaaS features (VPC, routing, bandwidth control), improving performance by bypassing the Linux stack (e.g., using DPDK), and strengthening monitoring and troubleshooting through unified data‑plane visibility.

The session concludes with a Q&A covering topics such as OVS vs. hardware switches, OVN gateway scalability, IP pool management, debugging tools like ovn-trace , differences between OVN and other CNI solutions, and the upcoming open‑source release of the company's OVN‑based Kubernetes network.