diff --git a/build/bazel/go.MODULE.bazel b/build/bazel/go.MODULE.bazel
index f464c75..d8cff18 100644
--- a/build/bazel/go.MODULE.bazel
+++ b/build/bazel/go.MODULE.bazel
@@ -26,7 +26,7 @@
     "com_github_cenkalti_backoff_v4",
     "com_github_container_storage_interface_spec",
     "com_github_containerd_containerd_v2",
-    "com_github_containernetworking_plugins",
+    "com_github_containernetworking_cni",
     "com_github_coreos_go_semver",
     "com_github_corverroos_commentwrap",
     "com_github_diskfs_go_diskfs",
@@ -72,6 +72,7 @@
     "com_github_sqlc_dev_sqlc",
     "com_github_stretchr_testify",
     "com_github_vishvananda_netlink",
+    "com_github_vishvananda_netns",
     "com_github_yalue_native_endian",
     "com_google_cloud_go_storage",
     "com_zx2c4_golang_wireguard_wgctrl",
@@ -118,9 +119,11 @@
         "directives": [
             "gazelle:proto disable",
             "gazelle:build_tags no_aufs,no_btrfs,no_devmapper,no_zfs",
+            "gazelle:resolve go source.monogon.dev/metropolis/node/kubernetes/containerd/cniproxy @monogon//metropolis/node/kubernetes/containerd/cniproxy",
         ],
         "pre_patches": [
             "//third_party/com_github_containerd_containerd_v2:add-unimplemented-functions.patch",
+            "//third_party/com_github_containerd_containerd_v2:cni-adapter.patch",
         ],
     },
     "github.com/containerd/cgroups/v3": {
@@ -342,16 +345,6 @@
             "-go_naming_convention_external=import_alias",
         ],
     },
-    "github.com/containernetworking/cni": {
-        "patches": [
-            "//third_party/com_github_containernetworking_cni:cni-fix-cachepath.patch",
-        ],
-    },
-    "github.com/containernetworking/plugins": {
-        "patches": [
-            "//third_party/com_github_containernetworking_plugins:cniplugins-add-linkgroup.patch",
-        ],
-    },
     "github.com/corverroos/commentwrap": {
         "patches": [
             "//third_party/com_github_corverroos_commentwrap:commentwrap-uri.patch",
diff --git a/cloud/agent/agent.go b/cloud/agent/agent.go
index 665351a..6d9a43a 100644
--- a/cloud/agent/agent.go
+++ b/cloud/agent/agent.go
@@ -76,7 +76,7 @@
 	devmgrSvc := devmgr.New()
 	supervisor.Run(ctx, "devmgr", devmgrSvc.Run)
 
-	networkSvc := network.New(agentInit.NetworkConfig, nil)
+	networkSvc := network.New(agentInit.NetworkConfig, nil, nil)
 	networkSvc.DHCPVendorClassID = "dev.monogon.cloud.agent.v1"
 	supervisor.Run(ctx, "networking", networkSvc.Run)
 	l.Info("Started networking")
diff --git a/go.mod b/go.mod
index d2c639e..7acd57e 100644
--- a/go.mod
+++ b/go.mod
@@ -56,7 +56,7 @@
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/container-storage-interface/spec v1.9.0
 	github.com/containerd/containerd/v2 v2.1.3
-	github.com/containernetworking/plugins v1.7.1
+	github.com/containernetworking/cni v1.3.0
 	github.com/coreos/go-semver v0.3.1
 	github.com/corverroos/commentwrap v0.0.0-20191204065359-2926638be44c
 	github.com/diskfs/go-diskfs v1.2.0
@@ -102,6 +102,7 @@
 	github.com/sqlc-dev/sqlc v1.23.0
 	github.com/stretchr/testify v1.10.0
 	github.com/vishvananda/netlink v1.3.1
+	github.com/vishvananda/netns v0.0.5
 	github.com/yalue/native_endian v1.0.2
 	go.etcd.io/etcd/api/v3 v3.6.1
 	go.etcd.io/etcd/client/pkg/v3 v3.6.1
@@ -159,7 +160,6 @@
 	github.com/VividCortex/ewma v1.2.0 // indirect
 	github.com/alecthomas/kingpin/v2 v2.4.0 // indirect
 	github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
-	github.com/alexflint/go-filemutex v1.3.0 // indirect
 	github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230512164433-5d1fd1a340c9 // indirect
 	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
 	github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2 // indirect
@@ -195,9 +195,8 @@
 	github.com/containerd/ttrpc v1.2.7 // indirect
 	github.com/containerd/typeurl/v2 v2.2.3 // indirect
 	github.com/containerd/zfs/v2 v2.0.0-rc.0 // indirect
-	github.com/containernetworking/cni v1.3.0 // indirect
+	github.com/containernetworking/plugins v1.7.1 // indirect
 	github.com/containers/ocicrypt v1.2.1 // indirect
-	github.com/coreos/go-iptables v0.8.0 // indirect
 	github.com/coreos/go-oidc v2.3.0+incompatible // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/cosiner/argv v0.1.0 // indirect
@@ -368,7 +367,6 @@
 	github.com/ulikunitz/xz v0.5.12 // indirect
 	github.com/urfave/cli v1.22.15 // indirect
 	github.com/urfave/cli/v2 v2.27.6 // indirect
-	github.com/vishvananda/netns v0.0.5 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xhit/go-str2duration/v2 v2.1.0 // indirect
 	github.com/xiang90/probing v0.0.0-20221125231312-a49e3df8f510 // indirect
@@ -433,7 +431,6 @@
 	k8s.io/mount-utils v0.0.0 // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 // indirect
 	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
-	sigs.k8s.io/knftables v0.0.18 // indirect
 	sigs.k8s.io/kustomize/api v0.19.0 // indirect
 	sigs.k8s.io/kustomize/kustomize/v5 v5.6.0 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.19.0 // indirect
diff --git a/go.sum b/go.sum
index 50cef47..afe15e1 100644
--- a/go.sum
+++ b/go.sum
@@ -1433,8 +1433,6 @@
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 h1:s6gZFSlWYmbqAuRjVTiNNhvNRfY2Wxp9nhfyel4rklc=
 github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
-github.com/alexflint/go-filemutex v1.3.0 h1:LgE+nTUWnQCyRKbpoceKZsPQbs84LivvgwUymZXdOcM=
-github.com/alexflint/go-filemutex v1.3.0/go.mod h1:U0+VA/i30mGBlLCrFPGtTe9y6wGQfNAWPBTekHQ+c8A=
 github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
@@ -1646,8 +1644,6 @@
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
-github.com/coreos/go-iptables v0.8.0 h1:MPc2P89IhuVpLI7ETL/2tx3XZ61VeICZjYqDEgNsPRc=
-github.com/coreos/go-iptables v0.8.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q=
 github.com/coreos/go-oidc v2.3.0+incompatible h1:+5vEsrgprdLjjQ9FzIKAzQz1wwPD+83hQRfUIPh7rO0=
 github.com/coreos/go-oidc v2.3.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@@ -4482,8 +4478,6 @@
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
 sigs.k8s.io/knftables v0.0.17/go.mod h1:f/5ZLKYEUPUhVjUCg6l80ACdL7CIIyeL0DxfgojGRTk=
-sigs.k8s.io/knftables v0.0.18 h1:6Duvmu0s/HwGifKrtl6G3AyAPYlWiZqTgS8bkVMiyaE=
-sigs.k8s.io/knftables v0.0.18/go.mod h1:f/5ZLKYEUPUhVjUCg6l80ACdL7CIIyeL0DxfgojGRTk=
 sigs.k8s.io/kustomize/api v0.19.0 h1:F+2HB2mU1MSiR9Hp1NEgoU2q9ItNOaBJl0I4Dlus5SQ=
 sigs.k8s.io/kustomize/api v0.19.0/go.mod h1:/BbwnivGVcBh1r+8m3tH1VNxJmHSk1PzP5fkP6lbL1o=
 sigs.k8s.io/kustomize/cmd/config v0.19.0/go.mod h1:29Vvdl26PidPLUDi7nfjYa/I0wHBkwCZp15Nlcc4y98=
diff --git a/metropolis/node/BUILD.bazel b/metropolis/node/BUILD.bazel
index 479f4d9..d568e37 100644
--- a/metropolis/node/BUILD.bazel
+++ b/metropolis/node/BUILD.bazel
@@ -86,17 +86,11 @@
         # Containerd config files
         "/containerd/conf/runsc.toml": "//metropolis/node/kubernetes/containerd:runsc.toml",
         "/containerd/conf/config.toml": "//metropolis/node/kubernetes/containerd:config.toml",
-        "/containerd/conf/cnispec.gojson": "//metropolis/node/kubernetes/containerd:cnispec.gojson",
 
         # Containerd preseed bundles
         "/containerd/preseed/k8s.io/preseedtest.tar": "//metropolis/test/e2e/preseedtest:preseedtest_tarball",
         "/containerd/preseed/k8s.io/pause.tar": "//metropolis/node/kubernetes/pause:pause_tarball",
 
-        # CNI Plugins
-        "/containerd/bin/cni/loopback": "@com_github_containernetworking_plugins//plugins/main/loopback",
-        "/containerd/bin/cni/ptp": "@com_github_containernetworking_plugins//plugins/main/ptp",
-        "/containerd/bin/cni/host-local": "@com_github_containernetworking_plugins//plugins/ipam/host-local",
-
         # Delve
         "/dlv": "@com_github_go_delve_delve//cmd/dlv:dlv",
 
diff --git a/metropolis/node/core/BUILD.bazel b/metropolis/node/core/BUILD.bazel
index de07e8c..3d92543 100644
--- a/metropolis/node/core/BUILD.bazel
+++ b/metropolis/node/core/BUILD.bazel
@@ -24,6 +24,7 @@
         "//go/logging",
         "//metropolis/node",
         "//metropolis/node/core/cluster",
+        "//metropolis/node/core/clusternet",
         "//metropolis/node/core/devmgr",
         "//metropolis/node/core/localstorage",
         "//metropolis/node/core/localstorage/declarative",
@@ -38,6 +39,7 @@
         "//metropolis/node/core/update",
         "//metropolis/proto/api",
         "//osbase/bringup",
+        "//osbase/event/memory",
         "//osbase/logtree",
         "//osbase/net/dns",
         "//osbase/supervisor",
diff --git a/metropolis/node/core/localstorage/directory_root.go b/metropolis/node/core/localstorage/directory_root.go
index d6d9995..32aa2d8 100644
--- a/metropolis/node/core/localstorage/directory_root.go
+++ b/metropolis/node/core/localstorage/directory_root.go
@@ -48,7 +48,7 @@
 	// TODO(q3k): do this automatically?
 	for _, d := range []declarative.DirectoryPlacement{
 		r.Ephemeral.Consensus,
-		r.Ephemeral.Containerd, r.Ephemeral.Containerd.Tmp, r.Ephemeral.Containerd.RunSC, r.Ephemeral.Containerd.IPAM,
+		r.Ephemeral.Containerd, r.Ephemeral.Containerd.Tmp, r.Ephemeral.Containerd.RunSC,
 		r.Ephemeral.FlexvolumePlugins,
 		r.ESP.Metropolis,
 	} {
diff --git a/metropolis/node/core/localstorage/storage.go b/metropolis/node/core/localstorage/storage.go
index 029ce0c..d21cad4 100644
--- a/metropolis/node/core/localstorage/storage.go
+++ b/metropolis/node/core/localstorage/storage.go
@@ -168,9 +168,6 @@
 	RunSCLogsFIFO declarative.File      `file:"runsc-logs.fifo"`
 	Tmp           declarative.Directory `dir:"tmp"`
 	RunSC         declarative.Directory `dir:"runsc"`
-	IPAM          declarative.Directory `dir:"ipam"`
-	CNI           declarative.Directory `dir:"cni"`
-	CNICache      declarative.Directory `dir:"cni-cache"` // Hardcoded @com_github_containernetworking_cni via patch
 }
 
 type TmpDirectory struct {
diff --git a/metropolis/node/core/main.go b/metropolis/node/core/main.go
index 2d80698..df9dd78 100644
--- a/metropolis/node/core/main.go
+++ b/metropolis/node/core/main.go
@@ -12,6 +12,7 @@
 
 	"source.monogon.dev/go/logging"
 	"source.monogon.dev/metropolis/node/core/cluster"
+	"source.monogon.dev/metropolis/node/core/clusternet"
 	"source.monogon.dev/metropolis/node/core/devmgr"
 	"source.monogon.dev/metropolis/node/core/localstorage"
 	"source.monogon.dev/metropolis/node/core/localstorage/declarative"
@@ -24,6 +25,7 @@
 	timesvc "source.monogon.dev/metropolis/node/core/time"
 	"source.monogon.dev/metropolis/node/core/update"
 	"source.monogon.dev/osbase/bringup"
+	"source.monogon.dev/osbase/event/memory"
 	"source.monogon.dev/osbase/logtree"
 	"source.monogon.dev/osbase/net/dns"
 	"source.monogon.dev/osbase/supervisor"
@@ -119,7 +121,8 @@
 	}
 
 	metrics.CoreRegistry.MustRegister(dns.MetricsRegistry)
-	networkSvc := network.New(nil, []string{"hosts", "kubernetes"})
+	var podNetwork memory.Value[*clusternet.Prefixes]
+	networkSvc := network.New(nil, []string{"hosts", "kubernetes"}, &podNetwork)
 	networkSvc.DHCPVendorClassID = "dev.monogon.metropolis.node.v1"
 	timeSvc := timesvc.New()
 	devmgrSvc := devmgr.New()
@@ -195,6 +198,7 @@
 		Resolver:    res,
 		LogTree:     supervisor.LogTree(ctx),
 		Update:      updateSvc,
+		PodNetwork:  &podNetwork,
 	})
 	if err := supervisor.Run(ctx, "role", rs.Run); err != nil {
 		return fmt.Errorf("failed to start role service: %w", err)
diff --git a/metropolis/node/core/network/BUILD.bazel b/metropolis/node/core/network/BUILD.bazel
index 22efbb4..b1a5e41 100644
--- a/metropolis/node/core/network/BUILD.bazel
+++ b/metropolis/node/core/network/BUILD.bazel
@@ -16,9 +16,12 @@
         "//go/algorithm/toposort",
         "//go/logging",
         "//metropolis/node",
+        "//metropolis/node/core/clusternet",
         "//metropolis/node/core/network/dhcp4c",
         "//metropolis/node/core/network/dhcp4c/callback",
+        "//metropolis/node/core/network/workloads",
         "//metropolis/node/core/productinfo",
+        "//osbase/event",
         "//osbase/event/memory",
         "//osbase/net/dns",
         "//osbase/net/dns/forward",
diff --git a/metropolis/node/core/network/main.go b/metropolis/node/core/network/main.go
index 3e069c3..623e62f 100644
--- a/metropolis/node/core/network/main.go
+++ b/metropolis/node/core/network/main.go
@@ -17,8 +17,11 @@
 	"github.com/vishvananda/netlink"
 
 	"source.monogon.dev/metropolis/node"
+	"source.monogon.dev/metropolis/node/core/clusternet"
 	"source.monogon.dev/metropolis/node/core/network/dhcp4c"
 	dhcpcb "source.monogon.dev/metropolis/node/core/network/dhcp4c/callback"
+	"source.monogon.dev/metropolis/node/core/network/workloads"
+	"source.monogon.dev/osbase/event"
 	"source.monogon.dev/osbase/event/memory"
 	"source.monogon.dev/osbase/net/dns"
 	"source.monogon.dev/osbase/net/dns/forward"
@@ -59,6 +62,8 @@
 
 	// Status is the current status of the network as seen by the service.
 	Status memory.Value[*node.NetStatus]
+
+	workloadSvc *workloads.Service
 }
 
 // New instantiates a new network service. If autoconfiguration is desired,
@@ -67,15 +72,21 @@
 // If dnsHandlerNames is non-nil, DNS handlers with these names must be set
 // on the DNS service with s.DNS.SetHandler. When serving DNS queries, they
 // will be tried in the order they appear here before forwarding.
-func New(staticConfig *netpb.Net, dnsHandlerNames []string) *Service {
+func New(staticConfig *netpb.Net, dnsHandlerNames []string, ipamPrefixSrc event.Value[*clusternet.Prefixes]) *Service {
 	dnsSvc := dns.New(slices.Concat(dnsHandlerNames, []string{"forward"}))
 	dnsForward := forward.New()
 	dnsSvc.SetHandler("forward", dnsForward)
 
+	var wlSvc *workloads.Service
+	if ipamPrefixSrc != nil {
+		wlSvc = workloads.New(ipamPrefixSrc)
+	}
+
 	return &Service{
 		DNS:          dnsSvc,
 		dnsForward:   dnsForward,
 		StaticConfig: staticConfig,
+		workloadSvc:  wlSvc,
 	}
 }
 
@@ -243,6 +254,10 @@
 	supervisor.Run(ctx, "dns", s.DNS.Run)
 	supervisor.Run(ctx, "dns-forward", s.dnsForward.Run)
 
+	if s.workloadSvc != nil {
+		supervisor.Run(ctx, "workloads", s.workloadSvc.Run)
+	}
+
 	s.natTable = s.nftConn.AddTable(&nftables.Table{
 		Family: nftables.TableFamilyIPv4,
 		Name:   "nat",
diff --git a/metropolis/node/core/network/workloads/BUILD.bazel b/metropolis/node/core/network/workloads/BUILD.bazel
new file mode 100644
index 0000000..357b892
--- /dev/null
+++ b/metropolis/node/core/network/workloads/BUILD.bazel
@@ -0,0 +1,21 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "workloads",
+    srcs = ["workloads.go"],
+    importpath = "source.monogon.dev/metropolis/node/core/network/workloads",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//metropolis/node",
+        "//metropolis/node/core/clusternet",
+        "//metropolis/node/core/network/workloads/spec",
+        "//osbase/event",
+        "//osbase/supervisor",
+        "@com_github_vishvananda_netlink//:netlink",
+        "@com_github_vishvananda_netns//:netns",
+        "@org_golang_google_grpc//:grpc",
+        "@org_golang_google_grpc//codes",
+        "@org_golang_google_grpc//status",
+        "@org_golang_x_sys//unix",
+    ],
+)
diff --git a/metropolis/node/core/network/workloads/spec/BUILD.bazel b/metropolis/node/core/network/workloads/spec/BUILD.bazel
new file mode 100644
index 0000000..5c6c5c6
--- /dev/null
+++ b/metropolis/node/core/network/workloads/spec/BUILD.bazel
@@ -0,0 +1,27 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+load("@io_bazel_rules_go//proto:def.bzl", "go_proto_library")
+load("@rules_proto//proto:defs.bzl", "proto_library")
+
+proto_library(
+    name = "metropolis_node_core_network_workloads_proto",
+    srcs = ["workload.proto"],
+    visibility = ["//visibility:public"],
+)
+
+go_proto_library(
+    name = "metropolis_node_core_network_workloads_go_proto",
+    compilers = [
+        "@io_bazel_rules_go//proto:go_proto",
+        "@io_bazel_rules_go//proto:go_grpc_v2",
+    ],
+    importpath = "source.monogon.dev/metropolis/node/core/network/workloads/spec",
+    proto = ":metropolis_node_core_network_workloads_proto",
+    visibility = ["//visibility:public"],
+)
+
+go_library(
+    name = "spec",
+    embed = [":metropolis_node_core_network_workloads_go_proto"],
+    importpath = "source.monogon.dev/metropolis/node/core/network/workloads/spec",
+    visibility = ["//visibility:public"],
+)
diff --git a/metropolis/node/core/network/workloads/spec/gomod-generated-placeholder.go b/metropolis/node/core/network/workloads/spec/gomod-generated-placeholder.go
new file mode 100644
index 0000000..f09cd57
--- /dev/null
+++ b/metropolis/node/core/network/workloads/spec/gomod-generated-placeholder.go
@@ -0,0 +1 @@
+package spec
diff --git a/metropolis/node/core/network/workloads/spec/workload.proto b/metropolis/node/core/network/workloads/spec/workload.proto
new file mode 100644
index 0000000..235763d
--- /dev/null
+++ b/metropolis/node/core/network/workloads/spec/workload.proto
@@ -0,0 +1,66 @@
+syntax = "proto3";
+
+package metropolis.node.core.network.workloads;
+
+message NetNSAttachment {
+    // Path to either a nsfs mountpoint or /proc/$pid/ns/net of the network
+    // namespace the workload to be attached will/is running in.
+    string netns_path = 1;
+    // Name of the network interface created in the given network namespace.
+    string if_name = 2;
+}
+
+message AttachRequest {
+    // Workload ID is the identity of the workload to attach to the network.
+    // Right now this is just the Kubernetes Pod ID.
+    string workload_id = 1;
+
+    // This will be extended to support things like vhost-user
+    // and PCIe VFs for DPUs.
+    NetNSAttachment netns = 2;
+}
+
+message AttachResponse {
+    repeated bytes ip = 1;
+}
+
+message DetachRequest {
+    // Workload ID is the identity of the workload to attach to the network.
+    // Right now this is just the Kubernetes Pod ID.
+    string workload_id = 1;
+
+    // This will be extended to support things like vhost-user
+    // and PCIe VFs for DPUs.
+    NetNSAttachment netns = 2;
+}
+
+message DetachResponse {
+
+}
+
+message StatusRequest {}
+message StatusResponse {}
+
+// The workload networking service attaches workloads to the network.
+// The service is served over a unix socket.
+// It is called by containerd, and possibly other workload runtimes later.
+// It is a replacement for the Container Network Interface (CNI);
+// see https://github.com/containernetworking/cni/blob/main/SPEC.md
+//
+// Concurrent calls are allowed if they don't have the same workload_id.
+// For a specific workload_id, Attach may not be followed by another Attach
+// without a Detach in-between. Detach may be called multiple times.
+service WorkloadNetworking {
+    // Attach the workload to the network. This allocates the workload IP
+    // addresses (at most one for IPv4 and IPv6), and sets up the main network
+    // interface. For network namespaces, it also enables the loopback
+    // interface.
+    rpc Attach(AttachRequest) returns (AttachResponse);
+    // Detach removes the interfaces and IP address allocation of the workload.
+    // It succeeds even if some or all resources don't exist, and removes those
+    // which do exist.
+    rpc Detach(DetachRequest) returns (DetachResponse);
+    // Status returns an error if the service is not ready.
+    rpc Status(StatusRequest) returns (StatusResponse);
+}
+
diff --git a/metropolis/node/core/network/workloads/workloads.go b/metropolis/node/core/network/workloads/workloads.go
new file mode 100644
index 0000000..2b4f5d3
--- /dev/null
+++ b/metropolis/node/core/network/workloads/workloads.go
@@ -0,0 +1,330 @@
+// Copyright The Monogon Project Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+package workloads
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net"
+	"net/netip"
+	"os"
+	"sync"
+
+	"github.com/vishvananda/netlink"
+	"github.com/vishvananda/netns"
+	"golang.org/x/sys/unix"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
+	"source.monogon.dev/metropolis/node"
+	"source.monogon.dev/metropolis/node/core/clusternet"
+	wlapi "source.monogon.dev/metropolis/node/core/network/workloads/spec"
+	"source.monogon.dev/osbase/event"
+	"source.monogon.dev/osbase/supervisor"
+)
+
+var (
+	firstHopV4 = net.IPv4(169, 254, 77, 1)
+	firstHopV6 = net.ParseIP("fe80::1")
+	// TODO: Replace prefix with Monogon OUI once we have it, right now
+	// it's just a random locally-administered MAC.
+	firstHopMAC = net.HardwareAddr{0x02, 0x9c, 0x52, 0xfe, 0x6d, 0x0a}
+)
+
+type Service struct {
+	mux          sync.Mutex
+	workloadNets []netip.Prefix
+	attachments  map[netip.Addr]string
+	// workloadToIntf maps workload name to short interface name.
+	workloadToIntf map[string]string
+	// intfUsed is the set of allocated short interface names.
+	intfUsed map[string]struct{}
+
+	k8sNodePrefix event.Value[*clusternet.Prefixes]
+}
+
+func New(k8sNodePrefix event.Value[*clusternet.Prefixes]) *Service {
+	return &Service{
+		workloadNets:   []netip.Prefix{},
+		attachments:    make(map[netip.Addr]string),
+		workloadToIntf: make(map[string]string),
+		intfUsed:       make(map[string]struct{}),
+		k8sNodePrefix:  k8sNodePrefix,
+	}
+}
+
+func (s *Service) allocateIPs(workloadId string) ([]net.IP, error) {
+	s.mux.Lock()
+	defer s.mux.Unlock()
+	// This is a really simple allocator as it won't stay for long. It just
+	// walks the entire prefix and finds the first free IP. The size of the
+	// map is bound to 2x256 (max pods per node) for its life so this is fine.
+	var addrs []netip.Addr
+	for _, wlNet := range s.workloadNets {
+		candidateAddr := wlNet.Addr()
+		// The second address is reserved by clusternet for the host loopback,
+		// this will go away with the clusternet refactor.
+		reservedForHost := wlNet.Addr().Next()
+		for s.attachments[candidateAddr] != "" || candidateAddr == reservedForHost {
+			candidateAddr = candidateAddr.Next()
+		}
+		// Allocator ran off the prefix
+		if !wlNet.Contains(candidateAddr) {
+			return nil, fmt.Errorf("no free IP addresses in prefix %v", wlNet)
+		}
+		addrs = append(addrs, candidateAddr)
+	}
+	var addrsOut []net.IP
+	for _, addr := range addrs {
+		s.attachments[addr] = workloadId
+		addrsOut = append(addrsOut, net.IP(addr.AsSlice()))
+	}
+	return addrsOut, nil
+}
+
+func (s *Service) deallocateIPs(workloadId string) {
+	s.mux.Lock()
+	defer s.mux.Unlock()
+	for ip, wlId := range s.attachments {
+		if wlId == workloadId {
+			delete(s.attachments, ip)
+		}
+	}
+}
+
+// allocateIntfName allocates a short interface name for the workload. This is
+// needed because interface names are limited to 15 characters.
+func (s *Service) allocateIntfName(workloadId string) (string, error) {
+	s.mux.Lock()
+	defer s.mux.Unlock()
+	if _, ok := s.workloadToIntf[workloadId]; ok {
+		return "", fmt.Errorf("workload %q already has an interface", workloadId)
+	}
+	intfPrefix := "wk" + workloadId[:8]
+	intf := intfPrefix
+	for i := 0; ; i++ {
+		if _, ok := s.intfUsed[intf]; !ok {
+			break
+		}
+		if i > 0xffff {
+			return "", fmt.Errorf("too many interface name collisions for workload %q", workloadId)
+		}
+		intf = fmt.Sprintf("%s-%04x", intfPrefix, i)
+	}
+	s.workloadToIntf[workloadId] = intf
+	s.intfUsed[intf] = struct{}{}
+	return intf, nil
+}
+
+func (s *Service) getIntfName(workloadId string) (string, bool) {
+	s.mux.Lock()
+	defer s.mux.Unlock()
+	intf, ok := s.workloadToIntf[workloadId]
+	return intf, ok
+}
+
+func (s *Service) deallocateIntfName(workloadId string) {
+	s.mux.Lock()
+	defer s.mux.Unlock()
+	intf, ok := s.workloadToIntf[workloadId]
+	if !ok {
+		return
+	}
+	delete(s.workloadToIntf, workloadId)
+	delete(s.intfUsed, intf)
+}
+
+func (s *Service) Run(ctx context.Context) error {
+	l := supervisor.Logger(ctx)
+
+	srv := grpc.NewServer()
+	wlapi.RegisterWorkloadNetworkingServer(srv, s)
+	os.Remove("/ephemeral/workloadnet.sock")
+	lis, err := net.ListenUnix("unix", &net.UnixAddr{Net: "unix", Name: "/ephemeral/workloadnet.sock"})
+	if err != nil {
+		return fmt.Errorf("failed to listen: %w", err)
+	}
+	supervisor.Run(ctx, "api", supervisor.GRPCServer(srv, lis, true))
+	w := s.k8sNodePrefix.Watch()
+	defer w.Close()
+
+	lo, err := netlink.LinkByIndex(1)
+	if err != nil {
+		panic(err)
+	}
+	if err := netlink.AddrAdd(lo, &netlink.Addr{
+		IPNet: &net.IPNet{IP: firstHopV4, Mask: net.CIDRMask(32, 32)},
+		Label: "Router",
+		Scope: unix.RT_SCOPE_LINK,
+	}); err != nil && !errors.Is(err, unix.EEXIST) {
+		l.Errorf("Unable to add router IP: %v", err)
+	}
+
+	supervisor.Signal(ctx, supervisor.SignalHealthy)
+	// It's undefined what happens when the workloadNets actually change right
+	// now with K8s IPAM. So just assign new workloads to the new prefixes for
+	// now. With the Monogon IPAM implementation this will have defined
+	// behavior.
+	for {
+		prefixes, err := w.Get(ctx)
+		if err != nil {
+			return err
+		}
+		if prefixes != nil {
+			s.mux.Lock()
+			s.workloadNets = *prefixes
+			s.mux.Unlock()
+		}
+	}
+}
+
+func (s *Service) Attach(ctx context.Context, req *wlapi.AttachRequest) (*wlapi.AttachResponse, error) {
+	intf, err := s.allocateIntfName(req.WorkloadId)
+	if err != nil {
+		return nil, status.Errorf(codes.AlreadyExists, "cannot add interface: %v", err)
+	}
+	workloadAddrs, err := s.allocateIPs(req.WorkloadId)
+	if err != nil {
+		return nil, status.Errorf(codes.ResourceExhausted, "cannot allocate IPs: %v", err)
+	}
+
+	linkAttrs := netlink.NewLinkAttrs()
+	linkAttrs.Group = node.LinkGroupK8sPod
+	linkAttrs.Name = intf
+	linkAttrs.HardwareAddr = firstHopMAC
+
+	netns, err := netns.GetFromPath(req.GetNetns().NetnsPath)
+	if err != nil {
+		return nil, fmt.Errorf("cannot open network namespace: %w", err)
+	}
+	defer netns.Close()
+
+	nsHandle, err := netlink.NewHandleAt(netns, unix.NETLINK_ROUTE)
+	if err != nil {
+		return nil, fmt.Errorf("unable to get ns handle: %w", err)
+	}
+	defer nsHandle.Close()
+
+	hostIf := netlink.Veth{LinkAttrs: linkAttrs, PeerName: req.GetNetns().IfName, PeerNamespace: netlink.NsFd(netns)}
+	if err := netlink.LinkAdd(&hostIf); err != nil {
+		return nil, fmt.Errorf("unable to create veth pair: %w", err)
+	}
+	// Linux is currently unable to assign aliases on interface creation.
+	if err := netlink.LinkSetAlias(&hostIf, "wk"+req.WorkloadId); err != nil {
+		return nil, fmt.Errorf("failed to assign alias: %w", err)
+	}
+	if err := netlink.LinkSetUp(&hostIf); err != nil {
+		return nil, fmt.Errorf("failed to set host up: %w", err)
+	}
+
+	// Loopback is always at index 1 by convention
+	loIf, err := nsHandle.LinkByIndex(1)
+	if err != nil {
+		return nil, fmt.Errorf("unable to get loopback interface in namespace: %w", err)
+	}
+	if err := nsHandle.LinkSetUp(loIf); err != nil {
+		return nil, fmt.Errorf("failed to set loopback up: %w", err)
+	}
+
+	workloadIf, err := nsHandle.LinkByName(req.GetNetns().IfName)
+	if err != nil {
+		return nil, fmt.Errorf("unable to get just-created peer interface in namespace: %w", err)
+	}
+
+	if err := nsHandle.LinkSetUp(workloadIf); err != nil {
+		return nil, fmt.Errorf("failed to set peer up: %w", err)
+	}
+	var outAddrs [][]byte
+	for _, workloadIP := range workloadAddrs {
+		outAddrs = append(outAddrs, workloadIP)
+
+		defaultMask := net.CIDRMask(0, 32) // /0
+		zeroIP := net.IPv4zero
+		hostMask := net.CIDRMask(32, 32) // /32
+		firstHop := firstHopV4
+		if workloadIP.To4() == nil {
+			defaultMask = net.CIDRMask(0, 128) // /0
+			zeroIP = net.IPv6zero
+			hostMask = net.CIDRMask(128, 128) // /128
+			firstHop = firstHopV6
+		}
+
+		if err := netlink.RouteAdd(&netlink.Route{
+			Dst:       &net.IPNet{IP: workloadIP, Mask: hostMask},
+			LinkIndex: hostIf.Index,
+			Scope:     netlink.SCOPE_UNIVERSE,
+			Protocol:  unix.RTPROT_STATIC,
+		}); err != nil {
+			return nil, fmt.Errorf("failed to add host to workload route: %w", err)
+		}
+
+		if err := nsHandle.AddrAdd(workloadIf, &netlink.Addr{
+			IPNet: &net.IPNet{IP: workloadIP, Mask: hostMask},
+		}); err != nil {
+			return nil, fmt.Errorf("failed to add address: %w", err)
+		}
+		// Use dedicated on-link route instead of RTNH_F_ONLINK which gVisor
+		// doesn't understand.
+		if err := nsHandle.RouteAdd(&netlink.Route{
+			Dst:       &net.IPNet{IP: firstHop, Mask: hostMask},
+			Scope:     netlink.SCOPE_LINK,
+			Protocol:  unix.RTPROT_STATIC,
+			LinkIndex: workloadIf.Attrs().Index,
+		}); err != nil {
+			return nil, fmt.Errorf("failed to add peer route: %w", err)
+		}
+		if err := nsHandle.RouteAdd(&netlink.Route{
+			Dst:       &net.IPNet{IP: zeroIP, Mask: defaultMask},
+			Gw:        firstHop,
+			Scope:     netlink.SCOPE_UNIVERSE,
+			Protocol:  unix.RTPROT_STATIC,
+			LinkIndex: workloadIf.Attrs().Index,
+			Src:       workloadIP,
+		}); err != nil {
+			return nil, fmt.Errorf("failed to add default route: %w", err)
+		}
+	}
+	return &wlapi.AttachResponse{Ip: outAddrs}, nil
+}
+
+func (s *Service) Detach(ctx context.Context, req *wlapi.DetachRequest) (*wlapi.DetachResponse, error) {
+	defer s.deallocateIntfName(req.WorkloadId)
+	defer s.deallocateIPs(req.WorkloadId)
+	intf, ok := s.getIntfName(req.WorkloadId)
+	if !ok {
+		return &wlapi.DetachResponse{}, nil
+	}
+
+	hostIf, err := netlink.LinkByName(intf)
+	if errors.As(err, &netlink.LinkNotFoundError{}) {
+		// CNI requires that DEL calls return success if the interface in
+		// question does not exist.
+		return &wlapi.DetachResponse{}, nil
+	}
+	if err != nil {
+		return nil, status.Errorf(codes.Unavailable, "error getting interface for deletion: %v", err)
+	}
+	if hostIf.Attrs().Group != node.LinkGroupK8sPod {
+		return nil, status.Errorf(codes.InvalidArgument, "refusing to delete interface not belonging to workload, has group %d", hostIf.Attrs().Group)
+	}
+	// Routes and addresses do not need to be cleaned up as Linux already takes
+	// care of that when the link is deleted.
+	if err := netlink.LinkDel(hostIf); err != nil {
+		return nil, status.Errorf(codes.Unavailable, "unable to delete veth interface: %v", err)
+	}
+	return &wlapi.DetachResponse{}, nil
+}
+
+func (s *Service) Status(ctx context.Context, req *wlapi.StatusRequest) (*wlapi.StatusResponse, error) {
+	s.mux.Lock()
+	defer s.mux.Unlock()
+
+	if len(s.workloadNets) == 0 {
+		return nil, status.Errorf(codes.Unavailable, "no prefixes available")
+	}
+
+	return &wlapi.StatusResponse{}, nil
+}
diff --git a/metropolis/node/core/roleserve/roleserve.go b/metropolis/node/core/roleserve/roleserve.go
index 1f9604c..4c1f610 100644
--- a/metropolis/node/core/roleserve/roleserve.go
+++ b/metropolis/node/core/roleserve/roleserve.go
@@ -66,6 +66,8 @@
 	// Network is a handle to the network service, used by workloads.
 	Network *network.Service
 
+	PodNetwork *memory.Value[*clusternet.Prefixes]
+
 	// resolver is the main, long-lived, authenticated cluster resolver that is used
 	// for all subsequent gRPC calls by the subordinates of the roleserver. It is
 	// created early in the roleserver lifecycle, and is seeded with node
@@ -86,7 +88,6 @@
 	KubernetesStatus      memory.Value[*KubernetesStatus]
 	bootstrapData         memory.Value[*BootstrapData]
 	LocalRoles            memory.Value[*cpb.NodeRoles]
-	podNetwork            memory.Value[*clusternet.Prefixes]
 	clusterDirectorySaved memory.Value[bool]
 	localControlPlane     memory.Value[*localControlPlane]
 	CuratorConnection     memory.Value[*CuratorConnection]
@@ -141,7 +142,7 @@
 		curatorConnection: &s.CuratorConnection,
 
 		kubernetesStatus: &s.KubernetesStatus,
-		podNetwork:       &s.podNetwork,
+		podNetwork:       s.Config.PodNetwork,
 	}
 
 	s.rolefetch = &workerRoleFetch{
@@ -161,7 +162,7 @@
 		storageRoot: s.StorageRoot,
 
 		curatorConnection: &s.CuratorConnection,
-		podNetwork:        &s.podNetwork,
+		podNetwork:        s.Config.PodNetwork,
 		network:           s.Network,
 	}
 
diff --git a/metropolis/node/core/update/e2e/testos/main.go b/metropolis/node/core/update/e2e/testos/main.go
index 0b40127..87db99f 100644
--- a/metropolis/node/core/update/e2e/testos/main.go
+++ b/metropolis/node/core/update/e2e/testos/main.go
@@ -30,7 +30,7 @@
 
 func testosRunnable(ctx context.Context) error {
 	supervisor.Logger(ctx).Info("TESTOS_VARIANT=" + Variant)
-	networkSvc := network.New(nil, nil)
+	networkSvc := network.New(nil, nil, nil)
 	networkSvc.DHCPVendorClassID = "dev.monogon.testos.v1"
 	supervisor.Run(ctx, "networking", networkSvc.Run)
 
diff --git a/metropolis/node/kubernetes/containerd/cniproxy/BUILD.bazel b/metropolis/node/kubernetes/containerd/cniproxy/BUILD.bazel
new file mode 100644
index 0000000..a53db4d
--- /dev/null
+++ b/metropolis/node/kubernetes/containerd/cniproxy/BUILD.bazel
@@ -0,0 +1,18 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "cniproxy",
+    srcs = [
+        "cniproxy.go",
+        "cnitypes.go",
+        "opts.go",
+    ],
+    importpath = "source.monogon.dev/metropolis/node/kubernetes/containerd/cniproxy",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//metropolis/node/core/network/workloads/spec",
+        "@com_github_containernetworking_cni//pkg/types",
+        "@org_golang_google_grpc//:grpc",
+        "@org_golang_google_grpc//credentials/insecure",
+    ],
+)
diff --git a/metropolis/node/kubernetes/containerd/cniproxy/cniproxy.go b/metropolis/node/kubernetes/containerd/cniproxy/cniproxy.go
new file mode 100644
index 0000000..eabcfd3
--- /dev/null
+++ b/metropolis/node/kubernetes/containerd/cniproxy/cniproxy.go
@@ -0,0 +1,161 @@
+// Copyright The Monogon Project Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+// Package cni implements an adapter between the go-cni interface and
+// the Monogon gRPC Workload Attachment interface. As we do not intend to
+// actually implement a CNI-compliant plugin it makes more sense to just cut
+// out as much unnecessary logic and take over at the containerd API boundary.
+package cni
+
+import (
+	"context"
+	"fmt"
+	"net"
+
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
+
+	wlapi "source.monogon.dev/metropolis/node/core/network/workloads/spec"
+)
+
+func New(_ ...Opt) (CNI, error) {
+	conn, err := grpc.NewClient("unix:/ephemeral/workloadnet.sock", grpc.WithTransportCredentials(insecure.NewCredentials()))
+	if err != nil {
+		panic(err)
+	}
+	wlClient := wlapi.NewWorkloadNetworkingClient(conn)
+	return &adapter{
+		client: wlClient,
+	}, nil
+}
+
+type NamespaceOpts func(n *Namespace) error
+
+// Namespace differs significantly from upstream as we do not have the actual
+// underlying CNI interface and thus we do not need to transform the data into
+// JSON keys.
+type Namespace struct {
+	labels      map[string]string
+	annotations map[string]string
+	portMapping []PortMapping
+	bandwidth   BandWidth
+	dns         DNS
+	cgroupPath  string
+}
+
+func WithLabels(labels map[string]string) NamespaceOpts {
+	return func(n *Namespace) error {
+		n.labels = labels
+		return nil
+	}
+}
+
+func WithCapability(name string, capability interface{}) NamespaceOpts {
+	return func(n *Namespace) error {
+		if name == "io.kubernetes.cri.pod-annotations" {
+			n.annotations = capability.(map[string]string)
+		}
+		return nil
+	}
+}
+
+func WithCapabilityPortMap(portMapping []PortMapping) NamespaceOpts {
+	return func(c *Namespace) error {
+		c.portMapping = portMapping
+		return nil
+	}
+}
+
+func WithCapabilityBandWidth(bandWidth BandWidth) NamespaceOpts {
+	return func(c *Namespace) error {
+		c.bandwidth = bandWidth
+		return nil
+	}
+}
+
+func WithCapabilityDNS(dns DNS) NamespaceOpts {
+	return func(c *Namespace) error {
+		c.dns = dns
+		return nil
+	}
+}
+
+func WithCapabilityCgroupPath(cgroupPath string) NamespaceOpts {
+	return func(c *Namespace) error {
+		c.cgroupPath = cgroupPath
+		return nil
+	}
+}
+
+type adapter struct {
+	client wlapi.WorkloadNetworkingClient
+}
+
+func (s *adapter) Setup(ctx context.Context, id string, path string, opts ...NamespaceOpts) (*Result, error) {
+	var n Namespace
+	for _, opt := range opts {
+		opt(&n)
+	}
+	res, err := s.client.Attach(ctx, &wlapi.AttachRequest{
+		WorkloadId: n.labels["K8S_POD_UID"],
+		Netns: &wlapi.NetNSAttachment{
+			NetnsPath: path,
+			IfName:    "eth0",
+		},
+	})
+	if err != nil {
+		return nil, fmt.Errorf("while requesting workload network attachment: %w", err)
+	}
+	// Provide IP to containerd/CRI, rest is ignored anyways.
+	var ipConfigs []*IPConfig
+	for _, ip := range res.Ip {
+		ipConfigs = append(ipConfigs, &IPConfig{IP: net.IP(ip)})
+	}
+	return &Result{
+		Interfaces: map[string]*Config{
+			"eth0": {
+				IPConfigs: ipConfigs,
+			},
+		},
+	}, nil
+}
+
+func (s *adapter) SetupSerially(ctx context.Context, id string, path string, opts ...NamespaceOpts) (*Result, error) {
+	// We do not support multiple plugins, the distinction between serial or
+	// parallel does not exist. Just forward the call.
+	return s.Setup(ctx, id, path, opts...)
+}
+
+func (s *adapter) Remove(ctx context.Context, id string, path string, opts ...NamespaceOpts) error {
+	var n Namespace
+	for _, opt := range opts {
+		opt(&n)
+	}
+
+	_, err := s.client.Detach(ctx, &wlapi.DetachRequest{
+		WorkloadId: n.labels["K8S_POD_UID"],
+		Netns: &wlapi.NetNSAttachment{
+			NetnsPath: path,
+			IfName:    "eth0",
+		},
+	})
+	return err
+}
+
+func (s *adapter) Check(ctx context.Context, id string, path string, opts ...NamespaceOpts) error {
+	return nil
+}
+
+func (s *adapter) Load(opts ...Opt) error {
+	// Stub, we do not actually have any CNI config.
+	return nil
+}
+
+func (s *adapter) Status() error {
+	_, err := s.client.Status(context.Background(), &wlapi.StatusRequest{})
+	return err
+}
+
+func (s *adapter) GetConfig() *ConfigResult {
+	return &ConfigResult{}
+}
diff --git a/metropolis/node/kubernetes/containerd/cniproxy/cnitypes.go b/metropolis/node/kubernetes/containerd/cniproxy/cnitypes.go
new file mode 100644
index 0000000..27bac36
--- /dev/null
+++ b/metropolis/node/kubernetes/containerd/cniproxy/cnitypes.go
@@ -0,0 +1,81 @@
+// Copyright The Monogon Project Authors.
+// Copyright The containerd Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+package cni
+
+// This file contains types mostly or entirely lifted from go-cni but copied
+// here to allow API compatibility. Redefining these is not viable as their
+// references to other types would point to go-cni's types.
+
+import (
+	"context"
+	"net"
+
+	"github.com/containernetworking/cni/pkg/types"
+)
+
+type CNI interface {
+	// Setup setup the network for the namespace
+	Setup(ctx context.Context, id string, path string, opts ...NamespaceOpts) (*Result, error)
+	// SetupSerially sets up each of the network interfaces for the namespace in serial
+	SetupSerially(ctx context.Context, id string, path string, opts ...NamespaceOpts) (*Result, error)
+	// Remove tears down the network of the namespace.
+	Remove(ctx context.Context, id string, path string, opts ...NamespaceOpts) error
+	// Check checks if the network is still in desired state
+	Check(ctx context.Context, id string, path string, opts ...NamespaceOpts) error
+	// Load loads the cni network config
+	Load(opts ...Opt) error
+	// Status checks the status of the cni initialization
+	Status() error
+	// GetConfig returns a copy of the CNI plugin configurations as parsed by CNI
+	GetConfig() *ConfigResult
+}
+
+type PortMapping struct {
+	HostPort      int32
+	ContainerPort int32
+	Protocol      string
+	HostIP        string
+}
+
+// BandWidth defines the ingress/egress rate and burst limits
+type BandWidth struct {
+	IngressRate  uint64
+	IngressBurst uint64
+	EgressRate   uint64
+	EgressBurst  uint64
+}
+
+// DNS defines the dns config
+type DNS struct {
+	// List of DNS servers of the cluster.
+	Servers []string
+	// List of DNS search domains of the cluster.
+	Searches []string
+	// List of DNS options.
+	Options []string
+}
+
+type IPConfig struct {
+	IP      net.IP
+	Gateway net.IP
+}
+
+type Config struct {
+	IPConfigs  []*IPConfig
+	Mac        string
+	Sandbox    string
+	PciID      string
+	SocketPath string
+}
+
+type Result struct {
+	Interfaces map[string]*Config
+	DNS        []types.DNS
+	Routes     []*types.Route
+}
+
+// ConfigResult is not used by containerd and it's a complex type, leave it
+// for now.
+type ConfigResult struct{}
diff --git a/metropolis/node/kubernetes/containerd/cniproxy/opts.go b/metropolis/node/kubernetes/containerd/cniproxy/opts.go
new file mode 100644
index 0000000..0316276
--- /dev/null
+++ b/metropolis/node/kubernetes/containerd/cniproxy/opts.go
@@ -0,0 +1,58 @@
+// Copyright The Monogon Project Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+package cni
+
+// Opt doesn't do anything as all configuration is ignored.
+type Opt func() error
+
+func noopOpt() error {
+	return nil
+}
+
+func WithConf(bytes []byte) Opt {
+	return noopOpt
+}
+
+func WithConfFile(fileName string) Opt {
+	return noopOpt
+}
+
+func WithConfIndex(bytes []byte, index int) Opt {
+	return noopOpt
+}
+
+func WithConfListBytes(bytes []byte) Opt {
+	return noopOpt
+}
+
+func WithConfListFile(fileName string) Opt {
+	return noopOpt
+}
+
+func WithInterfacePrefix(prefix string) Opt {
+	return noopOpt
+}
+
+func WithMinNetworkCount(count int) Opt {
+	return noopOpt
+}
+
+func WithPluginConfDir(dir string) Opt {
+	return noopOpt
+}
+
+func WithPluginDir(dirs []string) Opt {
+	return noopOpt
+}
+
+func WithPluginMaxConfNum(max int) Opt {
+	return noopOpt
+}
+
+func WithDefaultConf() error {
+	return nil
+}
+func WithLoNetwork() error {
+	return nil
+}
diff --git a/metropolis/node/kubernetes/containerd/cnispec.gojson b/metropolis/node/kubernetes/containerd/cnispec.gojson
deleted file mode 100644
index 4fca790..0000000
--- a/metropolis/node/kubernetes/containerd/cnispec.gojson
+++ /dev/null
@@ -1,31 +0,0 @@
-{{- /*gotype: github.com/containerd/cri/pkg/server.cniConfigTemplate*/ -}}
-{
-    "name": "k8s-pod-network",
-    "cniVersion": "0.3.1",
-    "plugins": [
-        {
-            "type": "ptp",
-            "mtu": 1420,
-            {{/* Must be node.LinkGroupK8sPod */}}
-            "linkGroup": 8,
-            "ipam": {
-                "type": "host-local",
-                "dataDir": "/ephemeral/containerd/ipam",
-                "ranges": [
-                    {{range $i, $range := .PodCIDRRanges}}{{if $i}},
-            {{end}}[
-            {
-                "subnet": "{{$range}}"
-            }
-        ]
-        {{end}}
-    ],
-    "routes": [
-        {{range $i, $route := .Routes}}{{if $i}},
-    {{end}}{
-    "dst": "{{$route}}"
-}{{end}}]
-}
-}
-]
-}
\ No newline at end of file
diff --git a/metropolis/node/kubernetes/containerd/config.toml b/metropolis/node/kubernetes/containerd/config.toml
index 88d9ea0..eff2c3d 100644
--- a/metropolis/node/kubernetes/containerd/config.toml
+++ b/metropolis/node/kubernetes/containerd/config.toml
@@ -142,11 +142,11 @@
             TypeUrl = "io.containerd.runsc.v1.options"
 
     [plugins."io.containerd.cri.v1.runtime".cni]
-      bin_dir = "/containerd/bin/cni"
-      conf_dir = "/ephemeral/containerd/cni"
+      bin_dir = ""
+      conf_dir = ""
       max_conf_num = 0
       setup_serially = false
-      conf_template = "/containerd/conf/cnispec.gojson"
+      conf_template = ""
       ip_pref = ""
       use_internal_loopback = false
 
diff --git a/metropolis/node/tools/tools.go b/metropolis/node/tools/tools.go
index 5377496..b021495 100644
--- a/metropolis/node/tools/tools.go
+++ b/metropolis/node/tools/tools.go
@@ -9,9 +9,6 @@
 import (
 	_ "github.com/containerd/containerd/v2/cmd/containerd"
 	_ "github.com/containerd/containerd/v2/cmd/containerd-shim-runc-v2"
-	_ "github.com/containernetworking/plugins/plugins/ipam/host-local"
-	_ "github.com/containernetworking/plugins/plugins/main/loopback"
-	_ "github.com/containernetworking/plugins/plugins/main/ptp"
 	_ "github.com/go-delve/delve/cmd/dlv"
 	_ "github.com/opencontainers/runc"
 	_ "github.com/prometheus/node_exporter"
diff --git a/third_party/com_github_containerd_containerd_v2/cni-adapter.patch b/third_party/com_github_containerd_containerd_v2/cni-adapter.patch
new file mode 100644
index 0000000..cee8f0b
--- /dev/null
+++ b/third_party/com_github_containerd_containerd_v2/cni-adapter.patch
@@ -0,0 +1,195 @@
+From 9bd63f7ca7d4a248f31600bb09fe1c828d40115a Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@monogon.tech>
+Date: Wed, 6 Aug 2025 04:07:56 +0200
+Subject: [PATCH] Use our CNI adapter instead of go-cni
+
+We're not really using CNI here, just straight-up intercepting the Go
+calls and redirecting them to us.
+---
+ cmd/ctr/commands/run/run.go             | 2 +-
+ cmd/ctr/commands/tasks/kill.go          | 2 +-
+ internal/cri/server/cni_conf_syncer.go  | 2 +-
+ internal/cri/server/sandbox_run.go      | 2 +-
+ internal/cri/server/sandbox_run_test.go | 2 +-
+ internal/cri/server/service.go          | 2 +-
+ internal/cri/server/service_linux.go    | 2 +-
+ internal/cri/server/service_other.go    | 2 +-
+ internal/cri/server/service_test.go     | 2 +-
+ internal/cri/server/service_windows.go  | 2 +-
+ internal/cri/store/sandbox/metadata.go  | 2 +-
+ internal/cri/testing/fake_cni_plugin.go | 2 +-
+ internal/cri/types/sandbox_info.go      | 2 +-
+ 13 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/cmd/ctr/commands/run/run.go b/cmd/ctr/commands/run/run.go
+index 365f77746..298f004f2 100644
+--- a/cmd/ctr/commands/run/run.go
++++ b/cmd/ctr/commands/run/run.go
+@@ -24,7 +24,7 @@ import (
+ 	"strings"
+ 
+ 	"github.com/containerd/console"
+-	gocni "github.com/containerd/go-cni"
++	gocni "source.monogon.dev/metropolis/node/kubernetes/containerd/cniproxy"
+ 	specs "github.com/opencontainers/runtime-spec/specs-go"
+ 	"github.com/urfave/cli/v2"
+ 
+diff --git a/cmd/ctr/commands/tasks/kill.go b/cmd/ctr/commands/tasks/kill.go
+index 78b5584e2..d03a2aa48 100644
+--- a/cmd/ctr/commands/tasks/kill.go
++++ b/cmd/ctr/commands/tasks/kill.go
+@@ -23,7 +23,7 @@ import (
+ 
+ 	containerd "github.com/containerd/containerd/v2/client"
+ 	"github.com/containerd/containerd/v2/cmd/ctr/commands"
+-	gocni "github.com/containerd/go-cni"
++	gocni "source.monogon.dev/metropolis/node/kubernetes/containerd/cniproxy"
+ 	"github.com/containerd/log"
+ 	"github.com/containerd/typeurl/v2"
+ 	"github.com/moby/sys/signal"
+diff --git a/internal/cri/server/cni_conf_syncer.go b/internal/cri/server/cni_conf_syncer.go
+index 822e7e54a..646286c4e 100644
+--- a/internal/cri/server/cni_conf_syncer.go
++++ b/internal/cri/server/cni_conf_syncer.go
+@@ -22,7 +22,7 @@ import (
+ 	"path/filepath"
+ 	"sync"
+ 
+-	"github.com/containerd/go-cni"
++	"source.monogon.dev/metropolis/node/kubernetes/containerd/cniproxy"
+ 	"github.com/containerd/log"
+ 	"github.com/fsnotify/fsnotify"
+ )
+diff --git a/internal/cri/server/sandbox_run.go b/internal/cri/server/sandbox_run.go
+index 3142efb72..1e26479f6 100644
+--- a/internal/cri/server/sandbox_run.go
++++ b/internal/cri/server/sandbox_run.go
+@@ -26,7 +26,7 @@ import (
+ 	"strings"
+ 	"time"
+ 
+-	"github.com/containerd/go-cni"
++	"source.monogon.dev/metropolis/node/kubernetes/containerd/cniproxy"
+ 	"github.com/containerd/log"
+ 	"github.com/containerd/typeurl/v2"
+ 	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
+diff --git a/internal/cri/server/sandbox_run_test.go b/internal/cri/server/sandbox_run_test.go
+index 3b3b01187..7c643f7c7 100644
+--- a/internal/cri/server/sandbox_run_test.go
++++ b/internal/cri/server/sandbox_run_test.go
+@@ -21,7 +21,7 @@ import (
+ 	"net"
+ 	"testing"
+ 
+-	"github.com/containerd/go-cni"
++	"source.monogon.dev/metropolis/node/kubernetes/containerd/cniproxy"
+ 	"github.com/stretchr/testify/assert"
+ 	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
+ )
+diff --git a/internal/cri/server/service.go b/internal/cri/server/service.go
+index 8b65b1465..4ffe73acc 100644
+--- a/internal/cri/server/service.go
++++ b/internal/cri/server/service.go
+@@ -26,7 +26,7 @@ import (
+ 	"sync/atomic"
+ 	"time"
+ 
+-	"github.com/containerd/go-cni"
++	"source.monogon.dev/metropolis/node/kubernetes/containerd/cniproxy"
+ 	"github.com/containerd/log"
+ 	"github.com/containerd/typeurl/v2"
+ 	imagespec "github.com/opencontainers/image-spec/specs-go/v1"
+diff --git a/internal/cri/server/service_linux.go b/internal/cri/server/service_linux.go
+index a115e5f67..c9451e41e 100644
+--- a/internal/cri/server/service_linux.go
++++ b/internal/cri/server/service_linux.go
+@@ -25,7 +25,7 @@ import (
+ 
+ 	"github.com/containerd/containerd/v2/pkg/cap"
+ 	"github.com/containerd/containerd/v2/pkg/kernelversion"
+-	"github.com/containerd/go-cni"
++	"source.monogon.dev/metropolis/node/kubernetes/containerd/cniproxy"
+ 	"github.com/containerd/log"
+ )
+ 
+diff --git a/internal/cri/server/service_other.go b/internal/cri/server/service_other.go
+index 70e050f11..4b027730a 100644
+--- a/internal/cri/server/service_other.go
++++ b/internal/cri/server/service_other.go
+@@ -19,7 +19,7 @@
+ package server
+ 
+ import (
+-	"github.com/containerd/go-cni"
++	"source.monogon.dev/metropolis/node/kubernetes/containerd/cniproxy"
+ )
+ 
+ // initPlatform handles initialization of the CRI service for non-windows
+diff --git a/internal/cri/server/service_test.go b/internal/cri/server/service_test.go
+index b6d9ecfb3..7dc40781d 100644
+--- a/internal/cri/server/service_test.go
++++ b/internal/cri/server/service_test.go
+@@ -20,7 +20,7 @@ import (
+ 	"context"
+ 
+ 	"github.com/containerd/errdefs"
+-	"github.com/containerd/go-cni"
++	"source.monogon.dev/metropolis/node/kubernetes/containerd/cniproxy"
+ 	"github.com/containerd/platforms"
+ 	imagespec "github.com/opencontainers/image-spec/specs-go/v1"
+ 
+diff --git a/internal/cri/server/service_windows.go b/internal/cri/server/service_windows.go
+index 1bf71413f..0ebae652d 100644
+--- a/internal/cri/server/service_windows.go
++++ b/internal/cri/server/service_windows.go
+@@ -19,7 +19,7 @@ package server
+ import (
+ 	"fmt"
+ 
+-	"github.com/containerd/go-cni"
++	"source.monogon.dev/metropolis/node/kubernetes/containerd/cniproxy"
+ )
+ 
+ // windowsNetworkAttachCount is the minimum number of networks the PodSandbox
+diff --git a/internal/cri/store/sandbox/metadata.go b/internal/cri/store/sandbox/metadata.go
+index 20fe2f1d1..8a2d22aa5 100644
+--- a/internal/cri/store/sandbox/metadata.go
++++ b/internal/cri/store/sandbox/metadata.go
+@@ -20,7 +20,7 @@ import (
+ 	"encoding/json"
+ 	"fmt"
+ 
+-	cni "github.com/containerd/go-cni"
++	cni "source.monogon.dev/metropolis/node/kubernetes/containerd/cniproxy"
+ 	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
+ )
+ 
+diff --git a/internal/cri/testing/fake_cni_plugin.go b/internal/cri/testing/fake_cni_plugin.go
+index fcc060f1c..cac2d5173 100644
+--- a/internal/cri/testing/fake_cni_plugin.go
++++ b/internal/cri/testing/fake_cni_plugin.go
+@@ -19,7 +19,7 @@ package testing
+ import (
+ 	"context"
+ 
+-	cni "github.com/containerd/go-cni"
++	cni "source.monogon.dev/metropolis/node/kubernetes/containerd/cniproxy"
+ )
+ 
+ // FakeCNIPlugin is a fake plugin used for test.
+diff --git a/internal/cri/types/sandbox_info.go b/internal/cri/types/sandbox_info.go
+index 49acadae8..fbe6af925 100644
+--- a/internal/cri/types/sandbox_info.go
++++ b/internal/cri/types/sandbox_info.go
+@@ -17,7 +17,7 @@
+ package types
+ 
+ import (
+-	"github.com/containerd/go-cni"
++	"source.monogon.dev/metropolis/node/kubernetes/containerd/cniproxy"
+ 	"github.com/opencontainers/runtime-spec/specs-go"
+ 	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
+ 
+-- 
+2.49.0
+
diff --git a/third_party/com_github_containernetworking_cni/BUILD.bazel b/third_party/com_github_containernetworking_cni/BUILD.bazel
deleted file mode 100644
index e69de29..0000000
--- a/third_party/com_github_containernetworking_cni/BUILD.bazel
+++ /dev/null
diff --git a/third_party/com_github_containernetworking_cni/cni-fix-cachepath.patch b/third_party/com_github_containernetworking_cni/cni-fix-cachepath.patch
deleted file mode 100644
index 06cf210..0000000
--- a/third_party/com_github_containernetworking_cni/cni-fix-cachepath.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 3646de78ed303e1c84c78b676859df9c2db33863 Mon Sep 17 00:00:00 2001
-From: Lorenz Brun <lorenz@brun.one>
-Date: Mon, 25 Jan 2021 18:20:01 +0100
-Subject: [PATCH] Point CacheDir to the correct location for Metropolis
-
-This is arguably an ugly hack, but they hardcoded it and the fastest way to
-access anything resembling a config is through three different repos:
-containernetworking/cni -> containerd/go-cni -> containerd/cri ->
-containerd/containerd.
----
- libcni/api.go | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libcni/api.go b/libcni/api.go
-index 5a43219..5d71426 100644
---- a/libcni/api.go
-+++ b/libcni/api.go
-@@ -38,7 +38,7 @@ import (
- )
- 
- var (
--	CacheDir = "/var/lib/cni"
-+	CacheDir = "/ephemeral/containerd/cni-cache"
- 	// slightly awkward wording to preserve anyone matching on error strings
- 	ErrorCheckNotSupp = fmt.Errorf("does not support the CHECK command")
- )
--- 
-2.44.1
-
diff --git a/third_party/com_github_containernetworking_plugins/BUILD.bazel b/third_party/com_github_containernetworking_plugins/BUILD.bazel
deleted file mode 100644
index e69de29..0000000
--- a/third_party/com_github_containernetworking_plugins/BUILD.bazel
+++ /dev/null
diff --git a/third_party/com_github_containernetworking_plugins/cniplugins-add-linkgroup.patch b/third_party/com_github_containernetworking_plugins/cniplugins-add-linkgroup.patch
deleted file mode 100644
index ec83ddd..0000000
--- a/third_party/com_github_containernetworking_plugins/cniplugins-add-linkgroup.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From a2c65ec075a9376e3b8e9fb72a96db36a613a1d0 Mon Sep 17 00:00:00 2001
-From: Lorenz Brun <lorenz@brun.one>
-Date: Thu, 2 Jan 2025 00:36:05 +0100
-Subject: [PATCH] Add linkGroup setting
-
----
- plugins/main/ptp/ptp.go | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/plugins/main/ptp/ptp.go b/plugins/main/ptp/ptp.go
-index 9c88d901..e0b283c5 100644
---- a/plugins/main/ptp/ptp.go
-+++ b/plugins/main/ptp/ptp.go
-@@ -47,6 +47,7 @@ type NetConf struct {
- 	IPMasq        bool    `json:"ipMasq"`
- 	IPMasqBackend *string `json:"ipMasqBackend,omitempty"`
- 	MTU           int     `json:"mtu"`
-+	LinkGroup     int     `json:"linkGroup,omitempty"`
- }
- 
- func setupContainerVeth(netns ns.NetNS, ifName string, mtu int, pr *current.Result) (*current.Interface, *current.Interface, error) {
-@@ -146,7 +147,7 @@ func setupContainerVeth(netns ns.NetNS, ifName string, mtu int, pr *current.Resu
- 	return hostInterface, containerInterface, nil
- }
- 
--func setupHostVeth(vethName string, result *current.Result) error {
-+func setupHostVeth(vethName string, group int, result *current.Result) error {
- 	// hostVeth moved namespaces and may have a new ifindex
- 	veth, err := netlinksafe.LinkByName(vethName)
- 	if err != nil {
-@@ -178,6 +179,12 @@ func setupHostVeth(vethName string, result *current.Result) error {
- 		}
- 	}
- 
-+	if group != 0 {
-+		if err := netlink.LinkSetGroup(veth, group); err != nil {
-+			return fmt.Errorf("failed to set link group for if %q: %v", vethName, err)
-+		}
-+	}
-+
- 	return nil
- }
- 
-@@ -225,7 +232,7 @@ func cmdAdd(args *skel.CmdArgs) error {
- 		return err
- 	}
- 
--	if err = setupHostVeth(hostInterface.Name, result); err != nil {
-+	if err = setupHostVeth(hostInterface.Name, conf.LinkGroup, result); err != nil {
- 		return err
- 	}
- 
--- 
-2.47.1
-