Configure the network

Direct attachment using a Linux bridge on a second OSA NIC

This approach attaches the VM guest directly to the external network using a second OSA NIC and a Linux bridge. The NMState Operator is required for configuration.

• Advantages
  • High Performance: Direct network attachment minimizes latency and maximizes throughput.
  • Flexibility: Full control over NIC settings, VLANs, and advanced networking features.
  • Isolation: Management and application traffic can be separated across NICs for better security and performance.
• Disadvantages
  • Complexity: Requires NMState configuration and familiarity with declarative networking.
  • Operational Overhead: More steps for setup and maintenance compared to simpler solutions.
  • MAC Address Limitation: In some cases, each VM NIC must register its MAC on the OSA adapter, which can hit hardware limits in large environments.

SSH access using a Load Balancer Service

This approach exposes SSH through a Load Balancer Service, using the MetalLB Operator to provide an external IP.

• Advantages
  • Ease of use: Simple to configure and manage, centralized access point for SSH.
  • Quick setup: Ideal for environments where speed and simplicity are priorities.
  • No MAC scaling issues: Pods and services use cluster IP addresses, avoiding OSA MAC table pressure.
• Disadvantages
  • Performance overhead: Adds an extra hop through the Load Balancer Service, which can slightly increase latency.
  • Single point of failure: If the Load Balancer Service fails, SSH access is disrupted.

Summary

Performance priority → Linux Bridge + Second NIC (NMState)

Best for high-throughput, low-latency workloads or when network isolation is critical.

Ease of use priority → SSH over Load Balancer Service (MetalLB)

Best for simple, centralized access in smaller or less performance-sensitive environments.