Observing node network state

Node network state is the network configuration for all nodes in the cluster.

About nmstate

OpenShift Container Platform uses nmstate to report on and configure the state of the node network. This makes it possible to modify network policy configuration, such as by creating a Linux bridge on all nodes, by applying a single configuration manifest to the cluster.

Node networking is monitored and updated by the following objects:

NodeNetworkState

Reports the state of the network on that node.

NodeNetworkConfigurationPolicy

Describes the requested network configuration on nodes. You update the node network configuration, including adding and removing interfaces, by applying a NodeNetworkConfigurationPolicy manifest to the cluster.

NodeNetworkConfigurationEnactment

Reports the network policies enacted upon each node.

OpenShift Container Platform supports the use of the following nmstate interface types:

  • Linux Bridge

  • VLAN

  • Bond

  • Ethernet

If your OKD cluster uses OVN-Kubernetes as the default Container Network Interface (CNI) provider, you cannot attach a Linux bridge or bonding to the default interface of a host because of a change in the host network topology of OVN-Kubernetes. As a workaround, you can use a secondary network interface connected to your host, or switch to the OpenShift SDN default CNI provider.

Viewing the network state of a node

A NodeNetworkState object exists on every node in the cluster. This object is periodically updated and captures the state of the network for that node.

Procedure

  1. List all the NodeNetworkState objects in the cluster:

    1. $ oc get nns
  2. Inspect a NodeNetworkState object to view the network on that node. The output in this example has been redacted for clarity:

    1. $ oc get nns node01 -o yaml

    Example output

    1. apiVersion: nmstate.io/v1beta1
    2. kind: NodeNetworkState
    3. metadata:
    4. name: node01 (1)
    5. status:
    6. currentState: (2)
    7. dns-resolver:
    8. ...
    9. interfaces:
    10. ...
    11. route-rules:
    12. ...
    13. routes:
    14. ...
    15. lastSuccessfulUpdateTime: "2020-01-31T12:14:00Z" (3)
    1The name of the NodeNetworkState object is taken from the node.
    2The currentState contains the complete network configuration for the node, including DNS, interfaces, and routes.
    3Timestamp of the last successful update. This is updated periodically as long as the node is reachable and can be used to evalute the freshness of the report.