openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/networking/multiple_networks/use-cases-secondary-network.adoc

76 lines
5.3 KiB
Plaintext
Raw Permalink Blame History

:_mod-docs-content-type: ASSEMBLY
[id="use-cases-secondary-network"]
= Use cases for a secondary network
include::_attributes/common-attributes.adoc[]
:context: use-cases-secondary-network
toc::[]
[role="_abstract"]
You can use a secondary network in situations where you require network isolation, including data plane and control plane separation.
Isolating network traffic is useful for the following performance and security reasons:
* Performance
+
**Traffic management**: You can send traffic on two different planes to manage how much traffic is along each plane.
* Security
+
**Network isolation**: You can send sensitive traffic onto a network plane that is managed specifically for security considerations, and you can separate private data that must not be shared between tenants or customers.
All of the pods in the cluster still use the cluster-wide default network to maintain connectivity across the cluster. Every pod has an `eth0` interface that is attached to the cluster-wide pod network. You can view the interfaces for a pod by using the `oc exec -it <pod_name> \-- ip a` command. If you add secondary network interfaces that use the Multus Container Network Interface (CNI). These secondary networks are named `net1`, `net2`, and so on.
To attach secondary network interfaces to a pod, you must create configurations that define how the interfaces are attached. Use either a `UserDefinedNetwork` custom resource (CR) or a `NetworkAttachmentDefinition` CR to specify each interface. A CNI configuration inside each of these CRs defines how that interface is created.
//assembly not further modularized because the following section acts as an index page:
[id="additional-networks-provided_{context}"]
== Secondary networks in {product-title}
{product-title} provides the following CNI plugins for creating secondary networks in your cluster:
* *bridge*: To configure a bridge-based secondary network to allow pods on the same host to communicate with each other and the host, use the following procedure:
** xref:../../networking/multiple_networks/secondary_networks/creating-secondary-nwt-other-cni.adoc#nw-multus-bridge-object_configuring-additional-network-cni[Configure a bridge-based secondary network]
* *bond-cni*: To provide a method for aggregating multiple network interfaces into a single logical _bonded_ interface, use the following procedure:
** xref:../../networking/multiple_networks/secondary_networks/creating-secondary-nwt-other-cni.adoc#nw-multus-bond-cni-object_configuring-additional-network-cni[Configure a Bond CNI secondary network]
* *host-device*: To allow pods access to a physical Ethernet network device on the host system, use the following procedure:
** xref:../../networking/multiple_networks/secondary_networks/creating-secondary-nwt-other-cni.adoc#nw-multus-host-device-object_configuring-additional-network-cni[Configure a host-device secondary network]
* *ipvlan*: Allow pods on a host to communicate with other hosts and pods on those hosts, similar to a macvlan-based secondary network. Unlike a macvlan-based secondary network, each pod shares the same MAC address as the parent physical network interface. Use the following procedure:
** xref:../../networking/multiple_networks/secondary_networks/creating-secondary-nwt-other-cni.adoc#nw-multus-ipvlan-object_configuring-additional-network-cni[Configure an ipvlan-based secondary network]
* *VLAN*: To allow VLAN-based network isolation and connectivity for pods, use the following procedure:
** xref:../../networking/multiple_networks/secondary_networks/creating-secondary-nwt-other-cni.adoc#nw-multus-vlan-object_configuring-additional-network-cni[Configure a VLAN-based secondary network]
* *macvlan*: To allow pods on a host to communicate with other hosts and pods on those hosts by using a physical network interface. Each pod that is attached to a macvlan-based secondary network is provided a unique MAC address:
** xref:../../networking/multiple_networks/secondary_networks/creating-secondary-nwt-other-cni.adoc#nw-multus-macvlan-object_configuring-additional-network-cni[Configure a macvlan-based secondary network]
* *TAP*: A TAP device enables user space programs to send and receive network packets. To create a TAP device inside the container namespace, use the following procedure:
** xref:../../networking/multiple_networks/secondary_networks/creating-secondary-nwt-other-cni.adoc#nw-multus-tap-object_configuring-additional-network-cni[Configure a TAP-based secondary network]
* *SR-IOV*: To allow pods to attach to a virtual function (VF) interface on SR-IOV capable hardware on the host system.
** xref:../../networking/hardware_networks/about-sriov.adoc#about-sriov[Configure an SR-IOV based secondary network]
* *route-override*: To allow pods to override and set routes, use the following procedure:
** xref:../../networking/multiple_networks/secondary_networks/creating-secondary-nwt-other-cni.adoc#nw-route-override-cni_configuring-additional-network-cni[Configure a `route-override` based secondary network]
// UserDefinedNetwork and NetworkAttachmentDefinition support matrix
include::modules/support-matrix-for-udn-nad.adoc[leveloffset=+1]
[id="additional-resources_use-cases-secondary-network"]
[role="_additional-resources"]
== Additional resources
* xref:../../networking/ovn_kubernetes_network_provider/enabling-multicast.adoc#nw-ovn-kubernetes-enabling-multicast[Enabling multicast for a project]
View Git Blame Copy Permalink