mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
132 lines
6.8 KiB
Plaintext
132 lines
6.8 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * networking/ovn_kubernetes_network_provider/configuring-secondary-networks.adoc
|
|
|
|
:_mod-docs-content-type: REFERENCE
|
|
[id="configuration-localnet-switched-topology_{context}"]
|
|
= Configuration for a localnet switched topology
|
|
|
|
[role="_abstract"]
|
|
The switched `localnet` topology interconnects the workloads created as Network Attachment Definitions (NADs) through a cluster-wide logical switch to a physical network.
|
|
|
|
You must map a secondary network to the OVS bridge to use it as an OVN-Kubernetes secondary network. Bridge mappings allow network traffic to reach the physical network. A bridge mapping associates a physical network name, also known as an interface label, to a bridge created with Open vSwitch (OVS).
|
|
|
|
You can create an `NodeNetworkConfigurationPolicy` (NNCP) object, part of the `nmstate.io/v1` API group, to declaratively create the mapping. This API is provided by the NMState Operator. By using this API you can apply the bridge mapping to nodes that match your specified `nodeSelector` expression, such as `node-role.kubernetes.io/worker: ''`. With this declarative approach, the NMState Operator applies secondary network configuration to all nodes specified by the node selector automatically and transparently.
|
|
|
|
When attaching a secondary network, you can either use the existing `br-ex` bridge or create a new bridge. Which approach to use depends on your specific network infrastructure. Consider the following approaches:
|
|
|
|
- If your nodes include only a single network interface, you must use the existing bridge. This network interface is owned and managed by OVN-Kubernetes and you must not remove it from the `br-ex` bridge or alter the interface configuration. If you remove or alter the network interface, your cluster network stops working correctly.
|
|
- If your nodes include several network interfaces, you can attach a different network interface to a new bridge, and use that for your secondary network. This approach provides for traffic isolation from your primary cluster network.
|
|
|
|
[NOTE]
|
|
====
|
|
You cannot make configuration changes to the `br-ex` bridge or its underlying interfaces in the `NodeNetworkConfigurationPolicy` (NNCP) resource as a postinstallation task. As a workaround, use a secondary network interface connected to your host or switch.
|
|
====
|
|
|
|
The `localnet1` network is mapped to the `br-ex` bridge in the following sharing-a-bridge example:
|
|
|
|
[source,yaml]
|
|
----
|
|
apiVersion: nmstate.io/v1
|
|
kind: NodeNetworkConfigurationPolicy
|
|
metadata:
|
|
name: mapping
|
|
spec:
|
|
nodeSelector:
|
|
node-role.kubernetes.io/worker: ''
|
|
desiredState:
|
|
ovn:
|
|
bridge-mappings:
|
|
- localnet: localnet1
|
|
bridge: br-ex
|
|
state: present
|
|
----
|
|
+
|
|
where:
|
|
+
|
|
`metadata.name`:: The name for the configuration object.
|
|
`spec.nodeSelector.node-role.kubernetes.io/worker`:: A node selector that specifies the nodes to apply the node network configuration policy to.
|
|
`spec.desiredState.ovn.bridge-mappings.localnet`:: The name for the secondary network from which traffic is forwarded to the OVS bridge. This secondary network must match the name of the `spec.config.name` field of the `NetworkAttachmentDefinition` CRD that defines the OVN-Kubernetes secondary network.
|
|
`spec.desiredState.ovn.bridge-mappings.bridge`:: The name of the OVS bridge on the node. This value is required only if you specify `state: present`.
|
|
`spec.desiredState.ovn.bridge-mappings.state`:: The state for the mapping. Must be either `present` to add the bridge or `absent` to remove the bridge. The default value is `present`.
|
|
+
|
|
The following JSON example configures a localnet secondary network that is named `localnet1`. Note that the value for the `mtu` parameter must match the MTU value that was set for the secondary network interface that is mapped to the `br-ex` bridge interface.
|
|
|
|
[source,json]
|
|
----
|
|
{
|
|
"cniVersion": "0.3.1",
|
|
"name": "localnet1",
|
|
"type": "ovn-k8s-cni-overlay",
|
|
"topology":"localnet",
|
|
"physicalNetworkName": "localnet1",
|
|
"subnets": "202.10.130.112/28",
|
|
"vlanID": 33,
|
|
"mtu": 1500,
|
|
"netAttachDefName": "ns1/localnet-network",
|
|
"excludeSubnets": "10.100.200.0/29"
|
|
}
|
|
----
|
|
|
|
In the following multiple interfaces example, the `localnet2` network interface is attached to the `ovs-br1` bridge. Through this attachment, the network interface is available to the OVN-Kubernetes network plugin as a secondary network.
|
|
|
|
[source,yaml]
|
|
----
|
|
apiVersion: nmstate.io/v1
|
|
kind: NodeNetworkConfigurationPolicy
|
|
metadata:
|
|
name: ovs-br1-multiple-networks
|
|
spec:
|
|
nodeSelector:
|
|
node-role.kubernetes.io/worker: ''
|
|
desiredState:
|
|
interfaces:
|
|
- name: ovs-br1
|
|
description: |-
|
|
A dedicated OVS bridge with eth1 as a port
|
|
allowing all VLANs and untagged traffic
|
|
type: ovs-bridge
|
|
state: up
|
|
bridge:
|
|
allow-extra-patch-ports: true
|
|
options:
|
|
stp: false
|
|
mcast-snooping-enable: true
|
|
port:
|
|
- name: eth1
|
|
ovn:
|
|
bridge-mappings:
|
|
- localnet: localnet2
|
|
bridge: ovs-br1
|
|
state: present
|
|
----
|
|
+
|
|
where:
|
|
+
|
|
`metadata.name`:: Specifies the name of the configuration object.
|
|
`node-role.kubernetes.io/worker`:: Specifies a node selector that identifies the nodes to which the node network configuration policy applies.
|
|
`desiredState.interfaces.name`:: Specifies a new OVS bridge that operates separately from the default bridge used by OVN-Kubernetes for cluster traffic.
|
|
`options.mcast-snooping-enable`:: Specifies whether to enable multicast snooping. When enabled, multicast snooping prevents network devices from flooding multicast traffic to all network members. By default, an OVS bridge does not enable multicast snooping. The default value is `false`.
|
|
`bridge.port.name`:: Specifies the network device on the host system to associate with the new OVS bridge.
|
|
`ovn.bridge-mappings.localnet`:: Specifies the name of the secondary network that forwards traffic to the OVS bridge. This name must match the value of the `spec.config.name` field in the `NetworkAttachmentDefinition` CRD that defines the OVN-Kubernetes secondary network.
|
|
`ovn.bridge-mappings.bridge`:: Specifies the name of the OVS bridge on the node. The value is required only when `state: present` is set.
|
|
`ovn.bridge-mappings.state`:: Specifies the state of the mapping. Valid values are `present` to add the bridge or `absent` to remove the bridge. The default value is `present`.
|
|
+
|
|
The following JSON example configures a localnet secondary network that is named `localnet2`. Note that the value for the `mtu` parameter must match the MTU value that was set for the `eth1` secondary network interface.
|
|
|
|
[source,json]
|
|
----
|
|
{
|
|
"cniVersion": "0.3.1",
|
|
"name": "localnet2",
|
|
"type": "ovn-k8s-cni-overlay",
|
|
"topology":"localnet",
|
|
"physicalNetworkName": "localnet2",
|
|
"subnets": "202.10.130.112/28",
|
|
"vlanID": 33,
|
|
"mtu": 1500,
|
|
"netAttachDefName": "ns1/localnet-network",
|
|
"excludeSubnets": "10.100.200.0/29"
|
|
}
|
|
----
|