About the OVN-Kubernetes default Container Network Interface (CNI) network provider

The OVN-Kubernetes Container Network Interface (CNI) cluster network provider implements the following features:

• Uses OVN (Open Virtual Network) to manage network traffic flows. OVN is a community developed, vendor-agnostic network virtualization solution.

• Uses the Geneve (Generic Network Virtualization Encapsulation) protocol rather than VXLAN to create an overlay network between nodes.

OKD offers two supported choices, OpenShift SDN and OVN-Kubernetes, for the default Container Network Interface (CNI) network provider. The following table summarizes the current feature support for both network providers:

1. Egress firewall is also known as egress network policy in OpenShift SDN. This is not the same as network policy egress.

2. Egress router for OVN-Kubernetes supports only redirect mode.

3. IPv6 is supported only on bare metal clusters.

The OVN-Kubernetes Container Network Interface (CNI) cluster network provider has a limitation that is related to traffic policies. The network provider does not support setting the external traffic policy or internal traffic policy for a Kubernetes service to . The default value, , is supported for both parameters. This limitation can affect you when you add a service of type , , or add a service with an external IP.

Additional resources

• Configuring an egress firewall for a project

• Logging network policy events

• Network [operator.openshift.io/v1]