OSDOCS-14356-New: Added bond best practices info to networking docs

[dfitzmau]

Checklist of items:

• static DHCP requirements
• fail_over_mac=1
• Remove ip=bond0 kargs.

Version(s):
4.12+

Issue:
OSDOCS-14356

Link to docs preview:

• Bonding multiple network interfaces to a single interface
• Networking requirements for user-provisioned infrastructure
• Example: Multiple interfaces in the same node network configuration policy
• Network bonding considerations
• Configuring OVN-Kubernetes to use a secondary OVS bridge

• SME has approved this change.
• QE has approved this change.

• https://gitlab.cee.redhat.com/rbrattai/notes/-/blob/master/BondingNotes.md
• https://issues.redhat.com/browse/OCPBUGS-45026
• https://www.ibm.com/docs/ja/linux-on-systems?topic=mode-option-fail-over-mac

[ocpdocs-previewbot]

🤖 Tue Dec 02 17:17:59 - Prow CI generated the docs preview:
https://93160--ocpdocs-pr.netlify.app
Complete list of updated preview URLs: artifacts/updated_preview_urls.txt

[dfitzmau]

/retest

[bergerhoffer]

The branch/enterprise-4.21 label has been added to this PR.

This is because your PR targets the main branch and is labeled for enterprise-4.20. And any PR going into main must also target the latest version branch (enterprise-4.21).

If the update in your PR does NOT apply to version 4.21 onward, please re-target this PR to go directly into the appropriate version branch or branches (enterprise-4.x) instead of main.

[cybertron]

Okay, after some more investigation into OVS bond configs I have a couple more comments.

[cybertron]

Actually for OVS bonding I think my comment may be invalid. We don't clone the MAC address in those configs.

[rbbratta]

We can delete this.

[dfitzmau]

Thanks. Deleted:

[NOTE]
====
Consider that an OVS bond with balance-slb mode enabled might experience issues if the bond forwards unknown unicast traffic from one physical network interface controller (NIC) into the phsycial network through another NIC. This situation can result in an Layer 2 loop, or bridge loop, that in turn causes MAC flapping.

MAC flapping causes the same MAC address to exist in many network locations for a period of time. For example, a remote switch does not learn the MAC address for the destination of a unicast packet and this causes the packet to exist on all links available on the SLB bond configuration. As a workaround for this issue, you can set the bond to active-backup mode during MAC address assignment and then switch the bond to use balance-slb mode.
====

[rbbratta]

this doesn't work. bond= with DHCP does not support MAC cloning, so primary slave fail and reboot will get new DHCP lease with secondary slave MAC.

We need to remove bond= kernel args.

[rbbratta]

Maybe there is an extra kwarg to set secondary slave MAC.

[dfitzmau]

Removed:

bond=bond0:em1,em2:mode=active-backup

[rbbratta]

bond= with static IP kinda works, but it also doesn't support cloned-macs, but it doesn't necessarily matter for static IP.

[dfitzmau]

Removed:

bond=bond0:em1,em2:mode=active-backup

[cybertron]

/lgtm

We'll probably end up tweaking and adding content here, but this is a good start.

[cybertron]

Not a blocker for this patch, but if we're going to include these notes everywhere an NNCP is mentioned, we might want to explicitly state that it is in relation to Kubernetes-NMState. It is possible to make some changes to the underlying interfaces via other methods.

[dfitzmau]

✔️

[cybertron]

Again not specific to this patch, but in this context we should probably include br-ex1 as a do-not-touch interface. I don't think we need to mention it everywhere, but since this doc is discussion the secondary br-ex1 bridge it would be worth including here.

[dfitzmau]

✔️

[dfitzmau]

Added br-ex1 to the list two "The following list of interface names are reserved and you cannot use the names with NMstate configurations:" notes.

[openshift-ci]

New changes are detected. LGTM label has been removed.

[openshift-ci]

@dfitzmau: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.