From a2ff11dc103523edd05607f6f7256d8cb78d0a78 Mon Sep 17 00:00:00 2001 From: Kevin Quinn Date: Wed, 23 Oct 2024 16:30:38 +0100 Subject: [PATCH] TELCODOCS-2087 Document how to Enabling IP forwarding globally Adding peer review comments --- modules/nw-cno-enable-ip-forwarding.adoc | 70 ++++++++++++++++++++++++ networking/cluster-network-operator.adoc | 2 + 2 files changed, 72 insertions(+) create mode 100644 modules/nw-cno-enable-ip-forwarding.adoc diff --git a/modules/nw-cno-enable-ip-forwarding.adoc b/modules/nw-cno-enable-ip-forwarding.adoc new file mode 100644 index 0000000000..eefcc4c55f --- /dev/null +++ b/modules/nw-cno-enable-ip-forwarding.adoc @@ -0,0 +1,70 @@ +// Module included in the following assemblies: +// +// * networking/cluster-network-operator.adoc + +:_mod-docs-content-type: PROCEDURE +[id="nw-cno-enable-ip-forwarding_{context}"] += Enabling IP forwarding globally + +From {product-title} 4.14 onward, global IP address forwarding is disabled on OVN-Kubernetes based cluster deployments to prevent undesirable effects for cluster administrators with nodes acting as routers. However, in some cases where an administrator expects traffic to be forwarded a new configuration parameter `ipForwarding` is available to allow forwarding of all IP traffic. + +To re-enable IP forwarding for all traffic on OVN-Kubernetes managed interfaces set the `gatewayConfig.ipForwarding` specification in the Cluster Network Operator to `Global` following this procedure: + +.Procedure + +. Backup the existing network configuration by running the following command: ++ +[source,terminal] +---- +$ oc get network.operator cluster -o yaml > network-config-backup.yaml +---- + +. Run the following command to modify the existing network configuration: ++ +[source,terminal] +---- +$ oc edit network.operator cluster +---- + +.. Add or update the following block under `spec` as illustrated in the following example: ++ +[source,yaml] +---- +spec: + clusterNetwork: + - cidr: 10.128.0.0/14 + hostPrefix: 23 + serviceNetwork: + - 172.30.0.0/16 + networkType: OVNKubernetes + clusterNetworkMTU: 8900 + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + ipForwarding: Global +---- + +.. Save and close the file. + +. After applying the changes, the OpenShift Cluster Network Operator (CNO) applies the update across the cluster. You can monitor the progress by using the following command: ++ +[source,terminal] +---- +$ oc get clusteroperators network + +---- ++ +The status should eventually report as `Available`, `Progressing=False`, and `Degraded=False`. + +. Alternatively, you can enable IP forwarding globally by running the following command: ++ +[source,terminal] +---- +$ oc patch network.operator cluster -p '{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"gatewayConfig":{"ipForwarding": "Global"}}}}} +---- ++ +[NOTE] +==== +The other valid option for this parameter is `Restricted` in case you want to revert this change. `Restricted` is the default and with that setting global IP address forwarding is disabled. +==== + diff --git a/networking/cluster-network-operator.adoc b/networking/cluster-network-operator.adoc index 07a037691d..fc139c3db5 100644 --- a/networking/cluster-network-operator.adoc +++ b/networking/cluster-network-operator.adoc @@ -14,6 +14,8 @@ include::modules/nw-cno-view.adoc[leveloffset=+1] include::modules/nw-cno-status.adoc[leveloffset=+1] +include::modules/nw-cno-enable-ip-forwarding.adoc[leveloffset=+1] + include::modules/nw-cno-logs.adoc[leveloffset=+1] include::modules/nw-operator-cr.adoc[leveloffset=+1]