The OpenShift Container Platform cluster uses a virtualized network for pod and service networks. The OVN-Kubernetes Container Network Interface (CNI) plug-in is a network provider for the default cluster network.

OVN-Kubernetes features

The OVN-Kubernetes default Container Network Interface (CNI) network provider implements the following features:

  • Uses OVN (Open Virtual Network) to manage network traffic flows. OVN is a community developed, vendor agnostic network virtualization solution.

  • Implements Kubernetes network policy support, including ingress and egress rules.

  • Uses the Geneve (Generic Network Virtualization Encapsulation) protocol rather than VXLAN to create an overlay network between nodes.

Supported default CNI network provider feature matrix

OpenShift Container Platform offers two supported choices, OpenShift SDN and OVN-Kubernetes, for the default Container Network Interface (CNI) network provider. The following table summarizes the current feature support for both network providers:

Table 1. Default CNI network provider feature comparison
Feature OVN-Kubernetes [1] OpenShift SDN

Egress IPs

Not supported


Egress firewall [2]

Not supported


Egress router

Not supported


Kubernetes network policy


Partially supported [3]




  1. Available only as a Technology Preview feature in OpenShift Container Platform 4.5.

  2. Egress firewall is also known as egress network policy in OpenShift SDN. This is not the same as network policy egress.

  3. Does not support egress rules and some ipBlock rules.

Exposed metrics for OVN-Kubernetes

The OVN-Kubernetes default Container Network Interface (CNI) network provider exposes certain metrics for use by the Prometheus-based OpenShift Container Platform cluster monitoring stack.

Table 2. Metrics exposed by OVN-Kubernetes
Name Description


The latency between when a pod is created and when the pod is annotated by OVN-Kubernetes. The higher the latency, the more time that elapses before a pod is available for network connectivity.