diff --git a/arch-images/kata-containers-network-hotplug-uml.txt b/arch-images/kata-containers-network-hotplug-uml.txt
new file mode 100644
index 0000000000..6f12169184
--- /dev/null
+++ b/arch-images/kata-containers-network-hotplug-uml.txt
@@ -0,0 +1,47 @@
+@startuml
+
+User->CLI: network add-interface
+CLI->virtcontainers: AddInterface
+virtcontainers->QEMU:QMP-hot-add-network
+virtcontainers->agent:UpdateInterface
+note right
+the agent's UpdateInterface code will need to be augmented
+to have a timeout/wait associated with this for the network
+device to appear (ie, wait for qmp to complete)
+end note
+agent->User: err, interface detail
+
+User->CLI: network del-interface
+CLI->virtcontainers: DeleteInterface
+note right
+There will be no call to the agent. We rely on guest kernel
+to clean up any state associated with the interface.
+end note
+virtcontainers->QEMU:QMP-hot-delete-network
+virtcontainers->User: err, interface detail
+
+User->CLI: network list-interface
+CLI->virtcontainers: ListInterfaces
+virtcontainers->agent:ListInterfaces
+agent->User: err, list of interface details
+
+User->CLI: network update-routes
+CLI->virtcontainers: UpdateRoutes
+note right
+routes are handled in a 'one shot' basis,
+setting all of the routes for the network. This needs to
+be called after interfaces are added, and should be called
+after interfaces are removed. It should be fine to call once
+after adding all of the expected interfaces. If you know all
+the resulting routes, simply calling set routes with the
+complete list should suffice.
+end note
+virtcontainers->agent:UpdateRoutes
+agent->User: err, list of routes
+
+User->CLI: network list-routes
+CLI->virtcontainers: ListRoutes
+virtcontainers->agent:ListRoutes
+agent->User: err, list of routes
+
+@enduml
diff --git a/arch-images/kata-containers-network-hotplug.png b/arch-images/kata-containers-network-hotplug.png
new file mode 100644
index 0000000000..1829fc860a
Binary files /dev/null and b/arch-images/kata-containers-network-hotplug.png differ
diff --git a/architecture.md b/architecture.md
index 7953460aeb..6b8b8b0c4c 100644
--- a/architecture.md
+++ b/architecture.md
@@ -476,6 +476,37 @@ __Runtime network setup with CNM__
 5. Create bridge, TAP, and link all together with network interface previously
   created
 
+=======
+### CNI
+
+![CNI Diagram](arch-images/CNI_diagram.png)
+
+__Runtime network setup with CNI__
+
+1. Create the network namespace.
+
+2. Get CNI plugin information.
+
+3. Start the plugin (providing previously created network namespace) to add a network
+  described into `/etc/cni/net.d/ directory`. At that time, the CNI plugin will
+  create the `cni0` network interface and a veth pair between the host and the created
+  netns. It links `cni0` to the veth pair before to exit.
+
+4. Create network bridge, TAP, and link all together with network interface previously
+  created.
+
+5. Start VM inside the netns and start the container.
+
+
+### Network Hotplug
+
+Kata Containers has developed a set of network sub-commands and APIs to add, list and
+remove a guest network endpoint and to manipulate the guest route table.
+
+The following diagram illustrates the Kata Containers network hotplug workflow.
+
+![Network Hotplug](arch-images/kata-containers-network-hotplug.png)
+
 ## Storage
 Container workloads are shared with the virtualized environment through [9pfs](https://www.kernel.org/doc/Documentation/filesystems/9p.txt).
 The devicemapper storage driver is a special case. The driver uses dedicated block
diff --git a/design/kata-api-design.md b/design/kata-api-design.md
index 7d8aa59e2d..241bbee022 100644
--- a/design/kata-api-design.md
+++ b/design/kata-api-design.md
@@ -31,11 +31,12 @@ To fulfill the [kata design requirements](kata-design-requirements.md), and base
 ### Sandbox Hotplug API
 |Name|Description|
 |---|---|
-|sandbox.AddStorage()| Add new storage to the sandbox.|
-|sandbox.AddNetwork()| Add new nic to the sandbox.|
-|sandbox.ListNetwork()| List all nics and their configurations in the sandbox.|
-|sandbox.UpdateNetwork()| Update the configuration of an existing network interface.|
-|sandbox.UpdateRoute()| Update the sandbox route table (e.g. for portmapping support).|
+|sandbox.AddDevice()| Add new storage device to the sandbox.|
+|sandbox.AddInterface()| Add new nic to the sandbox.|
+|sandbox.RemoveInterface()| Remove a nic from the sandbox.|
+|sandbox.ListInterfaces()| List all nics and their configurations in the sandbox.|
+|sandbox.UpdateRoutes()| Update the sandbox route table (e.g. for portmapping support).|
+|sandbox.ListRoutes()| List the sandbox route table.|
 
 ### Sandbox Relay API
 |Name|Description|