| 1 | The name for the custom resource object. | 
| 2 | The namespace where the SR-IOV Network Operator is installed. | 
| 3 | The resource name of the SR-IOV network device plugin. You can create multiple SR-IOV network node policies for a resource name. 
When specifying a name, be sure to use the accepted syntax expression ^[a-zA-Z0-9_]+$in theresourceName. | 
| 4 | The node selector specifies the nodes to configure. Only SR-IOV network devices on the selected nodes are configured. The SR-IOV Container Network Interface (CNI) plugin and device plugin are deployed on selected nodes only. 
|  | 
The SR-IOV Network Operator applies node network configuration policies to nodes in sequence. Before applying node network configuration policies, the SR-IOV Network Operator checks if the machine config pool (MCP) for a node is in an unhealthy state such as DegradedorUpdating. If a node is in an unhealthy MCP, the process of applying node network configuration policies to all targeted nodes in the cluster pauses until the MCP returns to a healthy state. 
To avoid a node in an unhealthy MCP from blocking the application of node network configuration policies to other nodes, including nodes in other MCPs, you must create a separate node network configuration policy for each MCP. |  | 
| 5 | Optional: The priority is an integer value between 0and99. A smaller value receives higher priority. For example, a priority of10is a higher priority than99. The default value is99. | 
| 6 | Optional: The maximum transmission unit (MTU) of the physical function and all its virtual functions. The maximum MTU value can vary for different network interface controller (NIC) models. 
|  | 
If you want to create virtual function on the default network interface, ensure that the MTU is set to a value that matches the cluster MTU. 
If you want to modify the MTU of a single virtual function while the function is assigned to a pod, leave the MTU value blank in the SR-IOV network node policy.
Otherwise, the SR-IOV Network Operator reverts the MTU of the virtual function to the MTU value defined in the SR-IOV network node policy, which might trigger a node drain. |  | 
| 7 | Optional: Set needVhostNettotrueto mount the/dev/vhost-netdevice in the pod. Use the mounted/dev/vhost-netdevice with Data Plane Development Kit (DPDK) to forward traffic to the kernel network stack. | 
| 8 | The number of the virtual functions (VF) to create for the SR-IOV physical network device. For an Intel network interface controller (NIC), the number of VFs cannot be larger than the total VFs supported by the device. For a Mellanox NIC, the number of VFs cannot be larger than 127. | 
| 9 | The externallyManagedfield indicates whether the SR-IOV Network Operator manages all, or only a subset of virtual functions (VFs). With the value set tofalsethe SR-IOV Network Operator manages and configures all VFs on the PF.
|  | 
When externallyManagedis set totrue, you must manually create the Virtual Functions (VFs) on the physical function (PF) before applying theSriovNetworkNodePolicyresource. If the VFs are not pre-created, the SR-IOV Network Operator’s webhook will block the policy request. 
When externallyManagedis set tofalse, the SR-IOV Network Operator automatically creates and manages the VFs, including resetting them if necessary. 
To use VFs on the host system, you must create them through NMState, and set externallyManagedtotrue. In this mode, the SR-IOV Network Operator does not modify the PF or the manually managed VFs, except for those explicitly defined in thenicSelectorfield of your policy. However, the SR-IOV Network Operator continues to manage VFs that are used as pod secondary interfaces. |  | 
| 10 | The NIC selector identifies the device to which this resource applies. You do not have to specify values for all the parameters. It is recommended to identify the network device with enough precision to avoid selecting a device unintentionally. 
If you specify rootDevices, you must also specify a value forvendor,deviceID, orpfNames. If you specify bothpfNamesandrootDevicesat the same time, ensure that they refer to the same device. If you specify a value fornetFilter, then you do not need to specify any other parameter because a network ID is unique. | 
| 11 | Optional: The vendor hexadecimal vendor identifier of the SR-IOV network device. The only allowed values are 8086(Intel) and15b3(Mellanox). | 
| 12 | Optional: The device hexadecimal device identifier of the SR-IOV network device. For example, 101bis the device ID for a Mellanox ConnectX-6 device. | 
| 13 | Optional: An array of one or more physical function (PF) names the resource must apply to. | 
| 14 | Optional: An array of one or more PCI bus addresses the resource must apply to. For example 0000:02:00.1. | 
| 15 | Optional: The platform-specific network filter. The only supported platform is OpenStack. Acceptable values use the following format: openstack/NetworkID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. Replacexxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxwith the value from the/var/config/openstack/latest/network_data.jsonmetadata file. This filter ensures that VFs are associated with a specific OpenStack network. The operator uses this filter to map the VFs to the appropriate network based on metadata provided by the OpenStack platform. | 
| 16 | Optional: The driver to configure for the VFs created from this resource. The only allowed values are netdeviceandvfio-pci. The default value isnetdevice.
For a Mellanox NIC to work in DPDK mode on bare metal nodes, use the netdevicedriver type and setisRdmatotrue. | 
| 17 | Optional: Configures whether to enable remote direct memory access (RDMA) mode. The default value is false.
If the isRdmaparameter is set totrue, you can continue to use the RDMA-enabled VF as a normal network device. A device can be used in either mode. 
Set isRdmatotrueand additionally setneedVhostNettotrueto configure a Mellanox NIC for use with Fast Datapath DPDK applications. 
|  | 
You cannot set the isRdmaparameter totruefor intel NICs. |  | 
| 18 | Optional: The link type for the VFs. The default value is ethfor Ethernet. Change this value to 'ib' for InfiniBand.
When linkTypeis set toib,isRdmais automatically set totrueby the SR-IOV Network Operator webhook. WhenlinkTypeis set toib,deviceTypeshould not be set tovfio-pci. 
Do not set linkType to ethfor SriovNetworkNodePolicy, because this can lead to an incorrect number of available devices reported by the device plugin. | 
| 19 | Optional: To enable hardware offloading, you must set the eSwitchModefield to"switchdev". For more information about hardware offloading, see "Configuring hardware offloading". | 
| 20 | Optional: To exclude advertising an SR-IOV network resource’s NUMA node to the Topology Manager, set the value to true. The default value isfalse. |