Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

Dynamic IP Address Management in Open Virtual Network (OVN): Part One

September 3, 2018
Mark Michelson
Related topics:
Linux
Related products:
Red Hat Enterprise Linux

Share:

    Some background

    For those unfamiliar, Open Virtual Network (OVN) is a subproject of OpenVswitch (OVS), a performant programmable multi-platform virtual switch. OVN provides the ability to express an overlay network as a series of virtual routers and switches. OVN also provides native methods for setting up Access Control Lists (ACLs), and it functions as an OpenFlow switch, providing services such as DHCP. The components of OVN program OVS on each of the hypervisors in the network. Many of Red Hat's products, such as Red Hat OpenStack Platform and Red Hat Virtualization, are now using OVN. Red Hat OpenShift Container Platform will be using OVN soon.

    Looking around the internet, it's pretty easy to find high-quality tutorials on the basics of OVN. However, when it comes to more-advanced topics, it sometimes feels like the amount of information is lacking. In this tutorial, we'll examine dynamic addressing in OVN. You will learn about IP address management (IPAM) options in OVN and how to apply them.

    Static addressing

    One of the first things you'll learn when starting with OVN is how to create logical switches and logical switch ports. You'll probably see something like this:

    $ ovn-nbctl ls-add sw
    $ ovn-nbctl lsp-add sw sw-p1
    $ ovn-nbctl lsp-set-addresses sw-p1 00:ac:00:ff:01:01 192.168.0.1

    The first line creates a logical switch called sw. The second line adds a switch port called sw-p1 to sw. The final line sets the MAC and IP address of sw-p1. It's pretty simple, but it requires you to manually keep track of IP addresses for the switch ports. Is there a way we could create a switch port without having to manually add the MAC and IP addresses?

    Dynamic addressing

    If you dig a bit deeper, you can find tutorials on the web that describe how to set up OVN to provide IP addresses using DHCP. This saves you some configuration steps on the VMs, but it doesn't help any on the OVN side. You still have to specify an IP address on the logical switch port.

    But is there some way that you can actually have OVN dynamically assign addresses to switch ports? If you scour the ovn-nb manpage, you might be able to piece together the way to do it.

    This tutorial seeks to clear the air, so you can know exactly what tools are available to you and how to use them.

    For our demonstration, we will use a very simple logical switch with two ports:

    Switch configuration

    Let's start with the relevant options you can set, and then we'll look at some examples that use these options. All of these are set as other_config on logical switches.

    • subnet: This is an IPv4 subnet, specified as a network address and mask. For example, 10.0.0.0/8 or 10.0.0.0/255.0.0.0.
    • exclude_ips: This is a list of IPv4 addresses that should not be assigned to switch ports. You can either comma-separate individual addresses, or you can specify a range of addresses using ...
    • ipv6_prefix: This is an IPv6 network address of 64 bits. If you provide a longer address size than 64 bits, those bits past the first 64 are ignored. The IPv6 address provided on each switch port is an EUI-64 address using the specified prefix and the MAC address of the port.

    Once you have these options set on your switch, it's then a matter of setting your switch ports up to make use of these options. You can do this in one of two ways.

    Method #1:

    $ ovn-nbctl lsp-set-addresses port 00:ac:00:ff:01:01 dynamic

    Method #2:

    $ ovn-nbctl lsp-set-addresses port dynamic

    With method #1, you specify the MAC address, and with method #2, you allow OVN to allocate the MAC address for you.

    Demonstration

    So let's go forth with an example where we do some basic setup:

    $ ovn-nbctl ls-add dyn-switch
    $ ovn-nbctl set Logical_Switch dyn-switch other_config:subnet=192.168.0.0/24 \
    other_config:ipv6_prefix=fdd6:8cf5:9dc2:c30a::
    $ ovn-nbctl lsp-add dyn-switch port1
    $ ovn-nbctl lsp-set-addresses port1 dynamic
    $ ovn-nbctl lsp-add dyn-switch port2
    $ ovn-nbctl lsp-set-addresses port2 "00:ac:00:ff:01:01 dynamic"

    With this setup, we've created a logical switch called dyn-switch and created two ports called (inventively) port1 and port2.

    So what happens when you do this? Let's take a look at the database contents for the logical switch ports at the moment:

    $ ovn-nbctl list logical_switch_port
    _uuid : 2d1fe408-f119-48d6-88c9-dff237c92856
    addresses : [dynamic]
    dhcpv4_options : []
    dhcpv6_options : []
    dynamic_addresses : "0a:00:00:00:00:01 192.168.0.2 fdd6:8cf5:9dc2:c30a:800:ff:fe00:1"
    enabled : []
    external_ids : {}
    name : "port1"
    options : {}
    parent_name : []
    port_security : []
    tag : []
    tag_request : []
    type : ""
    up : false
    
    _uuid : 43867394-8d3b-4e36-a90d-5f635d6a084c
    addresses : ["00:ac:00:ff:01:01 dynamic"]
    dhcpv4_options : []
    dhcpv6_options : []
    dynamic_addresses : "00:ac:00:ff:01:01 192.168.0.3 fdd6:8cf5:9dc2:c30a:2ac:ff:feff:101"
    enabled : []
    external_ids : {}
    name : "port2"
    options : {}
    parent_name : []
    port_security : []
    tag : []
    tag_request : []
    type : ""
    up : false

    Notice the dynamic_addresses for the two switch ports. This database column is automatically populated by ovn-northd based on IPAM configuration on the logical switch. For port1, we specified dynamic for the addresses, so OVN created a MAC address and IP address for us. You can recognize OVN-allocated MAC addresses because they always start with 0a.

    In picture form, our switch now looks like this:

    port1 was assigned the IPv4 address 192.168.0.2, and port2 was assigned the address 192.168.0.3. Why does the addressing start with .2 instead of .1? OVN reserves the first address of a subnet for the router that the switch attaches to. In our case, there is no router, so no switch port was assigned 192.168.0.1. The current algorithm of ovn-northd assigns addresses consecutively within the subnet.

    For the rest of this tutorial, we will work knowing that this is how ovn-northd operates. However, since the documentation does not state that this is how dynamic IPv4 addressing works, it may be risky to rely on this behavior in your application. A change in OVS versions may result in a change in addressing.

    The IPv6 addresses for each port are EUI-64 addresses. The first 64 bits of the address are the ipv6_prefix that we configured. The rest of the address is derived from the MAC address. When configuring an ipv6_prefix, keep in mind that even though only the first 64 bits of the address are used, OVN expects a valid IPv6 address to be provided. Therefore, if you are providing 64 bits, be sure to end the address with :: so that OVN will process it as expected.

    Excluding IP addresses

    Let's take a closer look at the exclude_ips option. Let's set up exclude_ips and then set up additional ports to see what happens.

    $ ovn-nbctl set Logical_Switch dyn-switch other_config:exclude_ips="192.168.0.4 \
    192.168.0.6..192.168.0.100"

    Before continuing, let's take a closer look at the syntax. First, we specified one IP address: 192.168.0.4. This means that this individual IP address will not be dynamically assigned. Next, we specified a range of IP addresses using ... This is a lot more practical than spelling out the 95 IP addresses from 192.168.0.6 to 192.168.0.100. The quotation marks around the string are necessary so that the shell does not interpret the spaces between addresses as separate arguments to ovn-nbctl.

    Only IPv4 addresses can be specified in exclude_ips. Since IPv6 addresses are derived from the port's MAC address, there is no point in specifying any excluded addresses.

    And now let's set up two more ports on the switch.

    $ ovn-nbctl lsp-add dyn-switch port3
    $ ovn-nbctl lsp-set-addresses port3 dynamic
    $ ovn-nbctl lsp-add dyn-switch port4
    $ ovn-nbctl lsp-set-addresses port4 dynamic

    Based on the pattern we had previously seen, we might expect for port3 to have IP address 192.168.0.4. However, that address is in our excluded set of IP addresses. Let's see what port3 has been assigned:

    $ ovn-nbctl list logical_switch_port port3
    _uuid : 9dfee1d5-a279-4a06-a66e-5178b6f2f3e0
    addresses : [dynamic]
    dhcpv4_options : []
    dhcpv6_options : []
    dynamic_addresses : "0a:00:00:00:00:05 192.168.0.5 fdd6:8cf5:9dc2:c30a:800:ff:fe00:5"
    enabled : []
    external_ids : {}
    name : "port3"
    options : {}
    parent_name : []
    port_security : []
    tag : []
    tag_request : []
    type : ""
    up : false

    It got assigned 192.168.0.5. And let's see what IP address got assigned to port4:

    $ ovn-nbctl list logical_switch_port port4
    _uuid : d7d20a60-2720-4056-904f-2f4ad3be4b0b
    addresses : [dynamic]
    dhcpv4_options : []
    dhcpv6_options : []
    dynamic_addresses : "0a:00:00:00:00:06 192.168.0.101 fdd6:8cf5:9dc2:c30a:800:ff:fe00:6"
    enabled : []
    external_ids : {}
    name : "port4"
    options : {}
    parent_name : []
    port_security : []
    tag : []
    tag_request : []
    type : ""
    up: false

    It got assigned 192.168.0.101 since all addresses between 192.168.0.6 and 192.168.0.100 are in our excluded set.

    Here is our final logical switch:

    What's to come

    With all this, you should have the tools you need to set up IP addresses on your logical switches without the need to keep track of assigned addresses in your application.

    But there's more to this than what I have presented here. In part 2 of this blog series, we'll look at some of the downsides in the IPAM implementation of OVN, and we will delve into improvements that are coming in an upcoming version of OVN.

    Last updated: September 27, 2018

    Recent Posts

    • AI meets containers: My first step into Podman AI Lab

    • Live migrating VMs with OpenShift Virtualization

    • Storage considerations for OpenShift Virtualization

    • Upgrade from OpenShift Service Mesh 2.6 to 3.0 with Kiali

    • EE Builder with Ansible Automation Platform on OpenShift

    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit
    © 2025 Red Hat

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue