CNV-52860: Passt binding for primary UDNs

Shikha Jhala · Shikha Jhala · commit 55b28d0fd3bf · 2025-10-06T15:52:59.000-04:00
diff --git a/modules/virt-attaching-vm-to-primary-udn-web.adoc b/modules/virt-attaching-vm-to-primary-udn-web.adoc
@@ -0,0 +1,39 @@
+// Module included in the following assemblies:
+//
+// * virt/vm_networking/virt-connecting-vm-to-primary-udn.adoc
+
+:_mod-docs-content-type: PROCEDURE                                
+[id="virt-attaching-vm-to-primary-udn-web_{context}"]                                  
+= Attaching a virtual machine to the primary user-defined network by using the web console
+
+You can connect a virtual machine (VM) to the primary user-defined network (UDN) by using the {product-title} web console.
+
+.Prerequisites
+* You are logged into the {product-title} web console.
+
+.Procedure
+. Optional: If you want to use the Plug a Simple Socket Transport (passt) network binding plugin, follow these steps to enable the Technology Preview feature:
+
+.. From the *Virtualization* perspective, click *Overview*.
+
+.. On the *Virtualization* page, click the *Settings* tab.
+
+.. Click *Preview features* and set *Enable Passt binding for primary user-defined networks* to on.
+
+. From the *Virtualization* perspective, click *VirtualMachines*.
+
+. Select a VM to open the *VirtualMachine details* page.
+
+. Click the *Configuration* tab.
+
+. Click *Network*.
+
+. Click the Options menu {kebab} on the *Network interfaces* page and select *Edit*.
+
+. In the *Edit network interface* dialog, select the default pod network attachment from the *Network* list.
+
+. Expand *Advanced* and then select the *Passt* binding.
+
+. Click *Save*.
+
+. If your VM is running, restart it for the changes to take effect.
diff --git a/modules/virt-attaching-vm-to-primary-udn.adoc b/modules/virt-attaching-vm-to-primary-udn.adoc
@@ -12,9 +12,16 @@ You can connect a virtual machine (VM) to the primary user-defined network (UDN)
 * You have installed the OpenShift CLI (`oc`).
 
 .Procedure
+. Optional: If you want to use the Plug a Simple Socket Transport (passt) network binding plugin, set the `hco.kubevirt.io/deployPasstNetworkBinding` annotation to `true` in the `HyperConverged` custom resource (CR) by running the following command:
++
+[source,terminal]
+----
+$ oc annotate hco kubevirt-hyperconverged -n kubevirt-hyperconverged hco.kubevirt.io/deployPasstNetworkBinding=true --overwrite
+----
+
 . Edit the `VirtualMachine` manifest to add the UDN interface details, as in the following example:
 +
-.Example `VirtualMachine` manifest
+*Example `VirtualMachine` manifest*
 [source,yaml]
 ----
 apiVersion: kubevirt.io/v1
@@ -39,7 +46,7 @@ spec:
 ----
 <1> The namespace in which the VM is located. This value must match the namespace in which the UDN is defined.
 <2> The name of the user-defined network interface.
-<3> The name of the binding plugin that is used to connect the interface to the VM. The required value is `l2bridge`.
+<3> The name of the binding plugin that is used to connect the interface to the VM. The possible values are `l2bridge` and `passt`. The default value is `l2bridge`.
 <4> The name of the network. This must match the value of the `spec.template.spec.domain.devices.interfaces.name` field.
 
 . Apply the `VirtualMachine` manifest by running the following command:
diff --git a/virt/vm_networking/virt-connecting-vm-to-primary-udn.adoc b/virt/vm_networking/virt-connecting-vm-to-primary-udn.adoc
@@ -1,6 +1,7 @@
 :_mod-docs-content-type: ASSEMBLY                               
 [id="virt-connecting-vm-to-primary-udn"]                                    
-= Connecting a virtual machine to a primary user-defined network                                                
+= Connecting a virtual machine to a primary user-defined network
+                                                
 include::_attributes/common-attributes.adoc[]                   
 :context: virt-connecting-vm-to-primary-udn                                    
                                                                 
@@ -26,7 +27,6 @@ You must consider the following limitations before implementing a primary UDN:
 * You cannot use the `virtctl ssh` command to configure SSH access to a VM.
 * You cannot use the `oc port-forward` command to forward ports to a VM.
 * You cannot use headless services to access a VM.
-* You cannot define readiness and liveness probes to configure VM health checks.
  
 
 [id="creating-primary-udn-web_{context}"]
@@ -59,7 +59,28 @@ include::modules/virt-creating-a-primary-cluster-udn.adoc[leveloffset=+2]
 .Next steps
 * xref:../../virt/vm_networking/virt-connecting-vm-to-primary-udn.adoc#virt-creating-udn-namespace-cli_virt-connecting-vm-to-primary-udn[Create namespaces that are associated with the cluster-scoped UDN]
 
-include::modules/virt-attaching-vm-to-primary-udn.adoc[leveloffset=+1]
+[id="attaching-vm-to-primary-udn_{context}"]
+== Attaching a virtual machine to the primary user-defined network
+
+You can connect a virtual machine (VM) to the primary user-defined network (UDN) by requesting the pod network attachment, and configuring the interface binding.
+
+{VirtProductName} supports the following network binding plugins to connect the network interface to the VM:
+
+`l2bridge`:: The Layer 2 bridge binding creates a direct Layer 2 connection between the VM's virtual network and the host's virtual switch, which is then attached to a physical interface or a VLAN. This binding places the VM on the same network as the host, allowing it to obtain an IP address from the same DHCP server and share the host's physical network connection.
+
+`passt`:: The Plug a Simple Socket Transport (passt) binding translates Layer 2 network frames from a VM into Layer 4 sockets on the host machine. It provides a user-space networking solution that avoids needing special privileges for VMs that need network access but should not be directly exposed to the host network's Layer 2. 
++
+Passt binding has the following benefits:
+
+* You can define readiness and liveness probes to configure VM health checks.
+* You can use Red Hat Advanced Cluster Security to monitor TCP traffic within the cluster.
+
+:FeatureName: Using the passt binding plugin to attach a VM to the primary UDN
+include::snippets/technology-preview.adoc[]
+
+include::modules/virt-attaching-vm-to-primary-udn.adoc[leveloffset=+2]
+
+include::modules/virt-attaching-vm-to-primary-udn-web.adoc[leveloffset=+2]
 
 //Excluding from ROSA because the Networking -> Multiple networks -> Primary networks section is not part of ROSA docs
 ifndef::openshift-rosa,openshift-dedicated,openshift-rosa-hcp[]
