OSDOCS-14170: Created doc for enabled port isolation Linux bridge CNI CNV

dfitzmau · dfitzmau · commit bd9df49df59b · 2025-04-23T16:36:37.000+01:00
diff --git a/modules/virt-linux-bridge-nad-port-isolation.adoc b/modules/virt-linux-bridge-nad-port-isolation.adoc
@@ -0,0 +1,56 @@
+// Module included in the following assemblies:
+//
+// * virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="virt-linux-bridge-nad-port-isolation.adoc_{context}"]
+= Enabling port isolation for a Linux bridge NAD
+
+You can enable port isolation for a Linux bridge network attachment definition (NAD) so that virtual machines (VMs) that run on the same node can operate in isolation from each other. This mechanism works by isolating specific ports from communicating with each other but still allows ports to communicate with non-isolated ports. Isolating ports in this way can provide enhanced security, efficient resource use, and performance improvements for each VM that runs on a node. 
+
+.Prerequisites
+
+* You created Linux bridge NAD by using either the web console or the command-line interface. 
+
+.Procedure
+
+
+
+
+
+
+
+. Add the bridge interface and the network attachment definition to the VM configuration as in the following example:
++
+[source,yaml]
+----
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+  name: example-vm
+spec:
+  template:
+    spec:
+      domain:
+        devices:
+          interfaces:
+            - bridge: {}
+              name: bridge-net <1>
+# ...
+      networks:
+        - name: bridge-net <2>
+          multus:
+            networkName: a-bridge-network <3>
+----
+<1> The name of the bridge interface.
+<2> The name of the network. This value must match the `name` value of the corresponding `spec.template.spec.domain.devices.interfaces` entry.
+<3> The name of the network attachment definition.
+
+. Apply the configuration:
++
+[source,terminal]
+----
+$ oc apply -f example-vm.yaml
+----
+
+. Optional: If you edited a running virtual machine, you must restart it for the changes to take effect.
diff --git a/virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc b/virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc
@@ -26,10 +26,15 @@ include::modules/virt-creating-linux-bridge-nncp.adoc[leveloffset=+1]
 
 You can create a Linux bridge network attachment definition (NAD) by using the {product-title} web console or command line.
 
+// Creating a Linux bridge NAD by using the web console
 include::modules/virt-creating-linux-bridge-nad-web.adoc[leveloffset=+2]
 
+// Creating a Linux bridge NAD by using the command line
 include::modules/virt-creating-linux-bridge-nad-cli.adoc[leveloffset=+2]
 
+// Enabling port isolation for a Linux bridge NAD
+include::modules/virt-linux-bridge-nad-port-isolation.adoc[leveloffset=+2]
+
 [id="configuring-vm-network-interface"]
 == Configuring a VM network interface
 
