OCPVIRT - add OSA on IBM Z networking

Author: SNiemann15

modules/virt-attaching-vm-secondary-network-cli.adoc

@@ -49,3 +49,8 @@ $ oc apply -f example-vm.yaml
 ----
 
 . Optional: If you edited a running virtual machine, you must restart it for the changes to take effect.
+
+[NOTE]
+====
+When running {VirtProductName} on {ibm-z-name} using an OSA card, you must register the MAC address of the device. For more information, see link:https://www.ibm.com/docs/en/linux-on-systems?topic=choices-osa-interface-traffic-forwarding[OSA interface traffic forwarding] (IBM documentation).
+====

modules/virt-creating-linux-bridge-nad-cli.adoc

@@ -24,6 +24,7 @@ Configuring IP address management (IPAM) in a network attachment definition for
 
 . Add the VM to the `NetworkAttachmentDefinition` configuration, as in the following example:
 +
+--
 [source,yaml]
 ----
 apiVersion: "k8s.cni.cncf.io/v1"
@@ -52,13 +53,19 @@ spec:
 <5> The name of the Linux bridge configured on the node. The name should match the interface bridge name defined in the `NodeNetworkConfigurationPolicy` manifest.
 <6> Optional: A flag to enable the MAC spoof check. When set to `true`, you cannot change the MAC address of the pod or guest interface. This attribute allows only a single MAC address to exit the pod, which provides security against a MAC spoofing attack.
 <7> Optional: The VLAN tag. No additional VLAN configuration is required on the node network configuration policy.
++
+[NOTE]
+====
+OSA interfaces on {ibm-z-name} do not support VLAN filtering and VLAN-tagged traffic is dropped. Avoid using VLAN-tagged NADs with OSA interfaces.
+====
+
 <8> Optional: Indicates whether the VM connects to the bridge through the default VLAN. The default value is `true`.
 +
 [NOTE]
 ====
 A Linux bridge network attachment definition is the most efficient method for connecting a virtual machine to a VLAN.
 ====
-
+--
 . Create the network attachment definition:
 +
 [source,terminal]

modules/virt-creating-linux-bridge-nad-web.adoc

@@ -31,5 +31,11 @@ The network attachment definition must be in the same namespace as the pod or vi
 . Select *CNV Linux bridge* from the *Network Type* list.
 . Enter the name of the bridge in the *Bridge Name* field.
 . Optional: If the resource has VLAN IDs configured, enter the ID numbers in the *VLAN Tag Number* field.
++
+[NOTE]
+====
+OSA interfaces on {ibm-z-name} do not support VLAN filtering and VLAN-tagged traffic is dropped. Avoid using VLAN-tagged NADs with OSA interfaces.
+====
++
 . Optional: Select *MAC Spoof Check* to enable MAC spoof filtering. This feature provides security against a MAC spoofing attack by allowing only a single MAC address to exit the pod.
 . Click *Create*.

modules/virt-creating-linux-bridge-nncp.adoc

@@ -46,3 +46,15 @@ spec:
 <6> Disables IPv4 in this example.
 <7> Disables STP in this example.
 <8> The node NIC to which the bridge is attached.
+
+[NOTE]
+====
+To create the NNCP manifest for a Linux bridge using OSA with {ibm-z-name}, you must disable VLAN filtering by the setting the `rx-vlan-filter` to `false` in the `NodeNetworkConfigurationPolicy` manifest.
+
+Alternatively, if you have SSH access to the node, you can disable VLAN filtering by running the following command:
+
+[source,terminal]
+----
+$ sudo ethtool -K <osa-interface-name> rxvlan off
+----
+====