Migrating a virtual machine over a dedicated secondary network

You can configure a dedicated secondary Multus network for live migration. A dedicated network minimizes disruption to tenant workloads due to network saturation when virtual machine live migration is triggered.

Configuring a dedicated secondary network for virtual machine live migration

To configure a dedicated secondary network for live migration, you must first create a bridge network attachment definition for a namespace by using the CLI. Then, add the name of the NetworkAttachmentDefinition object to the HyperConverged custom resource (CR).

Prerequisites

  • You installed the OpenShift CLI (oc).

  • You logged in to the cluster as a user with the cluster-admin role.

  • The Multus Container Network Interface (CNI) plug-in is installed on the cluster.

  • Every node on the cluster has at least two Network Interface Cards (NICs), and the NICs to be used for live migration are connected to the same VLAN.

  • The virtual machine (VM) is running with the LiveMigrate eviction strategy.

Procedure

  1. Create a NetworkAttachmentDefinition manifest.

    Example configuration file

    1. apiVersion: "k8s.cni.cncf.io/v1"
    2. kind: NetworkAttachmentDefinition
    3. metadata:
    4.   name: my-secondary-network (1)
    5.   namespace: openshift-cnv
    6. spec:
    7.   config: '{
    8.     "cniVersion": "0.3.1",
    9.     "name": "migration-bridge",
    10.     "type": "macvlan",
    11.     "master": "eth1", (2)
    12.     "mode": "bridge",
    13.     "ipam": {
    14.       "type": "whereabouts", (3)
    15.       "range": "10.200.5.0/24" (4)
    16.     }
    17.   }'
    1The name of the NetworkAttachmentDefinition object.
    2The name of the NIC to be used for live migration.
    3The name of the CNI plug-in that provides the network for this network attachment definition.
    4The IP address range for the secondary network. This range must not have any overlap with the IP addresses of the main network.

  2. Open the HyperConverged CR in your default editor by running the following command:

    1. oc edit hyperconverged kubevirt-hyperconverged -n openshift-cnv

  3. Add the name of the NetworkAttachmentDefinition object to the spec.liveMigrationConfig stanza of the HyperConverged CR. For example:

    Example configuration file

    1. apiVersion: hco.kubevirt.io/v1beta1
    2. kind: HyperConverged
    3. metadata:
    4.   name: kubevirt-hyperconverged
    5. spec:
    6.   liveMigrationConfig:
    7.     completionTimeoutPerGiB: 800
    8.     network: my-secondary-network  (1)
    9.     parallelMigrationsPerCluster: 5
    10.     parallelOutboundMigrationsPerNode: 2
    11.     progressTimeout: 150
    12. ...
    1The name of the Multus NetworkAttachmentDefinition object to be used for live migrations.

  4. Save your changes and exit the editor. The virt-handler pods restart and connect to the secondary network.

Verification

  • When the node that the virtual machine runs on is placed into maintenance mode, the VM automatically migrates to another node in the cluster. You can verify that the migration occurred over the secondary network and not the default pod network by checking the target IP address in the virtual machine instance (VMI) metadata.

    1. oc get vmi <vmi_name> -o jsonpath='{.status.migrationState.targetNodeAddress}'

Additional resources