diff --git a/backport-fix-azure-disable-use-dns-for-secondary-nics-5314.patch b/backport-fix-azure-disable-use-dns-for-secondary-nics-5314.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7adb368c02930712b2d4d7bd6e336821beb38c3a
--- /dev/null
+++ b/backport-fix-azure-disable-use-dns-for-secondary-nics-5314.patch
@@ -0,0 +1,101 @@
+From 42930d8459b59b22cab3f76d85d170871174b479 Mon Sep 17 00:00:00 2001
+From: Alberto Contreras <alberto.contreras@canonical.com>
+Date: Wed, 29 May 2024 09:10:53 +0200
+Subject: [PATCH] fix(azure): disable use-dns for secondary nics (#5314)
+
+Reference:https://github.com/canonical/cloud-init/commit/42930d8459b59b22cab3f76d85d170871174b479
+Conflict:(1)not change tests/integration_tests/datasources/test_azure.py
+(2)change TestParseNetworkConfig not TestGenerateNetworkConfig, other differences are significant.
+
+DNS resolution through secondary NICs is not supported on Azure. Disable
+it.
+
+Without this, we see seconds of delay resolving urls in cloud-init logs
+from Jammy+, see SF ticket.
+
+Per cjp256's comment, the first NIC under metadata.imds.network is ensured
+to be the primary one. We use this to determine primary NICs instead of
+relying on fragile driver and/or NIC names.
+
+Fixes: SF: #00380708
+
+Co-authored-by: Calvin Mwadime <calvin.mwadime@canonical.com>
+---
+ cloudinit/sources/DataSourceAzure.py          |  3 +++
+ tests/unittests/test_datasource/test_azure.py | 19 ++++++++++++-------
+ 2 files changed, 15 insertions(+), 7 deletions(-)
+
+diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py
+index f1e6642..7b070b8 100755
+--- a/cloudinit/sources/DataSourceAzure.py
++++ b/cloudinit/sources/DataSourceAzure.py
+@@ -2207,6 +2207,9 @@ def _generate_network_config_from_imds_metadata(imds_metadata) -> dict:
+         # addresses.
+         nicname = 'eth{idx}'.format(idx=idx)
+         dhcp_override = {'route-metric': (idx + 1) * 100}
++        # DNS resolution through secondary NICs is not supported, disable it.
++        if idx > 0:
++            dhcp_override["use-dns"] = False
+         dev_config = {'dhcp4': True, 'dhcp4-overrides': dhcp_override,
+                       'dhcp6': False}
+         for addr_type in ('ipv4', 'ipv6'):
+diff --git a/tests/unittests/test_datasource/test_azure.py b/tests/unittests/test_datasource/test_azure.py
+index 62e657b..82d9718 100644
+--- a/tests/unittests/test_datasource/test_azure.py
++++ b/tests/unittests/test_datasource/test_azure.py
+@@ -243,12 +243,17 @@ class TestParseNetworkConfig(CiTestCase):
+                      'match': {'macaddress': '22:0d:3a:04:75:98'},
+                      'dhcp6': False,
+                      'dhcp4': True,
+-                     'dhcp4-overrides': {'route-metric': 200}},
++                     'dhcp4-overrides': {
++                         'route-metric': 200,
++                         "use-dns": False,}},
+             'eth2': {'set-name': 'eth2',
+                      'match': {'macaddress': '33:0d:3a:04:75:98'},
+                      'dhcp6': False,
+                      'dhcp4': True,
+-                     'dhcp4-overrides': {'route-metric': 300}}}, 'version': 2}
++                     'dhcp4-overrides': {
++                         'route-metric': 300,
++                         "use-dns": False,},},},
++                     'version': 2,}
+         imds_data = copy.deepcopy(NETWORK_METADATA)
+         imds_data['network']['interface'].append(SECONDARY_INTERFACE)
+         third_intf = copy.deepcopy(SECONDARY_INTERFACE)
+@@ -274,13 +279,13 @@ class TestParseNetworkConfig(CiTestCase):
+                      'match': {'macaddress': '22:0d:3a:04:75:98'},
+                      'dhcp4': True,
+                      'dhcp6': False,
+-                     'dhcp4-overrides': {'route-metric': 200}},
++                     'dhcp4-overrides': {'route-metric': 200, "use-dns": False}},
+             'eth2': {'set-name': 'eth2',
+                      'match': {'macaddress': '33:0d:3a:04:75:98'},
+                      'dhcp4': True,
+-                     'dhcp4-overrides': {'route-metric': 300},
++                     'dhcp4-overrides': {'route-metric': 300, "use-dns": False},
+                      'dhcp6': True,
+-                     'dhcp6-overrides': {'route-metric': 300}}}, 'version': 2}
++                     'dhcp6-overrides': {'route-metric': 300, "use-dns": False}}}, 'version': 2}
+         imds_data = copy.deepcopy(NETWORK_METADATA)
+         nic1 = imds_data['network']['interface'][0]
+         nic1['ipv4']['ipAddress'].append({'privateIpAddress': '10.0.0.5'})
+@@ -1184,12 +1189,12 @@ scbus-1 on xpt0 bus 0
+                          'match': {'macaddress': '22:0d:3a:04:75:98'},
+                          'dhcp6': False,
+                          'dhcp4': True,
+-                         'dhcp4-overrides': {'route-metric': 200}},
++                         'dhcp4-overrides': {'route-metric': 200, "use-dns": False}},
+                 'eth2': {'set-name': 'eth2',
+                          'match': {'macaddress': '33:0d:3a:04:75:98'},
+                          'dhcp6': False,
+                          'dhcp4': True,
+-                         'dhcp4-overrides': {'route-metric': 300}}},
++                         'dhcp4-overrides': {'route-metric': 300, "use-dns": False}}},
+             'version': 2}
+         imds_data = copy.deepcopy(NETWORK_METADATA)
+         imds_data['network']['interface'].append(SECONDARY_INTERFACE)
+-- 
+2.33.0
+
+
diff --git a/backport-fix-net-Make-duplicate-route-add-succeed.-5343.patch b/backport-fix-net-Make-duplicate-route-add-succeed.-5343.patch
new file mode 100644
index 0000000000000000000000000000000000000000..118eac35b5b274296d43554384f7c727f901815a
--- /dev/null
+++ b/backport-fix-net-Make-duplicate-route-add-succeed.-5343.patch
@@ -0,0 +1,61 @@
+From e432a31d6ea4263027c327559bb08adf3a91ad6d Mon Sep 17 00:00:00 2001
+From: Brett Holman <brett.holman@canonical.com>
+Date: Wed, 29 May 2024 16:03:46 -0600
+Subject: [PATCH] fix(net): Make duplicate route add succeed. (#5343)
+
+Reference:https://github.com/canonical/cloud-init/commit/e432a31d6ea4263027c327559bb08adf3a91ad6d
+Conflict:(1)change cloudinit/net/__init__.py not cloudinit/net/netops/iproute2.py.
+(2)change cloudinit/net/tests/test_init.py not tests/unittests/net/test_init.py.
+(3)change 'ip -4 route add' to 'ip -4 route replace', other differences are significant.
+
+This behaves the same but doesn't fail when adding an existing route.
+
+Fixes GH-3441
+Fixes GH-3595
+---
+ cloudinit/net/__init__.py        | 4 ++--
+ cloudinit/net/tests/test_init.py | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/cloudinit/net/__init__.py b/cloudinit/net/__init__.py
+index d3ac4c8..f05642d 100644
+--- a/cloudinit/net/__init__.py
++++ b/cloudinit/net/__init__.py
+@@ -1256,14 +1256,14 @@ class EphemeralIPv4Network(object):
+                 self.interface, out.strip())
+             return
+         subp.subp(
+-            ['ip', '-4', 'route', 'add', self.router, 'dev', self.interface,
++            ['ip', '-4', 'route', 'replace', self.router, 'dev', self.interface,
+              'src', self.ip], capture=True)
+         self.cleanup_cmds.insert(
+             0,
+             ['ip', '-4', 'route', 'del', self.router, 'dev', self.interface,
+              'src', self.ip])
+         subp.subp(
+-            ['ip', '-4', 'route', 'add', 'default', 'via', self.router,
++            ['ip', '-4', 'route', 'replace', 'default', 'via', self.router,
+              'dev', self.interface], capture=True)
+         self.cleanup_cmds.insert(
+             0, ['ip', '-4', 'route', 'del', 'default', 'dev', self.interface])
+diff --git a/cloudinit/net/tests/test_init.py b/cloudinit/net/tests/test_init.py
+index a47b7c8..6eda482 100644
+--- a/cloudinit/net/tests/test_init.py
++++ b/cloudinit/net/tests/test_init.py
+@@ -764,10 +764,10 @@ class TestEphemeralIPV4Network(CiTestCase):
+                 capture=True),
+             mock.call(
+                 ['ip', 'route', 'show', '0.0.0.0/0'], capture=True),
+-            mock.call(['ip', '-4', 'route', 'add', '192.168.2.1',
++            mock.call(['ip', '-4', 'route', 'replace', '192.168.2.1',
+                        'dev', 'eth0', 'src', '192.168.2.2'], capture=True),
+             mock.call(
+-                ['ip', '-4', 'route', 'add', 'default', 'via',
++                ['ip', '-4', 'route', 'replace', 'default', 'via',
+                  '192.168.2.1', 'dev', 'eth0'], capture=True)]
+         expected_teardown_calls = [
+             mock.call(['ip', '-4', 'route', 'del', 'default', 'dev', 'eth0'],
+-- 
+2.33.0
+
+
diff --git a/backport-fix-netplan-Fix-predictable-interface-rename-issue-5.patch b/backport-fix-netplan-Fix-predictable-interface-rename-issue-5.patch
new file mode 100644
index 0000000000000000000000000000000000000000..98084ebf7bbc18dd9053857fba00ca2f2119a91f
--- /dev/null
+++ b/backport-fix-netplan-Fix-predictable-interface-rename-issue-5.patch
@@ -0,0 +1,59 @@
+From 2856f4c8a440eba1127ac09f2b411d436c62e777 Mon Sep 17 00:00:00 2001
+From: Brett Holman <brett.holman@canonical.com>
+Date: Wed, 29 May 2024 16:08:35 -0600
+Subject: [PATCH] fix(netplan): Fix predictable interface rename issue (#5339)
+
+Reference:https://github.com/canonical/cloud-init/commit/2856f4c8a440eba1127ac09f2b411d436c62e777
+Conflict:NA
+
+When predictable naming is disabled, the following command may exit with
+a non-zero exit code.
+
+    udevadm test-builtin net_setup_link
+
+This code only ran to check for udev rename races, which cannot happen
+when systemd renaming is disabled. Skip when disabled.
+
+Fixes GH-3950
+---
+ cloudinit/net/netplan.py    | 3 +++
+ tests/unittests/test_net.py | 5 ++++-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/cloudinit/net/netplan.py b/cloudinit/net/netplan.py
+index 7d6740d..7e32167 100644
+--- a/cloudinit/net/netplan.py
++++ b/cloudinit/net/netplan.py
+@@ -263,6 +263,9 @@ class Renderer(renderer.Renderer):
+         if not run:
+             LOG.debug("netplan net_setup_link postcmd disabled")
+             return
++        elif "net.ifnames=0" in util.get_cmdline():
++            LOG.debug("Predictable interface names disabled.")
++            return
+         setup_lnk = ['udevadm', 'test-builtin', 'net_setup_link']
+ 
+          # It's possible we can race a udev rename and attempt to run
+diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py
+index 4a1d7c0..27b28ca 100644
+--- a/tests/unittests/test_net.py
++++ b/tests/unittests/test_net.py
+@@ -4531,10 +4531,13 @@ class TestNetplanPostcommands(CiTestCase):
+         mock_netplan_generate.assert_called_with(run=True)
+         mock_net_setup_link.assert_called_with(run=True)
+ 
++    @mock.patch("cloudinit.util.get_cmdline")
+     @mock.patch('cloudinit.util.SeLinuxGuard')
+     @mock.patch.object(netplan, "get_devicelist")
+     @mock.patch('cloudinit.subp.subp')
+-    def test_netplan_postcmds(self, mock_subp, mock_devlist, mock_sel):
++    def test_netplan_postcmds(
++        self, mock_subp, mock_devlist, mock_sel, m_get_cmdline
++    ):
+         mock_sel.__enter__ = mock.Mock(return_value=False)
+         mock_sel.__exit__ = mock.Mock()
+         mock_devlist.side_effect = [['lo']]
+-- 
+2.33.0
+
+
diff --git a/cloud-init.spec b/cloud-init.spec
index aadf49e23d4179a730ee65070417fbf1e846e500..66b276aed22a0575b7bbc0606287c32f17e87809 100644
--- a/cloud-init.spec
+++ b/cloud-init.spec
@@ -1,6 +1,6 @@
 Name: cloud-init
 Version: 21.4
-Release: 27
+Release: 28
 Summary: the defacto multi-distribution package that handles early initialization of a cloud instance.
 License: ASL 2.0 or GPLv3
 URL: http://launchpad.net/cloud-init
@@ -76,6 +76,9 @@ Patch6041: backport-fix-growpart-race-4618.patch
 Patch6042: backport-handle-error-when-log-file-is-empty-4859.patch
 Patch6043: backport-fix-Logging-sensitive-data.patch
 Patch6044: backport-ec2-Do-not-enable-dhcp6-on-EC2.patch
+Patch6045: backport-fix-azure-disable-use-dns-for-secondary-nics-5314.patch
+Patch6046: backport-fix-net-Make-duplicate-route-add-succeed.-5343.patch
+Patch6047: backport-fix-netplan-Fix-predictable-interface-rename-issue-5.patch
 
 BuildRequires: pkgconfig(systemd) python3-devel python3-setuptools systemd
 BuildRequires: iproute python3-configobj python3-httpretty >= 0.8.14-2
@@ -186,6 +189,14 @@ fi
 %exclude /usr/share/doc/*
 
 %changelog
+* Tue Jun 11 2024 shixuantong <shixuantong1@huawei.com> - 21.4-28
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:disable use-dns for secondary nics
+       Make duplicate route add succeed
+       Fix predictable interface rename issue
+
 * Wed May 8 2024 dongyuzhen <dongyuzhen@h-partners.com> - 21.4-27
 - Type:bugfix
 - CVE:NA