I have a similar setup - my hosts run CentOS 7, and we allow the VMs to be connected to the infrastructure outside ONe using bridges (and, differing from your setup, using VLANs). I have an interface “eth0”, statically configured using ifcfg-eth0, and connected to a VLAN dedicated for ONe physical hosts only. Then I have several VLANs I want my VMs to have access to. For each VLAN I have the vlanXY interface with PHYSDEV=eth0, the ethernet switch sends that VLAN as dot1x tagged traffic to the physical host, and on each physical host I also have a brXY bridge interface with no address, to which both the vlanXY interface and one-XXX-Y tun/tap interfaces are added.
Everything on physical hosts is statically configured, ONe just knows that it has to add a newly deployed VM to the brXY bridge accordingly.
Just don’t use the virbr0 interface, which is internal to libvirt and it is somewhat outside of both host OS and ONe control. You can even delete it using virsh net-undefine default, but I did not even bother.
FWIW, vxlan requires support for jumbo frames on your physical infrastructure (ethernet switches and Linux hosts). Some of the HW I use is too old and does not support jumbo frames at all.