The OVN Distributed Gateway Port

⚠

IMPORTANT: Do not delete the port with the prefix network:distributed ovnmeta from your project as this is a critical component of your networking. Deleting this will cause issues and require additional effort to recreate.

Overview

After creating a network and it's subnet in your OpenStack Flex project, you may notice a port with the prefixnetwork:distributed ovnmeta automatically created and listed in your Network > Ports section of the Skyline UI. This is an important infrastructure port that acts as a built-in utility for network segments, allowing new virtual machines to securely retrieve initial setup details like hostnames and login keys. This system port remains in the background without affecting regular internet traffic and appears as "DOWN" because it is permanent cloud infrastructure, not a user server.

What You Are Seeing

On your private subnet (e.g. 192.168.0.0/24), you may notice an infrastructure port with the following attributes:

• IP Address: 192.168.0.2
• Device Owner: network:distributed
• Administrative Status: DOWN

What Is This Port Used For?

When a virtual machine boots for the first time, it must securely fetch initial configuration metadata from the cloud orchestration layer, including:

• System Identity: Hostname and domain settings.
• Networking: Static IP assignments and routing tables.
• Security: Public SSH keys for administrative access.
• Automation: Initial setup instructions and custom cloud-init deployment parameters.

To deliver this data securely without exposing external endpoints, the platform provisions an isolated internal service endpoint inside your private subnet network namespace. This port represents that internal metadata topology.

Why Does the Port Show as "DOWN"?

The DOWN operational status is completely normal and expected.

• It is a logical plumbing endpoint rather than a physical or virtual interface attached to a guest operating system.
• It does not actively generate or route standard project data path traffic.
• Because it lacks an active, running compute instance attachment binding, the platform scheduler marks its state as DOWN.

This status does not indicate a network failure, an infrastructure outage, a system misconfiguration, or service degradation.

Is There Any Impact to My Virtual Machines?

No. Your cloud infrastructure is completely unaffected. Your active virtual machines will continue to perform all standard operations natively:

• Communicate with adjacent nodes across Layer 2 and Layer 3 typologies.
• Access external networks through default gateway paths.
• Bind and process ingress/egress traffic via Floating IPs.
• Power cycle, restart, and scale without disruption.

Should This Port Be Removed?

No. Do not attempt to force-delete this network asset.

• It is an architectural dependency managed strictly by the cloud backend logic.
• It is required to initialize future instances added to this subnet.
• Manually removing or altering this port will break cloud-init execution, preventing new virtual machines from launching or configuring correctly.

I Deleted This Port - Now What?

If you deleted or removed the IP from the OVN DGP you can correct the issue by performing the following steps.

1. In the Skyline UI navigate to Network > Networks
2. Click the hyperlinked ID for the impacted network.
3. Switch to the Subnets tab > Click Edit on the impacted Subnet
4. Click Expand Advanced Options in the window that appears
5. Toggle DHCP to Disabled and hit OK
6. Repeat steps 4 and 5, and set DHCP to Enabled.

This should resolve the issue and impact.

Alternative CLI Method

You can also perform these steps using the OpenStack CLI if you have access and prefer.

openstack subnet set --no-dhcp <subnet_name_or_id>

openstack subnet set --dhcp <subnet_name_or_id>

Technical Summary Reference