Your IP : 216.73.217.13
<!doctype html>
<html class="no-js" lang="en" data-content_root="../../">
<head><meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="color-scheme" content="light dark"><meta name="viewport" content="width=device-width, initial-scale=1" />
<meta property="og:title" content="OVN implementation" />
<meta property="og:type" content="website" />
<meta property="og:url" content="/reference/ovn-internals/" />
<meta property="og:site_name" content="LXD documentation" />
<meta property="og:description" content="Open Virtual Networks (OVN) is an open source Software Defined Network (SDN) solution. OVN is designed to be incredibly flexible. This flexibility comes at the cost of complexity. OVN is not prescr..." />
<meta property="og:image" content="https://documentation.ubuntu.com/lxd/latest/_static/lxd_tag.png" />
<meta property="og:image:alt" content="LXD documentation" />
<meta name="description" content="Open Virtual Networks (OVN) is an open source Software Defined Network (SDN) solution. OVN is designed to be incredibly flexible. This flexibility comes at the cost of complexity. OVN is not prescr..." />
<meta property="article:modified_time" content="2025-10-30T10:14:00+00:00" /><link rel="index" title="Index" href="../../genindex/"><link rel="search" title="Search" href="../../search/"><link rel="next" title="VM live migration implementation" href="../vm_live_migration_internals/"><link rel="prev" title="Idmaps for user namespace" href="../../userns-idmap/">
<link rel="canonical" href="/reference/ovn-internals/">
<link rel="shortcut icon" href="../../_static/favicon.ico"><!-- Generated with Sphinx 7.4.7 and Furo 2025.12.19 -->
<title>OVN implementation - LXD documentation</title>
<link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=d111a655" />
<link rel="stylesheet" type="text/css" href="../../_static/styles/furo.css?v=7bdb33bb" />
<link rel="stylesheet" type="text/css" href="../../_static/copybutton.css?v=76b2166b" />
<link rel="stylesheet" type="text/css" href="../../_static/config-options.css" />
<link rel="stylesheet" type="text/css" href="../../_static/related-links.css" />
<link rel="stylesheet" type="text/css" href="../../_static/terminal.css" />
<link rel="stylesheet" type="text/css" href="../../_static/youtube.css" />
<link rel="stylesheet" type="text/css" href="../../_static/sphinx-design.min.css?v=95c83b7e" />
<link rel="stylesheet" type="text/css" href="../../_static/styles/furo-extensions.css?v=8dab3a3b" />
<link rel="stylesheet" type="text/css" href="../../_static/lxd_custom.css?v=bfbf4da2" />
<link rel="stylesheet" type="text/css" href="../../_static/cookie-banner.css?v=b74831ab" />
<link rel="stylesheet" type="text/css" href="../../_static/custom.css?v=e189117a" />
<link rel="stylesheet" type="text/css" href="../../_static/header.css?v=a8078839" />
<link rel="stylesheet" type="text/css" href="../../_static/github_issue_links.css?v=3d761185" />
<link rel="stylesheet" type="text/css" href="../../_static/furo_colors.css?v=825fec6f" />
</head>
<body>
<header id="header" class="p-navigation">
<!-- Google Tag Manager -->
<script>
(function(w, d, s, l, i) {
w[l] = w[l] || [];
w[l].push({
'gtm.start': new Date().getTime(),
event: 'gtm.js'
});
var f = d.getElementsByTagName(s)[0];
var j = d.createElement(s);
var dl = '';
if (l != 'dataLayer') {
dl = '&l=' + l;
}
j.async = true;
j.src = 'https://www.googletagmanager.com/gtm.js?id=' + i + dl;
f.parentNode.insertBefore(j, f);
})(window, document, 'script', 'dataLayer', 'GTM-KNX3CJC');
</script>
<div class="p-navigation__nav" role="menubar">
<ul class="p-navigation__links" role="menu">
<li>
<a class="p-logo" href="https://canonical.com/lxd" aria-current="page">
<img src="../../_static/lxd_tag.png" alt="Logo" class="p-logo-image">
<div class="p-logo-text p-heading--4">LXD
</div>
</a>
</li>
<li class="nav-ubuntu-com">
<a href="https://canonical.com/lxd" class="p-navigation__link">canonical.com/lxd</a>
</li>
<li class="nav-dropdown">
<a href="#" class="p-navigation__link nav-more-links"
id="more-resources-toggle"
aria-haspopup="true"
aria-expanded="false">
More resources
</a>
<ul class="more-links-dropdown" aria-labelledby="more-resources-toggle">
<li>
<a href="https://discourse.ubuntu.com/c/lxd/" class="p-navigation__sub-link p-dropdown__link">Discourse</a>
</li>
<li>
<a href="https://matrix.to/#/#documentation:ubuntu.com" class="p-navigation__sub-link p-dropdown__link">Matrix</a>
</li>
<li>
<a href="https://github.com/canonical/lxd" class="p-navigation__sub-link p-dropdown__link">GitHub</a>
</li>
</ul>
</li>
</ul>
</div>
</header>
<script>
document.body.dataset.theme = localStorage.getItem("theme") || "auto";
</script>
<svg xmlns="http://www.w3.org/2000/svg" style="display: none;">
<symbol id="svg-toc" viewBox="0 0 24 24">
<title>Contents</title>
<svg stroke="currentColor" fill="currentColor" stroke-width="0" viewBox="0 0 1024 1024">
<path d="M408 442h480c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8H408c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8zm-8 204c0 4.4 3.6 8 8 8h480c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8H408c-4.4 0-8 3.6-8 8v56zm504-486H120c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h784c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zm0 632H120c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h784c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zM115.4 518.9L271.7 642c5.8 4.6 14.4.5 14.4-6.9V388.9c0-7.4-8.5-11.5-14.4-6.9L115.4 505.1a8.74 8.74 0 0 0 0 13.8z"/>
</svg>
</symbol>
<symbol id="svg-menu" viewBox="0 0 24 24">
<title>Menu</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather-menu">
<line x1="3" y1="12" x2="21" y2="12"></line>
<line x1="3" y1="6" x2="21" y2="6"></line>
<line x1="3" y1="18" x2="21" y2="18"></line>
</svg>
</symbol>
<symbol id="svg-arrow-right" viewBox="0 0 24 24">
<title>Expand</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather-chevron-right">
<polyline points="9 18 15 12 9 6"></polyline>
</svg>
</symbol>
<symbol id="svg-sun" viewBox="0 0 24 24">
<title>Light mode</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="feather-sun">
<circle cx="12" cy="12" r="5"></circle>
<line x1="12" y1="1" x2="12" y2="3"></line>
<line x1="12" y1="21" x2="12" y2="23"></line>
<line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line>
<line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line>
<line x1="1" y1="12" x2="3" y2="12"></line>
<line x1="21" y1="12" x2="23" y2="12"></line>
<line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line>
<line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line>
</svg>
</symbol>
<symbol id="svg-moon" viewBox="0 0 24 24">
<title>Dark mode</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-moon">
<path stroke="none" d="M0 0h24v24H0z" fill="none" />
<path d="M12 3c.132 0 .263 0 .393 0a7.5 7.5 0 0 0 7.92 12.446a9 9 0 1 1 -8.313 -12.454z" />
</svg>
</symbol>
<symbol id="svg-sun-with-moon" viewBox="0 0 24 24">
<title>Auto light/dark, in light mode</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round"
class="icon-custom-derived-from-feather-sun-and-tabler-moon">
<path style="opacity: 50%" d="M 5.411 14.504 C 5.471 14.504 5.532 14.504 5.591 14.504 C 3.639 16.319 4.383 19.569 6.931 20.352 C 7.693 20.586 8.512 20.551 9.25 20.252 C 8.023 23.207 4.056 23.725 2.11 21.184 C 0.166 18.642 1.702 14.949 4.874 14.536 C 5.051 14.512 5.231 14.5 5.411 14.5 L 5.411 14.504 Z"/>
<line x1="14.5" y1="3.25" x2="14.5" y2="1.25"/>
<line x1="14.5" y1="15.85" x2="14.5" y2="17.85"/>
<line x1="10.044" y1="5.094" x2="8.63" y2="3.68"/>
<line x1="19" y1="14.05" x2="20.414" y2="15.464"/>
<line x1="8.2" y1="9.55" x2="6.2" y2="9.55"/>
<line x1="20.8" y1="9.55" x2="22.8" y2="9.55"/>
<line x1="10.044" y1="14.006" x2="8.63" y2="15.42"/>
<line x1="19" y1="5.05" x2="20.414" y2="3.636"/>
<circle cx="14.5" cy="9.55" r="3.6"/>
</svg>
</symbol>
<symbol id="svg-moon-with-sun" viewBox="0 0 24 24">
<title>Auto light/dark, in dark mode</title>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round"
class="icon-custom-derived-from-feather-sun-and-tabler-moon">
<path d="M 8.282 7.007 C 8.385 7.007 8.494 7.007 8.595 7.007 C 5.18 10.184 6.481 15.869 10.942 17.24 C 12.275 17.648 13.706 17.589 15 17.066 C 12.851 22.236 5.91 23.143 2.505 18.696 C -0.897 14.249 1.791 7.786 7.342 7.063 C 7.652 7.021 7.965 7 8.282 7 L 8.282 7.007 Z"/>
<line style="opacity: 50%" x1="18" y1="3.705" x2="18" y2="2.5"/>
<line style="opacity: 50%" x1="18" y1="11.295" x2="18" y2="12.5"/>
<line style="opacity: 50%" x1="15.316" y1="4.816" x2="14.464" y2="3.964"/>
<line style="opacity: 50%" x1="20.711" y1="10.212" x2="21.563" y2="11.063"/>
<line style="opacity: 50%" x1="14.205" y1="7.5" x2="13.001" y2="7.5"/>
<line style="opacity: 50%" x1="21.795" y1="7.5" x2="23" y2="7.5"/>
<line style="opacity: 50%" x1="15.316" y1="10.184" x2="14.464" y2="11.036"/>
<line style="opacity: 50%" x1="20.711" y1="4.789" x2="21.563" y2="3.937"/>
<circle style="opacity: 50%" cx="18" cy="7.5" r="2.169"/>
</svg>
</symbol>
<symbol id="svg-pencil" viewBox="0 0 24 24">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-pencil-code">
<path d="M4 20h4l10.5 -10.5a2.828 2.828 0 1 0 -4 -4l-10.5 10.5v4" />
<path d="M13.5 6.5l4 4" />
<path d="M20 21l2 -2l-2 -2" />
<path d="M17 17l-2 2l2 2" />
</svg>
</symbol>
<symbol id="svg-eye" viewBox="0 0 24 24">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor"
stroke-width="1" stroke-linecap="round" stroke-linejoin="round" class="icon-tabler-eye-code">
<path stroke="none" d="M0 0h24v24H0z" fill="none" />
<path d="M10 12a2 2 0 1 0 4 0a2 2 0 0 0 -4 0" />
<path
d="M11.11 17.958c-3.209 -.307 -5.91 -2.293 -8.11 -5.958c2.4 -4 5.4 -6 9 -6c3.6 0 6.6 2 9 6c-.21 .352 -.427 .688 -.647 1.008" />
<path d="M20 21l2 -2l-2 -2" />
<path d="M17 17l-2 2l2 2" />
</svg>
</symbol>
</svg>
<input type="checkbox" class="sidebar-toggle" name="__navigation" id="__navigation" aria-label="Toggle site navigation sidebar">
<input type="checkbox" class="sidebar-toggle" name="__toc" id="__toc" aria-label="Toggle table of contents sidebar">
<label class="overlay sidebar-overlay" for="__navigation"></label>
<label class="overlay toc-overlay" for="__toc"></label>
<a class="skip-to-content muted-link" href="#furo-main-content">Skip to content</a>
<div class="page">
<header class="mobile-header">
<div class="header-left">
<label class="nav-overlay-icon" for="__navigation">
<span class="icon"><svg><use href="#svg-menu"></use></svg></span>
</label>
</div>
<div class="header-center">
<a href="../../"><div class="brand">LXD documentation</div></a>
</div>
<div class="header-right">
<div class="theme-toggle-container theme-toggle-header">
<button class="theme-toggle" aria-label="Toggle Light / Dark / Auto color theme">
<svg class="theme-icon-when-auto-light"><use href="#svg-sun-with-moon"></use></svg>
<svg class="theme-icon-when-auto-dark"><use href="#svg-moon-with-sun"></use></svg>
<svg class="theme-icon-when-dark"><use href="#svg-moon"></use></svg>
<svg class="theme-icon-when-light"><use href="#svg-sun"></use></svg>
</button>
</div>
<label class="toc-overlay-icon toc-header-icon" for="__toc">
<span class="icon"><svg><use href="#svg-toc"></use></svg></span>
</label>
</div>
</header>
<aside class="sidebar-drawer">
<div class="sidebar-container">
<div class="sidebar-sticky"><a class="sidebar-brand" href="../../">
<span class="sidebar-brand-text">LXD documentation</span>
</a><form class="sidebar-search-container" method="get" action="../../search/" role="search">
<input class="sidebar-search" placeholder="Search" name="q" aria-label="Search">
<input type="submit" value="Go">
<input type="hidden" name="check_keywords" value="yes">
<input type="hidden" name="area" value="default">
</form>
<div id="searchbox"></div><div class="sidebar-scroll"><div class="sidebar-tree">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../">LXD</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../tutorial/first_steps/">Tutorial</a></li>
<li class="toctree-l1 has-children"><a class="reference internal" href="../../howto/">How-to guides</a><input aria-label="Toggle navigation of How-to guides" class="toctree-checkbox" id="toctree-checkbox-1" name="toctree-checkbox-1" role="switch" type="checkbox"/><label for="toctree-checkbox-1"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../getting_started/">Getting started</a><input aria-label="Toggle navigation of Getting started" class="toctree-checkbox" id="toctree-checkbox-2" name="toctree-checkbox-2" role="switch" type="checkbox"/><label for="toctree-checkbox-2"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../installing/">Install LXD</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/initialize/">Initialize LXD</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/access_ui/">Access the UI</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/access_documentation/">Access documentation locally</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../operation/">LXD server and client</a><input aria-label="Toggle navigation of LXD server and client" class="toctree-checkbox" id="toctree-checkbox-3" name="toctree-checkbox-3" role="switch" type="checkbox"/><label for="toctree-checkbox-3"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/server_expose/">Expose LXD to the network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/server_configure/">Configure the LXD server</a></li>
<li class="toctree-l3 has-children"><a class="reference internal" href="../../howto/oidc/">Configure single sign-on with OIDC</a><input aria-label="Toggle navigation of Configure single sign-on with OIDC" class="toctree-checkbox" id="toctree-checkbox-4" name="toctree-checkbox-4" role="switch" type="checkbox"/><label for="toctree-checkbox-4"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l4"><a class="reference internal" href="../../howto/oidc_auth0/">How to configure Auth0</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../howto/oidc_ory/">How to configure Ory Hydra</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../howto/oidc_keycloak/">How to configure Keycloak</a></li>
<li class="toctree-l4"><a class="reference internal" href="../../howto/oidc_entra_id/">How to configure Entra ID</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../../remotes/">Add remote servers</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/lxc_alias/">Add command aliases</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../instances/">Instances</a><input aria-label="Toggle navigation of Instances" class="toctree-checkbox" id="toctree-checkbox-5" name="toctree-checkbox-5" role="switch" type="checkbox"/><label for="toctree-checkbox-5"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_create/">Create instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_configure/">Configure instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_manage/">Manage instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../profiles/">Use profiles</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_troubleshoot/">Troubleshoot errors</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_ubuntu_pro_attach/">Auto attach Ubuntu Pro</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_access_files/">Access files</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_console/">Access the console</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../instance-exec/">Run commands</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../cloud-init/">Use cloud-init</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_routed_nic_vm/">Add a routed NIC to a VM</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_backup/">Back up instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_migrate/">Migrate instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/import_machines_to_instances/">Import existing machines</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/container_gpu_passthrough_with_docker/">Pass NVIDIA GPUs</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../images/">Images</a><input aria-label="Toggle navigation of Images" class="toctree-checkbox" id="toctree-checkbox-6" name="toctree-checkbox-6" role="switch" type="checkbox"/><label for="toctree-checkbox-6"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/images_remote/">Use remote images</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/images_manage/">Manage images</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/images_profiles/">Associate profiles</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/images_copy/">Copy and import images</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/images_create/">Create images</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../projects/">Projects</a><input aria-label="Toggle navigation of Projects" class="toctree-checkbox" id="toctree-checkbox-7" name="toctree-checkbox-7" role="switch" type="checkbox"/><label for="toctree-checkbox-7"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/projects_create/">Create and configure</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/projects_work/">Work with projects</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/projects_confine/">Confine users to projects</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../storage/">Storage</a><input aria-label="Toggle navigation of Storage" class="toctree-checkbox" id="toctree-checkbox-8" name="toctree-checkbox-8" role="switch" type="checkbox"/><label for="toctree-checkbox-8"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/storage_pools/">Manage pools</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/storage_volumes/">Manage volumes</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/storage_buckets/">Manage buckets</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/storage_create_instance/">Create an instance in a pool</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/storage_backup_volume/">Back up a volume</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/storage_move_volume/">Move or copy a volume</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/storage_csi/">Use the LXD CSI driver with Kubernetes</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../networks/">Networking</a><input aria-label="Toggle navigation of Networking" class="toctree-checkbox" id="toctree-checkbox-9" name="toctree-checkbox-9" role="switch" type="checkbox"/><label for="toctree-checkbox-9"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_create/">Create a network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_configure/">Configure a network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_bgp/">Configure as BGP server</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_acls/">Configure network ACLs</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_forwards/">Configure forwards</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_zones/">Configure network zones</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_bridge_firewalld/">Configure your firewall</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_bridge_resolved/">Integrate with resolved</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_ovn_setup/">Set up OVN</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_load_balancers/">Configure load balancers</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_ovn_peers/">Configure peer routing</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_ipam/">Display IPAM information</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../clustering/">Clustering</a><input aria-label="Toggle navigation of Clustering" class="toctree-checkbox" id="toctree-checkbox-10" name="toctree-checkbox-10" role="switch" type="checkbox"/><label for="toctree-checkbox-10"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_form/">Form a cluster</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_manage/">Manage a cluster</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_config_networks/">Configure networks</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_config_storage/">Configure storage</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_manage_instance/">Manage instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_groups/">Set up cluster groups</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_placement_groups/">Use placement groups</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_recover/">Recover a cluster</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/cluster_vip/">Set up a highly available virtual IP</a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../production-setup/">Production setup</a><input aria-label="Toggle navigation of Production setup" class="toctree-checkbox" id="toctree-checkbox-11" name="toctree-checkbox-11" role="switch" type="checkbox"/><label for="toctree-checkbox-11"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/benchmark_performance/">Benchmark performance</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_increase_bandwidth/">Increase bandwidth</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../metrics/">Monitor metrics</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/logs_loki/">Send logs to Loki</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/grafana/">Set up Grafana</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../backup/">Back up a server</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/disaster_recovery/">Recover instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/disaster_recovery_replication/">Disaster recovery with storage replication</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../howto/snap/">Manage the snap</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../howto/security_harden/">Harden security</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../howto/troubleshoot/">Troubleshooting</a><input aria-label="Toggle navigation of Troubleshooting" class="toctree-checkbox" id="toctree-checkbox-12" name="toctree-checkbox-12" role="switch" type="checkbox"/><label for="toctree-checkbox-12"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../howto/network_bridge_firewalld/">Configure your firewall</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/instances_troubleshoot/">Troubleshoot instances</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../howto/dqlite_troubleshoot/">Troubleshoot Dqlite</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../debugging/">Debug LXD</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../faq/">Frequently asked</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../../support/">Get support</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../contributing/">Contribute to LXD</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../howto/auth_bearer/">How to authenticate to the LXD API using bearer tokens</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../howto/devlxd_authenticate/">How to authenticate to the DevLXD API</a></li>
</ul>
</li>
<li class="toctree-l1 has-children"><a class="reference internal" href="../../explanation/">Explanation</a><input aria-label="Toggle navigation of Explanation" class="toctree-checkbox" id="toctree-checkbox-13" name="toctree-checkbox-13" role="switch" type="checkbox"/><label for="toctree-checkbox-13"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/lxd_lxc/"><code class="docutils literal notranslate"><span class="pre">lxd</span></code> and <code class="docutils literal notranslate"><span class="pre">lxc</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/instances/">Containers and VMs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../image-handling/">Local and remote images</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/storage/">Storage pools, volumes, and buckets</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/networks/">Networking setups</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../database/">The LXD Dqlite database</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/lxc_show_info/"><code class="docutils literal notranslate"><span class="pre">lxc</span></code> <code class="docutils literal notranslate"><span class="pre">show</span></code> and <code class="docutils literal notranslate"><span class="pre">info</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="../../authentication/">Remote API authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/authorization/">Remote API authorization</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/projects/">Instances grouping with projects</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/clusters/">Clusters</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/performance_tuning/">Performance tuning</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/security/">Security</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/bpf/">Privilege delegation using BPF Token</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../explanation/csi/">The LXD CSI driver</a></li>
</ul>
</li>
<li class="toctree-l1 current has-children"><a class="reference internal" href="../">Reference</a><input aria-label="Toggle navigation of Reference" checked="" class="toctree-checkbox" id="toctree-checkbox-14" name="toctree-checkbox-14" role="switch" type="checkbox"/><label for="toctree-checkbox-14"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../requirements/">Requirements</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../architectures/">Architectures</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../release-notes/">Release notes</a><input aria-label="Toggle navigation of Release notes" class="toctree-checkbox" id="toctree-checkbox-15" name="toctree-checkbox-15" role="switch" type="checkbox"/><label for="toctree-checkbox-15"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../release-notes/release-notes-6.7/">LXD 6.7</a></li>
<li class="toctree-l3"><a class="reference internal" href="../release-notes/release-notes-6.6/">LXD 6.6</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../releases-snap/">Releases and snap</a></li>
<li class="toctree-l2"><a class="reference internal" href="../remote_image_servers/">Remote image servers</a></li>
<li class="toctree-l2"><a class="reference internal" href="../image_format/">Image format</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../guest-os-compatibility/">Guest OS compatibility</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../container-environment/">Container environment</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../config-options/">Configuration option index</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../server/">Server configuration</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../explanation/instance_config/">Instance configuration</a><input aria-label="Toggle navigation of Instance configuration" class="toctree-checkbox" id="toctree-checkbox-16" name="toctree-checkbox-16" role="switch" type="checkbox"/><label for="toctree-checkbox-16"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../instance_properties/">Instance properties</a></li>
<li class="toctree-l3"><a class="reference internal" href="../instance_options/">Instance options</a></li>
<li class="toctree-l3 has-children"><a class="reference internal" href="../devices/">Devices</a><input aria-label="Toggle navigation of Devices" class="toctree-checkbox" id="toctree-checkbox-17" name="toctree-checkbox-17" role="switch" type="checkbox"/><label for="toctree-checkbox-17"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l4"><a class="reference internal" href="../standard_devices/">Standard devices</a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_none/">Type: <code class="docutils literal notranslate"><span class="pre">none</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_nic/">Type: <code class="docutils literal notranslate"><span class="pre">nic</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_disk/">Type: <code class="docutils literal notranslate"><span class="pre">disk</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_unix_char/">Type: <code class="docutils literal notranslate"><span class="pre">unix-char</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_unix_block/">Type: <code class="docutils literal notranslate"><span class="pre">unix-block</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_usb/">Type: <code class="docutils literal notranslate"><span class="pre">usb</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_gpu/">Type: <code class="docutils literal notranslate"><span class="pre">gpu</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_infiniband/">Type: <code class="docutils literal notranslate"><span class="pre">infiniband</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_proxy/">Type: <code class="docutils literal notranslate"><span class="pre">proxy</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_unix_hotplug/">Type: <code class="docutils literal notranslate"><span class="pre">unix-hotplug</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_tpm/">Type: <code class="docutils literal notranslate"><span class="pre">tpm</span></code></a></li>
<li class="toctree-l4"><a class="reference internal" href="../devices_pci/">Type: <code class="docutils literal notranslate"><span class="pre">pci</span></code></a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../instance_units/">Units for storage and network limits</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../preseed_yaml_fields/">Preseed YAML file fields</a></li>
<li class="toctree-l2"><a class="reference internal" href="../projects/">Project configuration</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../storage_drivers/">Storage drivers</a><input aria-label="Toggle navigation of Storage drivers" class="toctree-checkbox" id="toctree-checkbox-18" name="toctree-checkbox-18" role="switch" type="checkbox"/><label for="toctree-checkbox-18"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../storage_dir/">Directory - <code class="docutils literal notranslate"><span class="pre">dir</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_btrfs/">Btrfs - <code class="docutils literal notranslate"><span class="pre">btrfs</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_lvm/">LVM - <code class="docutils literal notranslate"><span class="pre">lvm</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_zfs/">ZFS - <code class="docutils literal notranslate"><span class="pre">zfs</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_ceph/">Ceph RBD - <code class="docutils literal notranslate"><span class="pre">ceph</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_powerflex/">Dell PowerFlex - <code class="docutils literal notranslate"><span class="pre">powerflex</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_pure/">Pure Storage - <code class="docutils literal notranslate"><span class="pre">pure</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_alletra/">HPE Alletra - <code class="docutils literal notranslate"><span class="pre">alletra</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_cephfs/">CephFS - <code class="docutils literal notranslate"><span class="pre">cephfs</span></code></a></li>
<li class="toctree-l3"><a class="reference internal" href="../storage_cephobject/">Ceph Object - <code class="docutils literal notranslate"><span class="pre">cephobject</span></code></a></li>
</ul>
</li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../networks/">Networks</a><input aria-label="Toggle navigation of Networks" class="toctree-checkbox" id="toctree-checkbox-19" name="toctree-checkbox-19" role="switch" type="checkbox"/><label for="toctree-checkbox-19"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../network_bridge/">Bridge network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_ovn/">OVN network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_macvlan/">Macvlan network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_physical/">Physical network</a></li>
<li class="toctree-l3"><a class="reference internal" href="../network_sriov/">SR-IOV network</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../cluster_member_config/">Cluster configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../placement_groups/">Placement group configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../server_settings/">Production server settings</a></li>
<li class="toctree-l2"><a class="reference internal" href="../provided_metrics/">Provided metrics</a></li>
<li class="toctree-l2"><a class="reference internal" href="../permissions/">Permissions</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../../restapi_landing/">REST API</a><input aria-label="Toggle navigation of REST API" class="toctree-checkbox" id="toctree-checkbox-20" name="toctree-checkbox-20" role="switch" type="checkbox"/><label for="toctree-checkbox-20"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../../rest-api/">Main API documentation</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../api/">Main API specification</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../api-extensions/">Main API extensions</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../events/">Events API documentation</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../dev-lxd/">Instance API</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../driver_csi/">LXD CSI driver reference</a></li>
<li class="toctree-l2 has-children"><a class="reference internal" href="../manpages/">Man pages</a><input aria-label="Toggle navigation of Man pages" class="toctree-checkbox" id="toctree-checkbox-21" name="toctree-checkbox-21" role="switch" type="checkbox"/><label for="toctree-checkbox-21"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul>
<li class="toctree-l3"><a class="reference internal" href="../manpages/lxc/"><code class="docutils literal notranslate"><span class="pre">lxc</span></code></a></li>
</ul>
</li>
<li class="toctree-l2 current has-children"><a class="reference internal" href="../../internals/">Internals</a><input aria-label="Toggle navigation of Internals" checked="" class="toctree-checkbox" id="toctree-checkbox-22" name="toctree-checkbox-22" role="switch" type="checkbox"/><label for="toctree-checkbox-22"><span class="icon"><svg><use href="#svg-arrow-right"></use></svg></span></label><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../../environment/">Environment variables</a></li>
<li class="toctree-l3"><a class="reference internal" href="../uefi_variables/">UEFI variables for VMs</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../daemon-behavior/">Daemon behavior</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../syscall-interception/">System call interception</a></li>
<li class="toctree-l3"><a class="reference internal" href="../../userns-idmap/">User namespace setup</a></li>
<li class="toctree-l3 current current-page"><a class="current reference internal" href="#">OVN implementation</a></li>
<li class="toctree-l3"><a class="reference internal" href="../vm_live_migration_internals/">VM live migration implementation</a></li>
<li class="toctree-l3"><a class="reference internal" href="../dqlite-internals/">Dqlite</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference external" href="https://github.com/canonical/lxd">Project repository</a></li>
<li class="toctree-l2"><a class="reference external" href="https://images.lxd.canonical.com">Image server</a></li>
</ul>
</li>
</ul>
</div>
</div>
</div>
</div>
</aside>
<div class="main">
<div class="content">
<div class="article-container">
<a href="#" class="back-to-top muted-link">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
<path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12z"></path>
</svg>
<span>Back to top</span>
</a>
<div class="content-icon-container">
<div class="edit-this-page">
<a class="muted-link" href="https://github.com/canonical/lxd/edit/main/doc/reference/ovn-internals.md" title="Contribute to this page">
<svg><use href="#svg-pencil"></use></svg>
<span class="visually-hidden">Contribute to this page</span>
</a>
</div><div class="theme-toggle-container theme-toggle-content">
<button class="theme-toggle" aria-label="Toggle Light / Dark / Auto color theme">
<svg class="theme-icon-when-auto-light"><use href="#svg-sun-with-moon"></use></svg>
<svg class="theme-icon-when-auto-dark"><use href="#svg-moon-with-sun"></use></svg>
<svg class="theme-icon-when-dark"><use href="#svg-moon"></use></svg>
<svg class="theme-icon-when-light"><use href="#svg-sun"></use></svg>
</button>
</div>
<label class="toc-overlay-icon toc-content-icon" for="__toc">
<span class="icon"><svg><use href="#svg-toc"></use></svg></span>
</label>
</div>
<article role="main" id="furo-main-content">
<section id="ovn-implementation">
<span id="ref-ovn-internals"></span><h1>OVN implementation<a class="headerlink" href="#ovn-implementation" title="Link to this heading">¶</a></h1>
<p>Open Virtual Networks (OVN) is an open source Software Defined Network (SDN) solution.
OVN is designed to be incredibly flexible.
This flexibility comes at the cost of complexity.
OVN is not prescriptive about how it should be used.</p>
<p>For LXD, the best way to think of OVN is as a toolkit.
We need to translate networking concepts in LXD to their OVN analogue and instruct OVN directly, at a low level, what to do.</p>
<p>This document outlines LXD’s approach to OVN in a basic setup.
It does not yet cover load-balancers, peering, forwards, zones, or ACLs.</p>
<p>For more detailed documentation on OVN itself, please see:</p>
<ul class="simple">
<li><p><a class="reference external" href="https://ubuntu.com/blog/data-centre-networking-what-is-ovn">Overview of OVN and SDNs</a>.</p></li>
<li><p><a class="reference external" href="https://manpages.ubuntu.com/manpages/noble/man7/ovn-architecture.7.html">OVN architectural overview</a>.</p></li>
<li><p><a class="reference external" href="https://manpages.ubuntu.com/manpages/noble/en/man5/ovn-nb.5.html">OVN northbound database schema documentation</a>.</p></li>
<li><p><a class="reference external" href="https://manpages.ubuntu.com/manpages/noble/en/man5/ovn-sb.5.html">OVN southbound database schema documentation</a>.</p></li>
</ul>
<section id="ovn-concepts">
<h2>OVN concepts<a class="headerlink" href="#ovn-concepts" title="Link to this heading">¶</a></h2>
<p>This section outlines the OVN concepts that we use in LXD.
These are usually represented in tables in the OVN northbound database.</p>
<section id="chassis">
<span id="ref-ovn-internals-chassis"></span><h3>Chassis<a class="headerlink" href="#chassis" title="Link to this heading">¶</a></h3>
<p>A chassis is where traffic physically ingresses into or egresses out of the virtual network. In LXD, there will usually be one chassis per cluster member. If LXD is configured to use OVN networking, then all members <em>can</em> be used as OVN chassis.</p>
</section>
<section id="chassis-group">
<span id="ref-ovn-internals-chassis-group"></span><h3>Chassis group<a class="headerlink" href="#chassis-group" title="Link to this heading">¶</a></h3>
<p>A chassis group is an indirection between physical chassis and the virtual networks that use them. Each LXD OVN network has one chassis group. This allows us to, for example, set chassis priority on a per-network basis so that not all ingress/egress occurs on a single cluster member.</p>
<p>If any cluster members are assigned the <a class="reference internal" href="../../explanation/clusters/#clustering-member-roles"><span class="std std-ref">member role</span></a> of <code class="docutils literal notranslate"><span class="pre">ovn-chassis</span></code>, only those members are added to the chassis group. If none are assigned the <code class="docutils literal notranslate"><span class="pre">ovn-chassis</span></code> role, all members are added to the chassis group.</p>
</section>
<section id="open-vswitch-ovs-bridge">
<h3>Open vSwitch (OVS) Bridge<a class="headerlink" href="#open-vswitch-ovs-bridge" title="Link to this heading">¶</a></h3>
<p>OVS bridges are used to connect virtual networks to physical ones and vice-versa.
If the LXD daemon invokes OVS APIs, that means changes are being applied on the same host machine.</p>
<p>For each LXD cluster member there are two OVS bridges:</p>
<ul class="simple">
<li><p>The provider bridge. This is used when connecting the uplink network on the host to the external switch inside each OVN network.</p></li>
<li><p>The integration bridge. This is used when connecting instances to the internal switch inside each OVN network.</p></li>
</ul>
</section>
<section id="ovn-underlay">
<h3>OVN underlay<a class="headerlink" href="#ovn-underlay" title="Link to this heading">¶</a></h3>
<p>The OVN underlay is the means by which networks are virtualized across cluster members.
It is a Geneve tunnel which creates a layer 2 overlay network across layer 3 infrastructure.
The OVN underlay is configured and managed by OVN.</p>
</section>
<section id="logical-router">
<h3>Logical router<a class="headerlink" href="#logical-router" title="Link to this heading">¶</a></h3>
<p>A logical router is a virtualized router.
There is one per LXD OVN network.
This handles layer 3 networking and additionally has associated NAT rules and security policies.</p>
</section>
<section id="logical-switch">
<h3>Logical switch<a class="headerlink" href="#logical-switch" title="Link to this heading">¶</a></h3>
<p>Logical routers cannot be directly connected to OVS bridges; for this, we use a logical switch.
There are two logical switches per LXD OVN network:</p>
<ul class="simple">
<li><p>The external switch, which connects via logical switch port to a port on the logical router and to the provider OVS switch.</p></li>
<li><p>The internal switch, which connects via logical switch port to a port on the logical router and to the integration bridge.
This switch contains DHCP and IP allocation configuration.</p></li>
</ul>
</section>
<section id="logical-switch-router-ports">
<h3>Logical switch/router ports<a class="headerlink" href="#logical-switch-router-ports" title="Link to this heading">¶</a></h3>
<p>When you create a logical router or switch in OVN, it doesn’t initially have any ports.
You need to create ports and then link them.
For example, the internal logical switch and the logical router for a LXD OVN network are connected by:</p>
<ol class="arabic simple">
<li><p>Adding a logical router port to the logical router.</p></li>
<li><p>Adding a logical switch port to the internal logical switch.</p></li>
<li><p>Configuring the internal logical switch port as a router port and setting the logical router name.</p></li>
</ol>
<p>Some configuration is applied directly at port level.
For example, in a LXD OVN network, IPv6 router advertisement settings are applied on the logical router port for the internal switch.
This is by design. It allows OVN to push configuration down to the port level so that packets are handled as quickly as possible.</p>
</section>
<section id="port-groups">
<h3>Port groups<a class="headerlink" href="#port-groups" title="Link to this heading">¶</a></h3>
<p>When a LXD OVN network is created, a port group will be created that is specific to that network.
When instances are connected to the network, logical switch ports are created for them on the internal switch.
These logical switch ports are added to the port group for the network.
When a port group is created or updated in the OVN northbound database, the address set table is automatically populated.
Address sets are used for managing access control lists (ACLs).
By creating and maintaining the port group, we can easily select the whole network when managing ACLs.</p>
</section>
</section>
<section id="ovn-uplink">
<h2>OVN Uplink<a class="headerlink" href="#ovn-uplink" title="Link to this heading">¶</a></h2>
<p>An OVN network can specify an uplink network.
That uplink network must be a managed network and be of type <code class="docutils literal notranslate"><span class="pre">physical</span></code> or <code class="docutils literal notranslate"><span class="pre">bridge</span></code>.
From these managed network definitions LXD ascertains a <code class="docutils literal notranslate"><span class="pre">parent</span></code> interface to use for the uplink connectivity.</p>
<p>For managed <code class="docutils literal notranslate"><span class="pre">bridge</span></code> networks the interface is the name of the network itself.</p>
<p>For managed <code class="docutils literal notranslate"><span class="pre">physical</span></code> networks it is the per-cluster member value of the <code class="docutils literal notranslate"><span class="pre">parent</span></code> setting.
The <code class="docutils literal notranslate"><span class="pre">parent</span></code> interface itself can have one of three types:</p>
<ul class="simple">
<li><p>Linux native bridge.</p></li>
<li><p>OVS Bridge.</p></li>
<li><p>Physical interface (or <code class="docutils literal notranslate"><span class="pre">bond</span></code> or <code class="docutils literal notranslate"><span class="pre">vlan</span></code>).</p></li>
</ul>
<p>It is important to note that a <code class="docutils literal notranslate"><span class="pre">physical</span></code> managed network’s <code class="docutils literal notranslate"><span class="pre">parent</span></code> interface can be any of these types, and that for a managed <code class="docutils literal notranslate"><span class="pre">bridge</span></code> network the parent interface can be either types of bridges.</p>
<section id="bridge-ovs">
<h3>Bridge (OVS)<a class="headerlink" href="#bridge-ovs" title="Link to this heading">¶</a></h3>
<p>A user can separately configure a managed bridge network with the <code class="docutils literal notranslate"><span class="pre">openvswitch</span></code> <code class="docutils literal notranslate"><span class="pre">bridge.driver</span></code>.
An OVN network can be created with <code class="docutils literal notranslate"><span class="pre">network</span></code> set to the name of the managed bridge network.
In this case LXD configures a bridge mapping on the OVS bridge to connect the OVN network:</p>
<figure class="align-default" id="id1">
<img alt="../../_images/ovn-uplink-bridge-ovs.svg" src="../../_images/ovn-uplink-bridge-ovs.svg" />
<figcaption>
<p><span class="caption-text">OVN uplink OVS bridge</span><a class="headerlink" href="#id1" title="Link to this image">¶</a></p>
</figcaption>
</figure>
</section>
<section id="physical">
<h3>Physical<a class="headerlink" href="#physical" title="Link to this heading">¶</a></h3>
<p>An OVN network can be created with <code class="docutils literal notranslate"><span class="pre">network</span></code> set to a physical network, where the physical network is essentially a database entry in LXD that tells it how to interact with an actual <code class="docutils literal notranslate"><span class="pre">parent</span></code> network device.
In this case, an OVS bridge is created automatically.
A bridge port connects the OVS bridge to the parent.
A bridge mapping is used (as above) to connect the OVS bridge to the OVN network.</p>
<figure class="align-default" id="id2">
<img alt="../../_images/ovn-uplink-physical.svg" src="../../_images/ovn-uplink-physical.svg" />
<figcaption>
<p><span class="caption-text">OVN uplink physical</span><a class="headerlink" href="#id2" title="Link to this image">¶</a></p>
</figcaption>
</figure>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>When using a physical network as an uplink for OVN, any IP addresses on the parent interface will become defunct.
The parent network must not have any assigned IP addresses.</p>
</div>
</section>
<section id="bridge-native">
<h3>Bridge (native)<a class="headerlink" href="#bridge-native" title="Link to this heading">¶</a></h3>
<p>A native Linux bridge can be used.
In this case, we perform the same steps as in the physical network and additionally configure a <code class="docutils literal notranslate"><span class="pre">veth</span></code> pair.
The <code class="docutils literal notranslate"><span class="pre">veth</span></code> pair is used so that the bridge can still be used for other purposes (since the bridge maintains its configuration).
This is handy for development and testing but is not performant and should not be used in production.</p>
<figure class="align-default" id="id3">
<img alt="../../_images/ovn-uplink-bridge-native.svg" src="../../_images/ovn-uplink-bridge-native.svg" />
<figcaption>
<p><span class="caption-text">OVN uplink native bridge</span><a class="headerlink" href="#id3" title="Link to this image">¶</a></p>
</figcaption>
</figure>
</section>
</section>
<section id="ovn-network">
<h2>OVN Network<a class="headerlink" href="#ovn-network" title="Link to this heading">¶</a></h2>
<p>In the simplest case, a LXD OVN network has the below configuration:</p>
<figure class="align-default" id="id4">
<a class="reference internal image-reference" href="../../_images/ovn-network.svg"><img alt="../../_images/ovn-network.svg" src="../../_images/ovn-network.svg" style="width: 100%;" />
</a>
<figcaption>
<p><span class="caption-text">LXD OVN network diagram</span><a class="headerlink" href="#id4" title="Link to this image">¶</a></p>
</figcaption>
</figure>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>This diagram does not show cross-cluster networks.
This conceptual diagram should look the same on all cluster members.
If the chassis group prioritizes another chassis for the uplink, the traffic is routed through that chassis.</p>
</div>
</section>
<section id="integration-bridge">
<h2>Integration bridge<a class="headerlink" href="#integration-bridge" title="Link to this heading">¶</a></h2>
<p>The cluster setting <code class="docutils literal notranslate"><span class="pre">network.ovn.integration_bridge</span></code> must contain the name of an OVS bridge that is used to connect instances to an OVN network via a NIC device.
This OVS bridge must be pre-configured on all cluster members with the same name.
Connectivity to the integration bridge differs between containers and virtual machines:</p>
<ul>
<li><p>Containers use a <code class="docutils literal notranslate"><span class="pre">veth</span></code> pair (similar to connecting to a native bridge uplink network).</p>
<figure class="align-default" id="id5">
<img alt="../../_images/ovn-integration-bridge-container.svg" src="../../_images/ovn-integration-bridge-container.svg" />
<figcaption>
<p><span class="caption-text">Integration bridge connectivity with containers</span><a class="headerlink" href="#id5" title="Link to this image">¶</a></p>
</figcaption>
</figure>
</li>
<li><p>Virtual machines use a TAP device (this can be presented to QEMU as a device whereas a <code class="docutils literal notranslate"><span class="pre">veth</span></code> pair cannot).</p>
<figure class="align-default" id="id6">
<img alt="../../_images/ovn-integration-bridge-vm.svg" src="../../_images/ovn-integration-bridge-vm.svg" />
<figcaption>
<p><span class="caption-text">Integration bridge connectivity with virtual machines</span><a class="headerlink" href="#id6" title="Link to this image">¶</a></p>
</figcaption>
</figure>
</li>
</ul>
</section>
</section>
</article>
</div>
<footer>
<div class="related-pages">
<a class="next-page" href="../vm_live_migration_internals/">
<div class="page-info">
<div class="context">
<span>Next</span>
</div>
<div class="title">VM live migration implementation</div>
</div>
<svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
</a>
<a class="prev-page" href="../../userns-idmap/">
<svg class="furo-related-icon"><use href="#svg-arrow-right"></use></svg>
<div class="page-info">
<div class="context">
<span>Previous</span>
</div>
<div class="title">Idmaps for user namespace</div>
</div>
</a>
</div>
<div class="bottom-of-page">
<div class="left-details">
<div class="copyright">
© 2014-2026 AGPL-3.0, LXD contributors
</div><div class="last-updated">
Last updated on Oct 30, 2025</div>
</div>
<div class="right-details">
<a href="" class="js-revoke-cookie-manager muted-link">Manage your tracker settings</a>
</div>
</footer>
</div>
<aside class="toc-drawer">
<div class="toc-sticky toc-scroll">
<div class="toc-title-container">
<span class="toc-title">
Contents
</span>
</div>
<div class="toc-tree-container">
<div class="toc-tree">
<ul>
<li><a class="reference internal" href="#">OVN implementation</a><ul>
<li><a class="reference internal" href="#ovn-concepts">OVN concepts</a><ul>
<li><a class="reference internal" href="#chassis">Chassis</a></li>
<li><a class="reference internal" href="#chassis-group">Chassis group</a></li>
<li><a class="reference internal" href="#open-vswitch-ovs-bridge">Open vSwitch (OVS) Bridge</a></li>
<li><a class="reference internal" href="#ovn-underlay">OVN underlay</a></li>
<li><a class="reference internal" href="#logical-router">Logical router</a></li>
<li><a class="reference internal" href="#logical-switch">Logical switch</a></li>
<li><a class="reference internal" href="#logical-switch-router-ports">Logical switch/router ports</a></li>
<li><a class="reference internal" href="#port-groups">Port groups</a></li>
</ul>
</li>
<li><a class="reference internal" href="#ovn-uplink">OVN Uplink</a><ul>
<li><a class="reference internal" href="#bridge-ovs">Bridge (OVS)</a></li>
<li><a class="reference internal" href="#physical">Physical</a></li>
<li><a class="reference internal" href="#bridge-native">Bridge (native)</a></li>
</ul>
</li>
<li><a class="reference internal" href="#ovn-network">OVN Network</a></li>
<li><a class="reference internal" href="#integration-bridge">Integration bridge</a></li>
</ul>
</li>
</ul>
</div>
</div>
<div class="relatedlinks-title-container">
<span class="relatedlinks-title">
Related links
</span>
</div>
<div class="relatedlinks-container">
<div class="relatedlinks">
<ul><li><a href="https://ubuntu.com/blog/data-centre-networking-what-is-ovn" target="_blank">Data centre networking: What is OVN?</a></li><li><a href="https://manpages.ubuntu.com/manpages/noble/man7/ovn-architecture.7.html" target="_blank">OVN architectural overview</a></li><li><a href="https://manpages.ubuntu.com/manpages/noble/en/man5/ovn-nb.5.html" target="_blank">OVN northbound database schema documentation</a></li><li><a href="https://manpages.ubuntu.com/manpages/noble/en/man5/ovn-sb.5.html" target="_blank">OVN southbound database schema documentation</a></li></ul>
</div>
</div>
</div>
</aside>
</div>
</div><script src="../../_static/jquery.js?v=5d32c60e"></script>
<script src="../../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
<script src="../../_static/documentation_options.js?v=a5603611"></script>
<script src="../../_static/doctools.js?v=9a2dae69"></script>
<script src="../../_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="../../_static/scripts/furo.js?v=46bd48cc"></script>
<script src="../../_static/clipboard.min.js?v=a7894cd8"></script>
<script src="../../_static/copybutton.js?v=b01cb6f2"></script>
<script src="../../_static/config-options.js"></script>
<script src="../../_static/design-tabs.js?v=f930bc37"></script>
<script src="../../_static/js/bundle.js?v=a4d88309"></script>
<script src="../../_static/header-nav.js?v=e117ad08"></script>
<script src="../../_static/github_issue_links.js?v=32bb732f"></script>
<script>
const github_url = "https://github.com/canonical/lxd";
</script>
</body>
</html>