You can configure a network attachment for an Single Root I/O Virtualization (SR-IOV) device in the cluster.

Configuring SR-IOV additional network

You can configure an additional network that uses SR-IOV hardware by creating a SriovNetwork custom resource (CR). When you create a SriovNetwork CR, the SR-IOV Operator automatically creates a NetworkAttachmentDefinition CR.

Do not modify or delete a SriovNetwork CR if it is attached to any Pods in the running state.

Prerequisites
  • Install the OpenShift Command-line Interface (CLI), commonly known as oc.

  • Log in as a user with cluster-admin privileges.

Procedure
  1. Create the following SriovNetwork CR, and then save the YAML in the <name>-sriov-network.yaml file. Replace <name> with a name for this additional network.

apiVersion: sriovnetwork.openshift.io/v1
kind: SriovNetwork
metadata:
  name: <name> (1)
  namespace: openshift-sriov-network-operator (2)
spec:
  resourceName: <sriov_resource_name> (3)
  networkNamespace: <target_namespace> (4)
  vlan: <vlan> (5)
  spoofChk: "<spoof_check>" (6)
  ipam: {} (7)
  linkState: <link_state> (8)
  maxTxRate: <max_tx_rate> (9)
  minTxRate: <min_rx_rate> (10)
  vlanQoS: <vlan_qos> (11)
  trust: "<trust_vf>" (12)
  capabilities: <capabilities> (13)
1 Replace <name> with a name for the CR. The SR-IOV Network Operator creates a NetworkAttachmentDefinition CR with same name.
2 Specify the namespace where the SR-IOV Operator is installed.
3 Replace <sriov_resource_name> with the value for the .spec.resourceName parameter from the SriovNetworkNodePolicy CR that defines the SR-IOV hardware for this additional network.
4 Replace <target_namespace> with the target namespace for the SriovNetwork. Only Pods in the target namespace can attach to the SriovNetwork.
5 Optional: Replace <vlan> with a Virtual LAN (VLAN) ID for the additional network. The integer value must be from 0 to 4095. The default value is 0.
6 Optional: Replace <spoof_check> with the spoof check mode of the VF. The allowed values are the strings "on" and "off".

You must enclose the value you specify in quotes or the CR is rejected by the SR-IOV Network Operator.

7 A configuration object for the IPAM CNI plug-in as a YAML block scalar. The plug-in manages IP address assignment for the attachment definition.

If you do not specify an IPAM configuration, you need to include an empty ipam: {} parameter for the SriovNetwork CR to be created. For more information, see BZ#1859231.

8 Optional: Replace <link_state> with the link state of virtual function (VF). Allowed value are enable, disable and auto.
9 Optional: Replace <max_tx_rate> with a maximum transmission rate, in Mbps, for the VF.
10 Optional: Replace <min_tx_rate> with a minimum transmission rate, in Mbps, for the VF. This value should always be less than or equal to Maximum transmission rate.

Intel NICs do not support the minTxRate parameter. For more information, see BZ#1772847.

11 Optional: Replace <vlan_qos> with an IEEE 802.1p priority level for the VF. The default value is 0.
12 Optional: Replace <trust_vf> with the trust mode of the VF. The allowed values are the strings "on" and "off".

You must enclose the value you specify in quotes or the CR is rejected by the SR-IOV Network Operator.

13 Optional: Replace <capabilities> with the capabilities to configure for this network. You can specify "{ "ips": true }" to enable IP address support or "{ "mac": true }" to enable MAC address support.
  1. To create the CR object, enter the following command. Replace <name> with a name for this additional network.

    $ oc create -f <name>-sriov-network.yaml
  2. Optional: To confirm that the NetworkAttachmentDefinition CR associated with the SriovNetwork CR that you created in the previous step exists, enter the following command. Replace <namespace> with the namespace you specified in the SriovNetwork CR.

    $ oc get net-attach-def -n <namespace>

Configuration for ipam CNI plug-in

The ipam Container Network Interface (CNI) plug-in provides IP address management (IPAM) for other CNI plug-ins.

You can use the following methods for IP address assignment:

  • Static assignment.

  • Dynamic assignment through a DHCP server. The DHCP server you specify must be reachable from the additional network.

  • Dynamic assignment through the Whereabouts IPAM CNI plug-in.

Static IP address assignment configuration

The following JSON describes the configuration for static IP address assignment:

Static assignment configuration
{
  "ipam": {
    "type": "static",
    "addresses": [ (1)
      {
        "address": "<address>", (2)
        "gateway": "<gateway>" (3)
      }
    ],
    "routes": [ (4)
      {
        "dst": "<dst>" (5)
        "gw": "<gw>" (6)
      }
    ],
    "dns": { (7)
      "nameservers": ["<nameserver>"], (8)
      "domain": "<domain>", (9)
      "search": ["<search_domain>"] (10)
    }
  }
}
1 An array describing IP addresses to assign to the virtual interface. Both IPv4 and IPv6 IP addresses are supported.
2 An IP address that you specify.
3 The default gateway to route egress network traffic to.
4 An array describing routes to configure inside the Pod.
5 The IP address range in CIDR format.
6 The gateway where network traffic is routed.
7 Optional: DNS configuration.
8 An of array of one or more IP addresses for to send DNS queries to.
9 The default domain to append to a host name. For example, if the domain is set to example.com, a DNS lookup query for example-host is rewritten as example-host.example.com.
10 An array of domain names to append to an unqualified host name, such as example-host, during a DNS lookup query.

Dynamic IP address assignment configuration

The following JSON describes the configuration for dynamic IP address address assignment with DHCP.

Renewal of DHCP leases

A Pod obtains its original DHCP lease when it is created. The lease must be periodically renewed by a minimal DHCP server deployment running on the cluster.

The SR-IOV Network Operator does not create a DHCP server deployment; The Cluster Network Operator is responsible for creating the minimal DHCP server deployment.

To trigger the deployment of the DHCP server, you must create a shim network attachment by editing the Cluster Network Operator configuration, as in the following example:

Example shim network attachment definition
apiVersion: operator.openshift.io/v1
kind: Network
metadata:
  name: cluster
spec:
  ...
  additionalNetworks:
  - name: dhcp-shim
    namespace: default
    rawCNIConfig: |-
    {
      "name": "dhcp-shim",
      "cniVersion": "0.3.1",
      "type": "bridge",
      "master": "ens5",
      "ipam": {
        "type": "dhcp"
      }
    }
DHCP assignment configuration
{
  "ipam": {
    "type": "dhcp"
  }
}

Dynamic IP address assignment configuration with Whereabouts

The Whereabouts CNI plug-in allows the dynamic assignment of an IP address to an additional network without the use of a DHCP server.

The following JSON describes the configuration for dynamic IP address assignment with Whereabouts:

Whereabouts assignment configuration
{
  "ipam": {
    "type": "whereabouts",
    "range": "<range>", (1)
    "exclude": ["<exclude_part>, ..."], (2)
  }
}
1 Specify an IP address and range in CIDR notation. IP addresses are assigned from within this range of addresses.
2 Optional: Specify a list of IP addresses and ranges in CIDR notation. IP addresses within an excluded address range are not assigned.

Static IP address assignment configuration example

You can configure ipam for static IP address assignment:

{
  "ipam": {
    "type": "static",
      "addresses": [
        {
          "address": "191.168.1.1/24"
        }
      ]
  }
}

Dynamic IP address assignment configuration example using DHCP

You can configure ipam for DHCP:

{
  "ipam": {
    "type": "dhcp"
  }
}

Dynamic IP address assignment configuration example using Whereabouts

You can configure ipam to use Whereabouts:

{
  "ipam": {
    "type": "whereabouts",
    "range": "192.0.2.192/27",
    "exclude": [
       "192.0.2.192/30",
       "192.0.2.196/32"
    ]
  }
}

Configuring static MAC and IP addresses on additional SR-IOV networks

You can configure static MAC and IP addresses on an SR-IOV network by specifying Container Network Interface (CNI) runtimeConfig data in a Pod annotation.

Prerequisites
  • Install the OpenShift Container Platform Command-line Interface (CLI), commonly known as oc.

  • Log in as a user with cluster-admin privileges when creating the SriovNetwork CR.

Procedure
  1. Create the following SriovNetwork CR, and then save the YAML in the <name>-sriov-network.yaml file. Replace <name> with a name for this additional network.

    apiVersion: sriovnetwork.openshift.io/v1
    kind: SriovNetwork
    metadata:
      name: <name> (1)
      namespace: openshift-sriov-network-operator (2)
    spec:
      networkNamespace: <target_namespace> (3)
      ipam: '{ "type": "static" }' (4)
      capabilities: '{ "mac": true, "ips": true }' (5)
      resourceName: <sriov_resource_name> (6)
    1 Replace <name> with a name for the CR. The SR-IOV Network Operator creates a NetworkAttachmentDefinition CR with same name.
    2 Specify the namespace where the SR-IOV Network Operator is installed.
    3 Replace <target_namespace> with the namespace where the NetworkAttachmentDefinition CR is created.
    4 Specify static type for the ipam CNI plug-in as a YAML block scalar.
    5 Specify mac and ips capabilities to true.
    6 Replace <sriov_resource_name> with the value for the spec.resourceName parameter from the SriovNetworkNodePolicy CR that defines the SR-IOV hardware for this additional network.
  2. Create the CR by running the following command:

    $ oc create -f <filename> (1)
    1 Replace <filename> with the name of the file you created in the previous step.
  3. Optional: Confirm that the NetworkAttachmentDefinition CR associated with the SriovNetwork CR that you created in the previous step exists by running the following command. Replace <namespace> with the namespace you specified in the SriovNetwork CR.

    $ oc get net-attach-def -n <namespace>

Do not modify or delete a SriovNetwork Custom Resource (CR) if it is attached to any Pods in the running state.

  1. Create the following SR-IOV pod spec, and then save the YAML in the <name>-sriov-pod.yaml file. Replace <name> with a name for this pod.

    apiVersion: v1
    kind: Pod
    metadata:
      name: sample-pod
      annotations:
        k8s.v1.cni.cncf.io/networks: '[
    	{
    		"name": "<name>", (1)
    		"mac": "20:04:0f:f1:88:01", (2)
    		"ips": ["192.168.10.1/24", "2001::1/64"] (3)
    	}
    ]'
    spec:
      containers:
      - name: sample-container
        image: <image>
        imagePullPolicy: IfNotPresent
        command: ["sleep", "infinity"]
    1 Specify the name of the SR-IOV network attachment definition CR.
    2 Specify the MAC address for the SR-IOV device that is allocated from the resource type defined in the SR-IOV network attachment definition CR.
    3 Specify addresses for the SR-IOV device which is allocated from the resource type defined in the SR-IOV network attachment definition CR. Both IPv4 and IPv6 addresses are supported.
  2. Create the sample SR-IOV pod by running the following command:

    $ oc create -f <filename> (1)
    1 Replace <filename> with the name of the file you created in the previous step.
  3. Optional: Confirm that mac and ips addresses are applied to the SR-IOV device by running the following command. Replace <namespace> with the namespace you specified in the SriovNetwork CR.

    $ oc exec sample-pod -n <namespace> -- ip addr show