Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

How OpenShift Virtualization supports VM live migration

A dedicated network for VM live migration in OpenShift Virtualization using localnet

June 5, 2025
Mohammed Salih Puthenpurayil
Related topics:
Virtualization
Related products:
Red Hat OpenShiftRed Hat OpenShift Container PlatformRed Hat OpenShift Virtualization

Share:

    In certain situations requiring enhanced performance, reliability, security, and manageability, you can isolate virtual machine (VM) live migration traffic on a dedicated network within Red Hat OpenShift Virtualization. You use a NodeNetworkConfigurationPolicy (NNCP) provided by the Nmstate Operator to create an Open vSwitch (OVS) bridge with a NetworkAttachmentDefinition (NAD) referencing that bridge. This configuration allows OpenShift Virtualization to utilize a separate physical network or VLAN for migration data. This article provides a step-by-step guide for this setup.

    Create a NodeNetworkConfigurationPolicy (NNCP)

    A NodeNetworkConfigurationPolicy (NNCP) refers to how you apply network configuration to your cluster nodes during day 2 operations. You can apply these settings in a simple YAML format or use the Red Hat OpenShift web console GUI to configure additional networks and bridges. 

    Follow these steps to create a NodeNetworkConfigurationPolicy (Figure 1):

    1. In the OpenShift web console UI, navigate to Networking → NodeNetworkConfigurationPolicy. 

    2. Click Create → From Form and fill in the form as per your requirements. 

    NNCP Configuration
    Figure 1: Configuring NNCP in the OpenShift web console.

    Key points to note on this page include:

    • br-lm This is the interface name of the bridge.
    • Type: ovs-bridge This tells Nmstate to create an Open vSwitch (OVS) bridge.
    • OVN localnet name: ovs-lm This is the name of the localnet mapping to the OVS bridge.
    • OVN bridge name: br-lm This is the name of the OVS bridge specified in ovs-bridge.

    The following is the YAML definition of the NNCP:

    apiVersion: nmstate.io/v1
    kind: NodeNetworkConfigurationPolicy
    metadata:
      annotations:
        description: Network configuration for enp4s0 on all nodes
      name: live-migration
    spec:
      desiredState:
        interfaces:
          - bridge:
              allow-extra-patch-ports: true
              options:
                stp: false
              port:
                - name: enp4s0
                - name: br-lm
            name: br-lm
            state: up
            type: ovs-bridge
        ovn:
          bridge-mappings:
            - bridge: br-lm
              localnet: ovs-lm
              state: present

    Create a NetworkAttachmentDefinition (NAD)

    A NetworkAttachmentDefinition (NAD) directs Multus (and OVN-Kubernetes) to connect pods or virtual machines to a specific network. For instance, we will reference the local network mapping (ovs-lm) from the previously mentioned NNCP, and a VLAN, such as 3030, and create an NAD in the openshift-cnv namespace.

    Follow these steps to create a NetworkAttachmentDefinition (Figure 2):

    1. In the OpenShift web console UI, select Networking → NetworkAttachmentDefinition.

    2. From the Project menu, select openshift-cnv. You might need to enable Show default projects to list all system projects. 

    3. Click Create NetworkAttachmentDefinition and fill out the form per your requirements. 

    4. Click Create.

    NetworkAttachmentDefinition screenshot
    Figure 2: Creating a NetworkAttachmentDefinition in the OpenShift web console.

    Key points to note on this page include:

    • Project openshift-cnv: This is the project or namespace in which the NAD will be created.
    • nad-live-migrate: This is the name of the NAD that OpenShift Virtualization will use as the live migration network.
    • Network type OVN Kubernetes secondary localnet network: We have to select this since we created a localnet using NNCP.
    • Bridge mapping ovs-lm: This is the same name provided in the NNCP for OVN localnet name.
    • VLAN 3030: Please give the appropriate VLAN ID, if you are using a VLAN.

    Add subnet to NAD

    Now we will edit the newly created NAD to include a subnet for automatic IP assignment to the virt-handler pods in the openshift-cnv namespace by following these steps (Figure 3): 

    1. In the OpenShift web console, select Networking → NetworkAttachmentDefinition. 

    2. Select the openshift-cnv project from the Project list.

    3. Click the newly created NAD nad-live-migrate.

    4. Click YAML.

    5. Edit the JSON config and add the required subnet to it. To avoid any errors, remember to format the JSON correctly.

    Edit NetworkAttachmentDefinition to include a subnet
    Figure 3: Edit the NetworkAttachmentDefinition to include a subnet.

    The following is the combined YAML definition of the NAD:

    apiVersion: k8s.cni.cncf.io/v1
    kind: NetworkAttachmentDefinition
    metadata:
      name: nad-live-migrate
      namespace: openshift-cnv
    spec:
      config: |-
        {
            "cniVersion": "0.4.0",
            "name": "ovs-lm",
            "type": "ovn-k8s-cni-overlay",
            "netAttachDefName": "openshift-cnv/nad-live-migrate",
            "topology": "localnet",
            "vlanID": 3030,
            "subnets": "192.168.100.0/24",
            "excludeSubnets": "192.168.100.0/30"
        }

    Update the OpenShift Virtualization configuration

    Let's update the OpenShift Virtualization configuration to use the newly-created NAD. Refer to Figure 4 which illustrates the following steps:

    1. As a cluster admin, navigate to Virtualization → Overview on the left side of OpenShift web console.

    2. Click Settings → General Settings → Live Migration. 

    3. Select nad-live-migrate from the live migration network list. 

    Change Live migration network from OpenShift Virtualization's Settings
    Figure 4: Change the live migration network from the OpenShift Virtualization's settings.

    You can also do this using the command-line interface (CLI) as follows:

    oc patch HyperConverged kubevirt-hyperconverged -n openshift-cnv --type=merge -p '{"spec":{"liveMigrationConfig":{"network":"nad-live-migrate"}}}'

    Key points to note:

    • HyperConverged: custom resource (CR)
    • Kubevirt-hyperconverged: This is the name of the custom resource. Make sure you target the correct name. You may list the CR using the command: oc get HyperConverged -n openshift-cnv.
    • openshift-cnv: This is the namespace.
    • nad-live-migrate: This is the NAD we created earlier.

    Monitor the change

    At this point, you are almost ready for live migration on the secondary network. However, before you attempt a migration, it would be good to check if the virt-handler pods in the openshift-cnv namespace have all restarted and they're in good status.

    The cluster has four bare metal nodes. Hence, you will find four virt-handler pods, each running on one of those nodes. Make sure they are all in the running state and the ready status is showing 1/1. Also make sure that all of them recently restarted by checking their creation time, as shown in Figure 5.

    Verify virt-handler pods are running and are healthy.
    Figue 5: Verify the virt-handler pods are running and healthy.

    Test the migration

    Once you have made sure the virt-handler pods are running and in healthy state, you can run a test the live migration of a VM. For example, Figure 6 depicts live-migrating a virtual machine called fedora-01.

    To run the live migration, follow these steps:

    1. Select Virtualization → VirtualMachines from the left side navigation menu.

    2. Click the three dots (kebab) on the right side of the virtual machine that needs to be migrated (e.g., fedora-01).

    3. Click Migrate to initiate the live migration process. In a few seconds, the virtual machine should be migrated from its existing host to a different host in the cluster. 

    Example live migration test
    Figure 6: This is an example of a live migration test for a VM called fedora-01.

    You can also check if the VMI has the targetNodeAddress from the new live migration network as follows:

    $ oc get vmi fedora-01 -o json | jq '.status.migrationState | {targetNode, targetNodeAddress, targetPod}'
    {
      "targetNode": "master-2",
      "targetNodeAddress": "192.168.100.15",
      "targetPod": "virt-launcher-fedora-01-7gr8p"
    }
    

    As you can see, it shows the IP address from the pool of IP addresses assigned to the NAD and on which node it belongs. 

    Final thoughts

    By setting up a dedicated network for live migration, you can see how OpenShift Virtualization supports real-world enterprise needs. It is built to handle your important applications in a way that is powerful and easy to manage. Give OpenShift Virtualization a try and see how it can help you run your virtual machines with speed and confidence. Check out the Red Hat OpenShift Container Platform documentation, Configuring a dedicated network for live migration.

    Related Posts

    • Enable OpenShift Virtualization on Red Hat OpenShift

    • Easily upgrade hosted OpenShift Virtualization clusters on hosted control planes

    • Create software templates for VMs with OpenShift Virtualization

    • OpenShift Virtualization for vSphere admins: A change in the traditional storage paradigm

    • Minimize downtime when migrating from VMware to OpenShift Virtualization

    Recent Posts

    • Integrate vLLM inference on macOS/iOS with Llama Stack APIs

    • Optimize model serving at the edge with RawDeployment mode

    • Introducing Red Hat build of Cryostat 4.0

    • How we improved AI inference on macOS Podman containers

    • How OpenShift Virtualization supports VM live migration

    What’s up next?

    Get detailed instructions for migrating applications distributed in VMware vSphere-compliant OVA files into Red Hat OpenShift Virtualization in this learning path.

    Start the activity
    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue