1. Documentation
    2. history bug_report picture_as_pdf
×

Connecting a virtual machine to an OVN-Kubernetes secondary network

edit

You can connect a virtual machine (VM) to an Open Virtual Network (OVN)-Kubernetes secondary network. OpenShift Virtualization supports the layer 2 and localnet topologies for OVN-Kubernetes.

  • A layer 2 topology connects workloads by a cluster-wide logical switch. The OVN-Kubernetes Container Network Interface (CNI) plug-in uses the Geneve (Generic Network Virtualization Encapsulation) protocol to create an overlay network between nodes. You can use this overlay network to connect VMs on different nodes, without having to configure any additional physical networking infrastructure.

  • A localnet topology connects the secondary network to the physical underlay. This enables both east-west cluster traffic and access to services running outside the cluster, but it requires additional configuration of the underlying Open vSwitch (OVS) system on cluster nodes.

To configure an OVN-Kubernetes secondary network and attach a VM to that network, perform the following steps:

  1. Configure an OVN-Kubernetes secondary network by creating a network attachment definition (NAD).

  2. Connect the VM to the OVN-Kubernetes secondary network by adding the network details to the VM specification.

edit

Creating an OVN-Kubernetes NAD

You can create an OVN-Kubernetes layer 2 or localnet network attachment definition (NAD) by using the Red Hat OpenShift Service on AWS web console or the CLI.

Configuring IP address management (IPAM) in a network attachment definition for virtual machines is not supported.
edit

Creating a NAD for layer 2 topology using the CLI

You can create a network attachment definition (NAD) which describes how to attach a pod to the layer 2 overlay network.

Prerequisites

  • You have access to the cluster as a user with cluster-admin privileges.

  • You have installed the OpenShift CLI (oc).

Procedure

  1. Create a NetworkAttachmentDefinition object:

    apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  name: l2-network
  namespace: my-namespace
spec:
  config: |2
    {
            "cniVersion": "0.3.1", (1)
            "name": "my-namespace-l2-network", (2)
            "type": "ovn-k8s-cni-overlay", (3)
            "topology":"layer2", (4)
            "mtu": 1300, (5)
            "netAttachDefName": "my-namespace/l2-network" (6)
    }
    1 The CNI specification version. The required value is 0.3.1.
    2 The name of the network. This attribute is not namespaced. For example, you can have a network named l2-network referenced from two different NetworkAttachmentDefinition objects that exist in two different namespaces. This feature is useful to connect VMs in different namespaces.
    3 The name of the CNI plug-in to be configured. The required value is ovn-k8s-cni-overlay.
    4 The topological configuration for the network. The required value is layer2.
    5 Optional: The maximum transmission unit (MTU) value. The default value is automatically set by the kernel.
    6 The value of the namespace and name fields in the metadata stanza of the NetworkAttachmentDefinition object.

    The above example configures a cluster-wide overlay without a subnet defined. This means that the logical switch implementing the network only provides layer 2 communication. You must configure an IP address when you create the virtual machine by either setting a static IP address or by deploying a DHCP server on the network for a dynamic IP address.

  2. Apply the manifest:

    $ oc apply -f <filename>.yaml
edit

Creating a NAD for localnet topology using the CLI

You can create a network attachment definition (NAD) which describes how to attach a pod to the underlying physical network.

Prerequisites

  • You have access to the cluster as a user with cluster-admin privileges.

  • You have installed the OpenShift CLI (oc).

  • You have installed the Kubernetes NMState Operator.

  • You have created a NodeNetworkConfigurationPolicy object to map the OVN-Kubernetes secondary network to an Open vSwitch (OVS) bridge.

Procedure

  1. Create a NetworkAttachmentDefinition object:

    apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  name: localnet-network
  namespace: default
spec:
  config: |2
    {
            "cniVersion": "0.3.1", (1)
            "name": "localnet-network", (2)
            "type": "ovn-k8s-cni-overlay", (3)
            "topology": "localnet", (4)
            "netAttachDefName": "default/localnet-network" (5)
    }
    1 The CNI specification version. The required value is 0.3.1.
    2 The name of the network. This attribute must match the value of the spec.desiredState.ovn.bridge-mappings.localnet field of the NodeNetworkConfigurationPolicy object that defines the OVS bridge mapping.
    3 The name of the CNI plug-in to be configured. The required value is ovn-k8s-cni-overlay.
    4 The topological configuration for the network. The required value is localnet.
    5 The value of the namespace and name fields in the metadata stanza of the NetworkAttachmentDefinition object.

  2. Apply the manifest:

    $ oc apply -f <filename>.yaml

Attaching a virtual machine to the OVN-Kubernetes secondary network

You can attach a virtual machine (VM) to the OVN-Kubernetes secondary network interface by using the Red Hat OpenShift Service on AWS web console or the CLI.

edit

Attaching a virtual machine to an OVN-Kubernetes secondary network using the CLI

You can connect a virtual machine (VM) to the OVN-Kubernetes secondary network by including the network details in the VM configuration.

Prerequisites

  • You have access to the cluster as a user with cluster-admin privileges.

  • You have installed the OpenShift CLI (oc).

Procedure

  1. Edit the VirtualMachine manifest to add the OVN-Kubernetes secondary network interface details, as in the following example:

    apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
  name: vm-server
spec:
  running: true
  template:
    spec:
      domain:
        devices:
          interfaces:
          - name: default
            masquerade: {}
          - name: secondary (1)
            bridge: {}
        resources:
          requests:
            memory: 1024Mi
      networks:
      - name: default
        pod: {}
      - name: secondary  (2)
        multus:
          networkName: <nad_name> (3)
# ...
    1 The name of the OVN-Kubernetes secondary interface.
    2 The name of the network. This must match the value of the spec.template.spec.domain.devices.interfaces.name field.
    3 The name of the NetworkAttachmentDefinition object.

  2. Apply the VirtualMachine manifest:

    $ oc apply -f <filename>.yaml

  3. Optional: If you edited a running virtual machine, you must restart it for the changes to take effect.

edit

Creating a NAD for layer 2 topology by using the web console

You can create a network attachment definition (NAD) that describes how to attach a pod to the layer 2 overlay network.

Prerequisites

  • You have access to the cluster as a user with cluster-admin privileges.

Procedure

  1. Go to NetworkingNetworkAttachmentDefinitions in the web console.

  2. Click Create Network Attachment Definition. The network attachment definition must be in the same namespace as the pod or virtual machine using it.

  3. Enter a unique Name and optional Description.

  4. Select OVN Kubernetes L2 overlay network from the Network Type list.

  5. Click Create.

edit

Creating a NAD for localnet topology using the web console

You can create a network attachment definition (NAD) to connect workloads to a physical network by using the Red Hat OpenShift Service on AWS web console.

Prerequisites

  • You have access to the cluster as a user with cluster-admin privileges.

  • Use nmstate to configure the localnet to OVS bridge mappings.

Procedure

  1. Navigate to NetworkingNetworkAttachmentDefinitions in the web console.

  2. Click Create Network Attachment Definition. The network attachment definition must be in the same namespace as the pod or virtual machine using it.

  3. Enter a unique Name and optional Description.

  4. Select OVN Kubernetes secondary localnet network from the Network Type list.

  5. Enter the name of your pre-configured localnet identifier in the Bridge mapping field.

  6. Optional: You can explicitly set MTU to the specified value. The default value is chosen by the kernel.

  7. Optional: Encapsulate the traffic in a VLAN. The default value is none.

  8. Click Create.