Open Virtual Network Reconnaissance (OVN Recon)

Screenshots

Open Virtual Network Reconnaissance (OVN Recon) is an OpenShift Console Plugin that provides a visualization of the Virtual and Node Network State in an OpenShift cluster.

Blog post: OVN Recon: Making OpenShift Networking Connections

Feature Highlights

• Physical topology view: Per-node graph of host interfaces, bridges, OVN bridge mappings, VRFs, CUDNs/UDNs, attachments, and NAD relationships.
• LLDP-aware interface context: Optional LLDP neighbors column in the node visualization, shown via toggle when LLDP is enabled and neighbor data is present.
• Logical topology view (WIP): Node-scoped logical OVN graph (/ovn-recon/ovn/:name) backed by the optional collector service.
• Operator-managed lifecycle: Recommended installation via OVN Recon Operator with automatic console plugin enablement and collector wiring.

Kubernetes Resource Dependencies

OVN Recon visualizes the following Kubernetes Custom Resources:

• NodeNetworkState (NNS) - Represents the current network configuration of a node, including interfaces, bridges, and OVN bridge mappings. Provided by the nmstate operator.
• NodeNetworkConfigurationPolicy (NNCP) - Defines desired network configuration for nodes. Used to configure OVN bridge mappings and physical network interfaces.
• ClusterUserDefinedNetwork (CUDN) - Defines overlay networks that can be attached to pods. Part of OpenShift's OVN-Kubernetes secondary networks.
• UserDefinedNetwork (UDN) - Namespace-scoped network definitions used by secondary network workflows.
• NetworkAttachmentDefinition (NAD) - Multus CNI resource that references a CUDN and allows pods to attach to secondary networks.
• RouteAdvertisements - Cluster-scoped route advertisement policy objects used for VRF-to-network relationships.
• OvnRecon - Operator custom resource that controls plugin/collector deployment and logical topology feature gating.

The plugin watches these resources in real-time and renders interactive physical/logical topology views to show how interfaces, bridges, networks, routes, and attachments are connected.

Using OVN Recon

• Node list: /ovn-recon/node-network-state
• Physical view: /ovn-recon/node-network-state/:name
• Logical OVN view: /ovn-recon/ovn/:name (shown when collector feature gate is enabled)

In the physical node graph:

• LLDP neighbors are rendered in a dedicated optional column left of physical interfaces.
• The Show LLDP neighbors toggle appears only when LLDP is enabled on at least one interface and LLDP neighbor payloads are present.

Installation

Warning

Experimental / No warranty. This project is experimental, community-maintained, and is not endorsed or supported by Red Hat. It is provided "as is" with no warranty. Installing or using it may affect your cluster; you assume all risk. Test in a non-production environment first. The authors are not responsible for any damage, downtime, or data loss.

Operator Installation (recommended)

GUI Operator Installation Method

• Click the ➕ icon at the top right of the OpenShift Console
• Select "Import YAML"
• Paste in this YAML: https://raw.githubusercontent.com/dlbewley/ovn-recon/refs/heads/main/manifests/catalogsource.yaml
• After a few moments navigate to "Ecosystem -> Software Catalog" (or Operator Hub in older versions)
• Search for "OVN Recon Operator"
• Click install and accept the defaults
• After a few moments click the tile to create a "ovnrecon" resource and accept the defaults
• After a few more moments a new "OVN Recon" menu will show up within the Networking menu.

CLI Operator Installation Method

Create the Bewley Operators catalog source

oc apply -f manifests/catalogsource.yaml

Create the operator subscription.

oc apply -k manifests/operator/base

Create the ovnrecon resource instance to enable console plugin and deploy OVN Recon application.

oc apply -k manifests/instance/base

Console plugin will be automatically enabled.

For detailed operator deployment instructions, please see docs/OLM-BUNDLE-GUIDE.md.

Enable Logical Topology View (Collector)

The logical OVN topology view is enabled when collector support is turned on in your OvnRecon resource. This is a WIP feature and is not yet enabled by default.

Example patch:

oc patch ovnrecon ovn-recon --type=merge -p '{
  "spec": {
    "collector": { "enabled": true }
  }
}'

You can also set collector image fields (spec.collector.image.repository|tag|pullPolicy) as needed. See OPERATOR.md for full API details.

Manual Installation

Create the namespace, consoleplugin, service, and deployment from manifests/manual/base without an operator.

oc apply -k manifests/manual/base

Enable the Console Plugin

Note

When installing via the Operator, this step is not necessary.

Patch the Console Operator config to enable the plugin. Use a JSON patch to append to the list of plugins instead of replacing it:

oc patch console.operator.openshift.io cluster --type=json \
    --patch '[{"op": "add", "path": "/spec/plugins/-", "value": "ovn-recon"}]'

The OpenShift console will reload to apply the changes. You should see a notification that the console has been updated.

Troubleshooting

For troubleshooting steps, please see docs/TROUBLESHOOTING.md.

How to Build

For detailed build and developer deployment instructions, please see docs/BUILDING.md.

References

• OpenShift Console Dynamic Plugin SDK
• Dynamic Plugin SDK README
• PatternFly React Documentation
• OpenShift Console GitHub Repository
• Example ocp-console-plugin