diff --git a/src/runtime/virtcontainers/clh.go b/src/runtime/virtcontainers/clh.go
index 5d290ff3b..df493f4b3 100644
--- a/src/runtime/virtcontainers/clh.go
+++ b/src/runtime/virtcontainers/clh.go
@@ -181,12 +181,18 @@ var vmAddNetPutRequest = func(clh *cloudHypervisor) error {
 			return err
 		}
 
-		payloadn, err := conn.Write([]byte(payload))
+		files := clh.netDevicesFiles[*netDevice.Mac]
+		var fds []int
+		for _, f := range files {
+			fds = append(fds, int(f.Fd()))
+		}
+		oob := syscall.UnixRights(fds...)
+		payloadn, oobn, err := conn.WriteMsgUnix([]byte(payload), oob, nil)
 		if err != nil {
 			return err
 		}
-		if payloadn != len(payload) {
-			return fmt.Errorf("Failed to send all the request to Cloud Hypervisor. %d bytes expect to send, but only %d sent", len(payload), payloadn)
+		if payloadn != len(payload) || oobn != len(oob) {
+			return fmt.Errorf("Failed to send all the request to Cloud Hypervisor. %d bytes expect to send as payload, %d bytes expect to send as oob date,  but only %d sent as payload, and %d sent as oob", len(payload), len(oob), payloadn, oobn)
 		}
 
 		reader := bufio.NewReader(conn)
@@ -229,16 +235,17 @@ func (s *CloudHypervisorState) reset() {
 }
 
 type cloudHypervisor struct {
-	console        console.Console
-	virtiofsDaemon VirtiofsDaemon
-	APIClient      clhClient
-	ctx            context.Context
-	id             string
-	netDevices     *[]chclient.NetConfig
-	devicesIds     map[string]string
-	vmconfig       chclient.VmConfig
-	state          CloudHypervisorState
-	config         HypervisorConfig
+	console         console.Console
+	virtiofsDaemon  VirtiofsDaemon
+	APIClient       clhClient
+	ctx             context.Context
+	id              string
+	netDevices      *[]chclient.NetConfig
+	devicesIds      map[string]string
+	netDevicesFiles map[string][]*os.File
+	vmconfig        chclient.VmConfig
+	state           CloudHypervisorState
+	config          HypervisorConfig
 }
 
 var clhKernelParams = []Param{
@@ -430,6 +437,7 @@ func (clh *cloudHypervisor) CreateVM(ctx context.Context, id string, network Net
 	clh.id = id
 	clh.state.state = clhNotReady
 	clh.devicesIds = make(map[string]string)
+	clh.netDevicesFiles = make(map[string][]*os.File)
 
 	clh.Logger().WithField("function", "CreateVM").Info("creating Sandbox")
 
@@ -1456,6 +1464,7 @@ func (clh *cloudHypervisor) addNet(e Endpoint) error {
 	if tapPath == "" {
 		return errors.New("TAP path in network pair is empty")
 	}
+	clh.netDevicesFiles[mac] = netPair.TapInterface.VMFds
 
 	clh.Logger().WithFields(log.Fields{
 		"mac": mac,
diff --git a/src/runtime/virtcontainers/clh_test.go b/src/runtime/virtcontainers/clh_test.go
index 31ae67c1a..1343cfac7 100644
--- a/src/runtime/virtcontainers/clh_test.go
+++ b/src/runtime/virtcontainers/clh_test.go
@@ -135,6 +135,7 @@ func TestCloudHypervisorAddNetCheckNetConfigListValues(t *testing.T) {
 	assert := assert.New(t)
 
 	clh := cloudHypervisor{}
+	clh.netDevicesFiles = make(map[string][]*os.File)
 
 	e := &VethEndpoint{}
 	e.NetPair.TAPIface.HardAddr = macTest
@@ -185,6 +186,7 @@ func TestCloudHypervisorAddNetCheckEnpointTypes(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			clh := &cloudHypervisor{}
+			clh.netDevicesFiles = make(map[string][]*os.File)
 			if err := clh.addNet(tt.args.e); (err != nil) != tt.wantErr {
 				t.Errorf("cloudHypervisor.addNet() error = %v, wantErr %v", err, tt.wantErr)
 
@@ -339,6 +341,7 @@ func TestCloudHypervisorNetRateLimiter(t *testing.T) {
 			clhConfig.NetRateLimiterOpsOneTimeBurst = tt.args.opsOneTimeBurst
 
 			clh := &cloudHypervisor{}
+			clh.netDevicesFiles = make(map[string][]*os.File)
 			clh.config = clhConfig
 			clh.APIClient = &clhClientMock{}