Attach a ClusterUserDefinedNetwork (CUDN) on a secondary adapter
You can deploy a ClusterUserDefinedNetwork (CUDN) custom resource (CR) to connect workloads to an existing physical underlay (VLAN/L2 segment). The localnet topology requires additional OVS configuration on nodes and uses an OVN bridge mapping that points to an OVS bridge connected to a second physical NIC or HiperSockets. This approach separates your secondary NIC (OSA, HiperSockets) from the default pod network, providing traffic isolation, improved performance, and security.
Prerequisites
- You have the NMState Operator installed. The CUDN localnet workflow explicitly relies on NMState policies to map the OVN network to an OVS bridge.
- Your compute nodes have a secondary NIC that is not used by the default node networking.
- You have enabled learning mode on the OSA adapter or HiperSockets. For details, see Packet-handling configuration
Required steps
You require an OVS bridge and need to attach the NIC.
- Create a
NodeNetworkConfigurationPolicy(NNCP) for the OVS bridge by using the following YAML:apiVersion: nmstate.io/v1 kind: NodeNetworkConfigurationPolicy metadata: name: br-hs1-enc7000-policy spec: nodeSelector: node-role.kubernetes.io/worker: "" desiredState: interfaces: - name: enc7000 type: ethernet state: up ethtool: feature: rx-vlan-filter: false ipv4: enabled: false ipv6: enabled: false - name: br-hs1 description: OVS bridge with HS enc7000 as a port type: ovs-bridge state: up bridge: allow-extra-patch-ports: true options: stp: enabled: false port: - name: enc7000 - Apply the YAML file by running the following
command:
oc apply -f <yaml_filename> - Verify that the policy is successfully configured by running the following
command:
oc get nncp <yaml_filename> -o yaml - List the
NodeNetworkStateobjects in the cluster by running the following command:oc get nns -A -o yaml - Create the mapping to the OVS bridge manifest by using the following YAML:
apiVersion: nmstate.io/v1 kind: NodeNetworkConfigurationPolicy metadata: name: localnet-hs-policy spec: nodeSelector: node-role.kubernetes.io/worker: "" desiredState: ovn: bridge-mappings: - localnet: localnet-hs bridge: br-hs1 state: present - Apply the YAML file by running the following
command:
oc apply -f <yaml_filename> - Create namespaces for the CUDN by running the following
command:
oc new-project cudn-hs - Create a
ClusterUserDefinedNetworkobject for the localnet secondary network by using the following YAML:apiVersion: k8s.ovn.org/v1 kind: ClusterUserDefinedNetwork metadata: name: cudn-localnet-br-hs1 spec: namespaceSelector: matchExpressions: - key: kubernetes.io/metadata.name operator: In values: ["cudn-hs"] network: topology: Localnet localnet: subnets: - "10.10.10.0/24" role: Secondary physicalNetworkName: localnet-hs ipam: {lifecycle: Persistent} - Apply the YAML file by running the following
command:
oc apply -f <yaml_filename>The
NetworkAttachmentDefinition(NAD) is created automatically by using the defined settings in CUDN YAML file. - To attach the NIC to the VMs, open the YAML configuration file for the virtual machine by
running the following command:
oc edit vm <vm_name> - Add the following details to the YAML:
devices: disks: - disk: bus: virtio name: rootdisk - disk: bus: virtio name: cloudinitdisk interfaces: - macAddress: 02:19:0f:8a:0c:1b masquerade: {} model: virtio name: default - bridge: {} model: virtio name: nic-hs1 state: up [...] networks: - name: default pod: {} - multus: networkName: cudn-localnet-br-hs1 name: nic-hs1 - Save the YAML file.
- To apply the changes, restart the VM by running the following
command:
virtctl restart <vm_name>