openshift
diff --git a/‎images/503_OpenShift_UDN_L2_0425.png
70.3 KB b/‎images/503_OpenShift_UDN_L2_0425.png
70.3 KB
diff --git a/‎modules/nw-udn-l2-l3.adoc
Lines changed: 9 additions & 4 deletions b/‎modules/nw-udn-l2-l3.adoc
Lines changed: 9 additions & 4 deletions
@@ -5,16 +5,21 @@
 [id="nw-udn-l2-l3_{context}"]
 = Layer 2 and layer 3 topologies
 
-A layer 2 topology creates a virtual switch that is distributed across all nodes in a cluster. Virtual machines and pods connect to this virtual switch so that all these components can communicate with each other within the same subnet. If you decide not to specify a layer 2 subnet, then you must manually configure IP addresses for each pod in your cluster. When you do not specify a layer 2 subnet, port security is limited to preventing Media Access Control (MAC) spoofing only, and does not include IP spoofing. A layer 2 topology creates a single broadcast domain that can be challenging in large network environments, where the topology might cause a broadcast storm that can degrade network performance. 
+A flat layer 2 topology creates a virtual switch that is distributed across all nodes in a cluster. Virtual machines and pods connect to this virtual switch so that all these components can communicate with each other within the same subnet. A flat layer 2 topology is useful for live migration of virtual machines across nodes that exist in a cluster. The following diagram shows a flat layer 2 topology with two nodes that use the virtual switch for live migration purposes:
 
-The following diagram shows two nodes that use an UDN with a layer 2 topology to live migrate a pod from `Node 1` to `Node 2`. Each node includes two interfaces:
+.A flat layer 2 topology that uses a virtual switch for component communication
+image::504_OpenShift_UDN_L2_0325.png[A flat layer 2 topology with a virtual switch so that virtual machines in node-1 to node-2 can communicate with each other]
+
+If you decide not to specify a layer 2 subnet, then you must manually configure IP addresses for each pod in your cluster. When you do not specify a layer 2 subnet, port security is limited to preventing Media Access Control (MAC) spoofing only, and does not include IP spoofing. A layer 2 topology creates a single broadcast domain that can be challenging in large network environments, where the topology might cause a broadcast storm that can degrade network performance. 
+
+To access more configurable options for your network, you can integrate a layer 2 topology with a user-defined network (UDN). The following diagram shows two nodes that use a UDN with a layer 2 topology that includes pods that exist on each node. Each node includes two interfaces:
 
 * A node interface, which is a compute node that connects networking components to the node.
 * An Open vSwitch (OVS) bridge such as `br-ex`, which creates an layer 2 OVN switch so that pods can communicate with each other and share resources. 
 
-An external switch connects these two interfaces, while the gateway or router handles routing traffic between the external switch and the layer 2 OVN switch. Pods in a node can use the UDN to communicate with each other. The layer 2 OVN switch handles node traffic over UDN so that live migrate of a pod from one node to another is possible. 
+An external switch connects these two interfaces, while the gateway or router handles routing traffic between the external switch and the layer 2 OVN switch. VMs and pods in a node can use the UDN to communicate with each other. The layer 2 OVN switch handles node traffic over a UDN so that live migrate of a VM from one node to another is possible. 
 
 .A user-defined network (UDN) that uses a layer 2 topology
-image::504_OpenShift_UDN_L2_0325.png[A UDN that uses a layer 2 topology for migrating a pod from node-1 to node-2]
+image::503_OpenShift_UDN_L2_0425.png[A UDN that uses a layer 2 topology for migrating a VM from node-1 to node-2]
 
 A layer 3 topology creates a unique layer 2 segment for each node in a cluster. The layer 3 routing mechanism interconnects these segments so that virtual machines and pods that are hosted on different nodes can communicate with each other. A layer 3 topology can effectively manage large broadcast domains by assigning each domain to a specific node, so that broadcast traffic has a reduced scope. To configure a layer 3 topology, you must configure `cidr` and `hostSubnet` parameters.