DevOps · K8s · Volleyball · Travel  •  DevOps · K8s · Volleyball · Travel  •  DevOps · K8s · Volleyball · Travel
Explore NY Stream

How OpenShift Networking Works: SDN, OVS and Pod Traffic

— ny_wk

How OpenShift Networking Works: SDN, OVS and Pod Traffic

OpenShift networking can look like a black box until you learn the few pieces doing the work. At its heart is a software-defined network that lets every pod talk to every other pod across the cluster — here's how the traffic actually flows.

The pod network is flat and internal

OpenShift uses a non-routable, internal pod network. Each pod gets its own IP on that network, and by default every pod can reach every other pod across all hosts — a flat topology. This network isn't exposed to the outside world directly; external access comes through Services and Routes.

OpenShift SDN and Open vSwitch

The classic implementation is OpenShift SDN, built on Open vSwitch (OVS) — a programmable virtual switch on each node. OVS creates a scalable, configurable network for cluster traffic, wiring pods together across hosts.

The plumbing on each host: every container has a veth (virtual ethernet) interface that links the container's network namespace to the host, and OVS interfaces tie those together so packets move between pods on the same node and across nodes.

Internal DNS for discovery

Pods shouldn't chase changing IPs, so OpenShift runs an internal DNS service. Services get stable names, and pods resolve each other by name — making communication easy to manage and scale as pods come and go.

Choosing isolation: flat vs multitenant

The default SDN plugin gives a flat network — all pods can talk to all pods. If you need isolation between projects, you can switch to a multitenant mode (or use Network Policies) so each project's traffic is separated and only explicitly-allowed connections pass. Pick based on whether you need open communication or tenant isolation.

Key takeaways

  • OpenShift uses an internal, non-routable, flat pod network — every pod has its own IP.
  • OpenShift SDN on Open vSwitch wires pods together via veth + OVS interfaces on each host.
  • An internal DNS service lets pods find Services by stable name.
  • Use multitenant mode / Network Policies when you need project isolation instead of the flat default.

Frequently asked questions

Can all pods talk to each other by default?

Yes — the default SDN plugin provides a flat network where any pod can reach any other pod in the cluster.

What is Open vSwitch's role?

It's the virtual switch on each node that implements the software-defined pod network and moves traffic between pods and hosts.

How do I isolate one project's traffic?

Use the multitenant SDN mode or apply Network Policies to restrict which pods/projects can communicate.

How do pods find each other?

Through OpenShift's internal DNS — they connect to stable Service names rather than volatile pod IPs.

Flat pod network, OVS doing the switching, DNS for discovery, and policies for isolation — that's OpenShift networking without the mystery.