STP for Live Update NetworkAttachmentDefinition Reference (VEP 140)

[yossisegev]

STP Metadata

VEP issue: https://github.com/kubevirt/enhancements/blob/main/veps/sig-network/hotpluggable-nad-ref.md

What this PR does

STP for covering updating network (NAD) reference on live VMs.

Special notes for your reviewer

Summary by CodeRabbit

• Documentation
  • Added comprehensive test plan documentation for Live Update NetworkAttachmentDefinition Reference feature, including test scenarios, environment requirements, and testing strategy guidance.

[coderabbitai]

Walkthrough

A new test plan document for Live Update NetworkAttachmentDefinition Reference (Hotpluggable NAD Ref) feature was added, detailing QE strategy, test scenarios, and requirements traceability for testing live migration of VMs with updated NAD references.

Changes

Cohort / File(s)	Summary
Test Planning Documentation stps/sig-network/hotpluggable-nad-ref-stp.md	New test plan document for Live Update NetworkAttachmentDefinition Reference feature, including scope, testing strategies, test environment specifications, risk assessment, and requirements traceability.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'STP for Live Update NetworkAttachmentDefinition Reference (VEP 140)' directly and specifically describes the main change: introducing a test plan document for the Live Update NAD Reference feature with a clear VEP reference.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-virtualization-qe-bot-3]

Report bugs in Issues

Welcome! 🎉

This pull request will be automatically processed with the following features:

🔄 Automatic Actions

• Reviewer Assignment: Reviewers are automatically assigned based on the OWNERS file in the repository root
• Size Labeling: PR size labels (XS, S, M, L, XL, XXL) are automatically applied based on changes
• Issue Creation: A tracking issue is created for this PR and will be closed when the PR is merged or closed
• Branch Labeling: Branch-specific labels are applied to track the target branch
• Auto-verification: Auto-verified users have their PRs automatically marked as verified
• Labels: Enabled categories: branch, can-be-merged, cherry-pick, has-conflicts, hold, needs-rebase, size, verified, wip

📋 Available Commands

PR Status Management

• /wip - Mark PR as work in progress (adds WIP: prefix to title)
• /wip cancel - Remove work in progress status
• /hold - Block PR merging (approvers only)
• /hold cancel - Unblock PR merging
• /verified - Mark PR as verified
• /verified cancel - Remove verification status
• /reprocess - Trigger complete PR workflow reprocessing (useful if webhook failed or configuration changed)
• /regenerate-welcome - Regenerate this welcome message

Review & Approval

• /lgtm - Approve changes (looks good to me)
• /approve - Approve PR (approvers only)
• /assign-reviewers - Assign reviewers based on OWNERS file
• /assign-reviewer @username - Assign specific reviewer
• /check-can-merge - Check if PR meets merge requirements

Testing & Validation

• /retest tox - Run Python test suite with tox
• /retest all - Run all available tests

Cherry-pick Operations

• /cherry-pick <branch> - Schedule cherry-pick to target branch when PR is merged
  • Multiple branches: /cherry-pick branch1 branch2 branch3

Label Management

• /<label-name> - Add a label to the PR
• /<label-name> cancel - Remove a label from the PR

✅ Merge Requirements

This PR will be automatically approved when the following conditions are met:

1. Approval: /approve from at least one approver
2. LGTM Count: Minimum 2 /lgtm from reviewers
3. Status Checks: All required status checks must pass
4. No Blockers: No WIP, hold, conflict labels
5. Verified: PR must be marked as verified (if verification is enabled)

📊 Review Process

Approvers and Reviewers

Approvers:

• EdDev

Reviewers:

• Anatw
• EdDev
• azhivovk
• servolkov
• yossisegev

Available Labels

• hold
• verified
• wip
• lgtm
• approve

💡 Tips

• WIP Status: Use /wip when your PR is not ready for review
• Verification: The verified label is automatically removed on each new commit
• Cherry-picking: Cherry-pick labels are processed when the PR is merged
• Permission Levels: Some commands require approver permissions
• Auto-verified Users: Certain users have automatic verification and merge privileges

For more information, please refer to the project documentation or contact the maintainers.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@stps/sig-network/hotpluggable-nad-ref-stp.md`:
- Line 32: Fix the typos across the document by replacing the incorrect tokens
with the corrected spellings: change "NAd reference" to "NAD reference",
"dependecny" -> "dependency", "implmenetation" -> "implementation", "backgrond"
-> "background", "letncy cannot be measured,for example" -> "latency cannot be
measured, for example", "evetually" -> "eventually", "is mot affected" -> "is
not affected", "dependancy" -> "dependency", "migartion" -> "migration",
"refelcted" -> "reflected", "environemnt" -> "environment", and "migratin" ->
"migration"; ensure you update each occurrence of the quoted phrases (e.g., the
header/text containing "NAd reference", the paragraphs with
"dependecny"/"implmenetation", the sentence with "letncy...", etc.) so the
document reads correctly and consistently.
- Around line 156-162: Update the traceability table to add a Requirement row
for the "P1 feature-gate disabled behavior" mapping the in-scope item "Verify
behavior when LiveUpdateNADRef feature-gate is disabled (attempting to change
NAD reference produces failure/error)" to a Test Scenario that attempts a
networkName update with the feature-gate off and asserts failure/error, and add
another Requirement row for "MAC preservation" mapping the in-scope item
"Verifying that guest interface identity (e.g. MAC) is preserved where
applicable" to a Test Scenario that changes NAD reference and verifies the guest
MAC is unchanged; also update the existing VEP-140 (NFR) regression row to
explicitly mention "interface hot-plug regression" in the Requirement
Summary/Test Scenario to reflect the specific regression concern named elsewhere
in the document.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix spelling/typo errors across the document.

Several typos are present. Line 91 is the most impactful — "is mot affected" inverts the intended meaning.

Line	Current	Corrected
32	NAd reference	NAD reference
47	dependecny, implmenetation	dependency, implementation
83	backgrond	background
85	letncy cannot be measured,for example	latency cannot be measured, for example
87	evetually	eventually
91	is mot affected	is not affected
108	dependancy	dependency
137	migartion, refelcted	migration, reflected
138	environemnt	environment
149	migratin	migration

Also applies to: 47-47, 83-83, 85-85, 87-87, 91-91, 108-108, 137-137, 138-138, 149-149

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@stps/sig-network/hotpluggable-nad-ref-stp.md` at line 32, Fix the typos
across the document by replacing the incorrect tokens with the corrected
spellings: change "NAd reference" to "NAD reference", "dependecny" ->
"dependency", "implmenetation" -> "implementation", "backgrond" -> "background",
"letncy cannot be measured,for example" -> "latency cannot be measured, for
example", "evetually" -> "eventually", "is mot affected" -> "is not affected",
"dependancy" -> "dependency", "migartion" -> "migration", "refelcted" ->
"reflected", "environemnt" -> "environment", and "migratin" -> "migration";
ensure you update each occurrence of the quoted phrases (e.g., the header/text
containing "NAd reference", the paragraphs with "dependecny"/"implmenetation",
the sentence with "letncy...", etc.) so the document reads correctly and
consistently.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Traceability table is missing rows for the P1 feature-gate-disabled goal and the MAC preservation in-scope item.

Two items explicitly listed as in-scope or as testing goals have no corresponding traceability row:

1. P1 feature-gate disabled behavior (line 63): "Verify behavior when LiveUpdateNADRef feature-gate is disabled (e.g. attempting to change NAD reference produces failure/error)" — there is no row in the table for this scenario.
2. MAC preservation (line 58): "Verifying that guest interface identity (e.g. MAC) is preserved where applicable" — this is listed as in-scope but is not mapped to any test scenario or requirement row.

Additionally, the VEP-140 (NFR) regression row (line 161) does not explicitly call out interface hot-plug regression, which is the specific regression concern named on line 64.

📋 Suggested additions to the traceability table

 | VEP-140 (NFR)    | No regression in secondary network and migration                                    | Existing secondary network and migration tests pass                                         | Tier 2 | P1       |
+|                  | No regression in interface hot-plug flows                                           | Existing interface hot-plug E2E tests pass unchanged                                        | Tier 2 | P1       |
+| VEP-140 (Design) | LiveUpdateNADRef feature-gate disabled: NAD ref change is rejected                  | Disable LiveUpdateNADRef gate → update networkName → assert error/rejection returned        | Tier 1 | P1       |
+| VEP-140 (Design) | Guest interface identity (MAC) preserved after NAD ref update and migration         | Update networkName → migration completes → verify MAC unchanged on guest interface           | Tier 2 | P1       |

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	| Requirement ID | Requirement Summary | Test Scenario(s) | Tier | Priority |
	|:-----------------|:------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------|:-------|:---------|
	| VEP-140 (Goal) | Change NAD reference on running VM (bridge) via migration; VM on new network and has connectivity | Change networkName on running VM → wait for migration → verify VM attached to new NAD and connectivity | Tier 2 | P0 |
	| VEP-140 (Design) | Migration triggered and completes after networkName update | Update networkName → verify migration requested and completes | Tier 1 | P0 |
	| VEP-140 (Design) | RestartRequired not set when only networkName changes | Update only networkName → assert RestartRequired not added | Tier 1 | P1 |
	| VEP-140 (NFR) | No regression in secondary network and migration | Existing secondary network and migration tests pass | Tier 2 | P1 |
	| Requirement ID | Requirement Summary | Test Scenario(s) | Tier | Priority |
	|:-----------------|:------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------|:-------|:---------|
	| VEP-140 (Goal) | Change NAD reference on running VM (bridge) via migration; VM on new network and has connectivity | Change networkName on running VM → wait for migration → verify VM attached to new NAD and connectivity | Tier 2 | P0 |
	| VEP-140 (Design) | Migration triggered and completes after networkName update | Update networkName → verify migration requested and completes | Tier 1 | P0 |
	| VEP-140 (Design) | RestartRequired not set when only networkName changes | Update only networkName → assert RestartRequired not added | Tier 1 | P1 |
	| VEP-140 (NFR) | No regression in secondary network and migration | Existing secondary network and migration tests pass | Tier 2 | P1 |
	| | No regression in interface hot-plug flows | Existing interface hot-plug E2E tests pass unchanged | Tier 2 | P1 |
	| VEP-140 (Design) | LiveUpdateNADRef feature-gate disabled: NAD ref change is rejected | Disable LiveUpdateNADRef gate → update networkName → assert error/rejection returned | Tier 1 | P1 |
	| VEP-140 (Design) | Guest interface identity (MAC) preserved after NAD ref update and migration | Update networkName → migration completes → verify MAC unchanged on guest interface | Tier 2 | P1 |

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@stps/sig-network/hotpluggable-nad-ref-stp.md` around lines 156 - 162, Update
the traceability table to add a Requirement row for the "P1 feature-gate
disabled behavior" mapping the in-scope item "Verify behavior when
LiveUpdateNADRef feature-gate is disabled (attempting to change NAD reference
produces failure/error)" to a Test Scenario that attempts a networkName update
with the feature-gate off and asserts failure/error, and add another Requirement
row for "MAC preservation" mapping the in-scope item "Verifying that guest
interface identity (e.g. MAC) is preserved where applicable" to a Test Scenario
that changes NAD reference and verifies the guest MAC is unchanged; also update
the existing VEP-140 (NFR) regression row to explicitly mention "interface
hot-plug regression" in the Requirement Summary/Test Scenario to reflect the
specific regression concern named elsewhere in the document.

[frenzyfriday]

Thanks for the STP! Lgtm in general, just a few questions/comments

[frenzyfriday]

VM’s pod is re-plumbed to the new network
Technically there is no re-plumbing as the VM will be live migrated and its source pod with the old plumbing will be destroyed and a new pod with new plumbing will be created. But then again from a user POV it probably is replumbing.. so I am not sure if it is safe to say that the pod will be replumbed.

[frenzyfriday]

[nit]

the NAd reference

the NAD reference

[frenzyfriday]

VM owners can re-assign new networks

new networks but of the same binding type (but maybe that is already clear)

[frenzyfriday]

Does it also required inter node connectivity or something like that? I mention this because while writing the T1 tests just to avoid setting up inter node connectivity we were creating the client VM (that will be also on the new NAD and will ping our migrating VM from) on the same node that the vm under test migrated to. Not sure if this applies here

[frenzyfriday]

Is it worth mentioning that it needs to be run on a cluster with >=2 nodes (because it will be migrating)? I mention this because we added a similar decorator in the T1 tests, not sure that is applicable here though

[frenzyfriday]

With FG off it just adds a restartRequired condition to the VM I think

[frenzyfriday]

User's scenarios are oblivious to the way DNC is interacted

Yes, but as per the current implementation In-place NAD swap (without migration) will not happen both with/without DNC

[frenzyfriday]

[nit]

letncy

latency

[frenzyfriday]

There is a dependency on Multus? Do you mean we want some change from them or just that it is using Multus (and so it is dependent on Multus not breaking stuff)?