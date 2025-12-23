All examples below assume OVN VPC is deployed together with an IsolationClass named ovn.vpc.dpu.nvidia.com as described in the deployment guide.

After applying each example, check the status of the resources. Once all resources are ready, you can test connectivity on the host between VF interfaces that correspond to the specified DPUServiceInterface by:

Requesting DHCP from OVN (e.g., using dhclient -v -1 <interface> ). Running traffic between host network interfaces.

This basic example allows hosts to communicate with each other (E/W) and to communicate with the external network behind NAT in an isolated manner (e.g., in case the network infrastructure is shared with additional nodes).

The topology consists of:

A DPUVPC: testvpc A DPUVirtualNetwork: testnet1 A DPUServiceInterface of type VF targeting VF ID 2 : testnet1-vf2

VPC Example Topology

--- apiVersion: vpc.dpu.nvidia.com/v1alpha1 kind: DPUVPC metadata: name: testvpc namespace: default spec: tenant: foo isolationClassName: ovn.vpc.dpu.nvidia.com interNetworkAccess: true nodeSelector: {} --- apiVersion: vpc.dpu.nvidia.com/v1alpha1 kind: DPUVirtualNetwork metadata: name: testnet1 namespace: default spec: vpcName: testvpc nodeSelector: {} type: Bridged externallyRouted: true masquerade: true bridgedNetwork: ipam: ipv4: dhcp: true subnet: 192.178 . 0.0 / 16 --- apiVersion: svc.dpu.nvidia.com/v1alpha1 kind: DPUServiceInterface metadata: name: testnet1-vf2 namespace: default spec: template: spec: template: spec: interfaceType: vf vf: pfID: 0 vfID: 2 parentInterfaceRef: "" virtualNetwork: testnet1





This example associates different DPU nodes with different DPUVirtualNetworks within the same VPC.

The topology consists of:

A DPUVPC: testvpc Two DPUVirtualNetworks: testnet1 , testnet2 Two DPUServiceInterfaces targeting different DPU nodes by label: testnet1-vf2 , testnet2-vf2

DPU nodes should be labeled with a distinct label to allow the association of each DPUServiceInterface to a distinct set of nodes.

In this example, we assume two groups of DPU nodes are labeled with vpc.dpu.nvidia.com/network=testnet1 and vpc.dpu.nvidia.com/network=testnet2 respectively.

Hosts can communicate with each other (E/W) in an isolated manner as well as reach the external network behind NAT. Nodes will belong to different virtual networks (subnets) according to the specified label.

VPC Example Topology

--- apiVersion: vpc.dpu.nvidia.com/v1alpha1 kind: DPUVPC metadata: name: testvpc namespace: default spec: tenant: foo isolationClassName: ovn.vpc.dpu.nvidia.com interNetworkAccess: true nodeSelector: {} --- apiVersion: vpc.dpu.nvidia.com/v1alpha1 kind: DPUVirtualNetwork metadata: name: testnet1 namespace: default spec: vpcName: testvpc nodeSelector: {} type: Bridged externallyRouted: true masquerade: true bridgedNetwork: ipam: ipv4: dhcp: true subnet: 192.178 . 0.0 / 16 --- apiVersion: vpc.dpu.nvidia.com/v1alpha1 kind: DPUVirtualNetwork metadata: name: testnet2 namespace: default spec: vpcName: testvpc nodeSelector: {} type: Bridged externallyRouted: true masquerade: true bridgedNetwork: ipam: ipv4: dhcp: true subnet: 192.188 . 0.0 / 16 --- apiVersion: svc.dpu.nvidia.com/v1alpha1 kind: DPUServiceInterface metadata: name: testnet1-vf2 namespace: default spec: template: spec: nodeSelector: matchLabels: vpc.dpu.nvidia.com/network: testnet1 template: spec: interfaceType: vf vf: pfID: 0 vfID: 2 parentInterfaceRef: "" virtualNetwork: testnet1 --- apiVersion: svc.dpu.nvidia.com/v1alpha1 kind: DPUServiceInterface metadata: name: testnet2-vf2 namespace: default spec: template: spec: nodeSelector: matchLabels: vpc.dpu.nvidia.com/network: testnet2 template: spec: interfaceType: vf vf: pfID: 0 vfID: 2 parentInterfaceRef: "" virtualNetwork: testnet2





This example associates two VPCs with different subsets of nodes. Each VPC has a single DPUVirtualNetwork. Each DPUVirtualNetwork is associated with a single DPUServiceInterface. This example corresponds to a multi-tenant environment where different sets of nodes belong to different tenants (VPCs).

The topology consists of:

Two DPUVPCs: redvpc , bluevpc Two DPUVirtualNetworks: rednet , bluenet Two DPUServiceInterfaces: rednet-vf2 , bluenet-vf2

DPU nodes should be labeled with a distinct label to allow the association to a specific VPC.

In this example, we assume two groups of DPU nodes are labeled with vpc.dpu.nvidia.com/tenant=red and vpc.dpu.nvidia.com/tenant=blue respectively. Nodes within the same VPC can communicate with each other (E/W) in an isolated manner, as well as reach the external network behind NAT (N/S).

Each VPC and its resources can be created in their own namespace. This example uses the default namespace for both.

VPC Example Topology

--- apiVersion: vpc.dpu.nvidia.com/v1alpha1 kind: DPUVPC metadata: name: redvpc namespace: default spec: tenant: red isolationClassName: ovn.vpc.dpu.nvidia.com interNetworkAccess: true nodeSelector: matchLabels: vpc.dpu.nvidia.com/tenant: red --- apiVersion: vpc.dpu.nvidia.com/v1alpha1 kind: DPUVPC metadata: name: bluevpc namespace: default spec: tenant: blue isolationClassName: ovn.vpc.dpu.nvidia.com interNetworkAccess: true nodeSelector: matchLabels: vpc.dpu.nvidia.com/tenant: blue --- apiVersion: vpc.dpu.nvidia.com/v1alpha1 kind: DPUVirtualNetwork metadata: name: bluenet namespace: default spec: vpcName: bluevpc nodeSelector: matchLabels: vpc.dpu.nvidia.com/tenant: blue type: Bridged externallyRouted: true masquerade: true bridgedNetwork: ipam: ipv4: dhcp: true subnet: 192.178 . 0.0 / 16 --- apiVersion: vpc.dpu.nvidia.com/v1alpha1 kind: DPUVirtualNetwork metadata: name: rednet namespace: default spec: vpcName: redvpc nodeSelector: matchLabels: vpc.dpu.nvidia.com/tenant: red type: Bridged externallyRouted: true masquerade: true bridgedNetwork: ipam: ipv4: dhcp: true subnet: 192.178 . 0.0 / 16 --- apiVersion: svc.dpu.nvidia.com/v1alpha1 kind: DPUServiceInterface metadata: name: rednet-vf2 namespace: default spec: template: spec: nodeSelector: matchLabels: vpc.dpu.nvidia.com/tenant: red template: spec: interfaceType: vf vf: pfID: 0 vfID: 2 parentInterfaceRef: "" virtualNetwork: rednet --- apiVersion: svc.dpu.nvidia.com/v1alpha1 kind: DPUServiceInterface metadata: name: bluenet-vf2 namespace: default spec: template: spec: nodeSelector: matchLabels: vpc.dpu.nvidia.com/tenant: blue template: spec: interfaceType: vf vf: pfID: 0 vfID: 2 parentInterfaceRef: "" virtualNetwork: bluenet




