Gaps from ML2/OVS¶
This is a list of some of the currently known gaps between ML2/OVS and OVN. It is not a complete list, but is enough to be used as a starting point for implementors working on closing these gaps. A TODO list for OVN is located at .
QoS minimum bandwidth allocation in Placement API
IPv6 Prefix Delegation
DHCP service for instances
ML2/OVS adds packet filtering rules to every instance that allow DHCP queries from instances to reach the DHCP agent. For OVN this traffic has to be explicitly allowed by security group rules attached to the instance. Note that the default security group does allow all outgoing traffic, so this only becomes relevant when using custom security groups . Proposed patch is  but it needs to be revived and updated.
DNS resolution for instances
OVN cannot use the host’s networking for DNS resolution, so Case 2b in  can only be used when additional DHCP agents are deployed. For Case 2a a different configuration option has to be used in
[ovn] dns_servers = 203.0.113.8, 198.51.100.53
OVN answers queries for hosts and IP addresses in tenant networks by spoofing responses from the configured DNS servers. This may lead to confusion in debugging.
OVN can only answer queries that are sent via UDP, queries that use TCP will be ignored by OVN and forwarded to the configured resolvers.
OVN can only answer queries with no additional options being set (EDNS). Such queries depending on the OVN version will either get broken responses or will also be forwarded to the configured resolvers.
IPv6 NDP proxy
The NDP proxy functionality for IPv6 addresses is not supported by OVN.
North/South Fragmentation and path MTU discovery
OVN does not correctly fragment IPv4 packets when the MTU of the target network is smaller than the MTU of the source network. Instead, affected packets could be silently dropped depending on the direction. OVN will also not generate ICMP “packet too big” responses for packets that have the DF bit set, even when the necessary configuration option is used in
[ovn] ovn_emit_need_to_frag = true
neutron-metering-agentcan only work with the Neutron L3 agent. It is not supported by the
ovn-routerservice plugin nor by the
neutron-ovn-agent. This is being reported and tracked in .
Floating IP Port Forwarding in provider networks and with distributed routing
Currently, when provider network types like
flatare plugged to a router as internal networks while the
enable_distributed_floating_ipconfiguration option is enabled, Floating IP port forwardings which are using such router will not work properly. Due to an incompatible setting of the router to make traffic in the vlan/flat networks to be distributed but port forwardings are always centralized in ML2/OVN backend. This is being reported in .