openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
66610d608a571793afc29d8b65df7fbfa89e6756
openshift-docs/microshift_networking/microshift-cni.adoc
“Shauna Diaz” 4a0bd7b8b1 OSDOCS-16338: fixes cluster mentions MicroShift
2025-10-07 17:43:41 +00:00

76 lines
4.3 KiB
Plaintext
Raw Blame History

:_mod-docs-content-type: ASSEMBLY
[id="microshift-cni"]
= About the OVN-Kubernetes network plugin
include::_attributes/attributes-microshift.adoc[]
:context: microshift-about-ovn-k-plugin
toc::[]
The OVN-Kubernetes Container Network Interface (CNI) plugin is the default networking solution for a {microshift-short} node. OVN-Kubernetes is a virtualized network for pods and services that is based on Open Virtual Network (OVN).
* Default network configuration and connections are applied automatically in {microshift-short} with the `microshift-networking` RPM during installation.
* A node that uses the OVN-Kubernetes network plugin also runs Open vSwitch (OVS) on the node.
* OVN-K configures OVS on the node to implement the declared network configuration.
* Host physical interfaces are not bound by default to the OVN-K gateway bridge, `br-ex`. You can use standard tools on the host for managing the default gateway, such as the Network Manager CLI (`nmcli`).
* Changing the CNI is not supported on {microshift-short}.
Using configuration files or custom scripts, you can configure the following networking settings:
* You can use subnet CIDR ranges to allocate IP addresses to pods.
* You can change the maximum transmission unit (MTU) value.
* You can configure firewall ingress and egress.
* You can define network policies in the {microshift-short}, including ingress and egress rules.
* You can use the {microshift-short} Multus plugin to chain other CNI plugins.
* You can configure or remove the ingress router.
include::modules/microshift-cni-customization-matrix.adoc[leveloffset=+1]
include::modules/microshift-default-settings.adoc[leveloffset=+2]
[id="microshift-network-features_{context}"]
== Network features
Networking features available with {microshift-short} {product-version} include:
* Kubernetes network policy
* Dynamic node IP
* Custom gateway interface
* Second gateway interface
* Node network on specified host interface
* Blocking external access to NodePort service on specific host interfaces
Networking features not available with {microshift-short} {product-version}:
* Egress IP/firewall/QoS: disabled
* Hybrid networking: not supported
* IPsec: not supported
* Hardware offload: not supported
[id="microshift-ip-forward_{context}"]
== IP forward
The host network `sysctl net.ipv4.ip_forward` kernel parameter is automatically enabled by the `ovnkube-master` container when started. This is required to forward incoming traffic to the CNI. For example, accessing the NodePort service from outside of a node fails if `ip_forward` is disabled.
[id="microshift-network-performance_{context}"]
== Network performance optimizations
By default, three performance optimizations are applied to OVS services to minimize resource consumption:
* CPU affinity to `ovs-vswitchd.service` and `ovsdb-server.service`
* `no-mlockall` to `openvswitch.service`
* Limit handler and `revalidator` threads to `ovs-vswitchd.service`
include::modules/microshift-nw-components-svcs.adoc[leveloffset=+1]
[id="microshift-bridge-mapping_{context}"]
== Bridge mappings
Bridge mappings allow provider network traffic to reach the physical network. Traffic leaves the provider network and arrives at the `br-int` bridge. A patch port between `br-int` and `br-ex` then allows the traffic to traverse to and from the provider network and the edge network. Kubernetes pods are connected to the `br-int` bridge through virtual ethernet pair: one end of the virtual ethernet pair is attached to the pod namespace, and the other end is attached to the `br-int` bridge.
include::modules/microshift-nw-topology.adoc[leveloffset=+1]
[id="_additional-resources_microshift-cni_{context}"]
[role="_additional-resources"]
== Additional resources
* xref:../microshift_configuring/microshift-using-config-yaml.adoc#microshift-using-config-yaml[Customizing {microshift-short} by using the configuration file]
* xref:../microshift_networking/microshift-networking-settings.adoc#microshift-understanding-networking-settings[Understanding networking settings]
* xref:../microshift_networking/microshift_multiple_networks/microshift-cni-multus.adoc#microshift-cni-multus[About using multiple networks]
* xref:../microshift_networking/microshift_network_policy/microshift-network-policy-index.adoc#microshift-network-policies[About network policies]
View Git Blame Copy Permalink