openshift-docs/modules/nw-cno-enable-ip-forwarding.adoc

// Module included in the following assemblies:
//
// * networking/cluster-network-operator.adoc

:_mod-docs-content-type: PROCEDURE
[id="nw-cno-enable-ip-forwarding_{context}"]
= Enabling IP forwarding globally

[role="_abstract"]
From {product-title} 4.14 onward, OVN-Kubernetes disables global IP forwarding by default. By setting the Cluster Network Operator `gatewayConfig.ipForwarding` spec to `Global`, you can enable cluster-wide forwarding.

.Procedure

. Backup the existing network configuration by running the following command:
+
[source,terminal]
----
$ oc get network.operator cluster -o yaml > network-config-backup.yaml
----

. Run the following command to modify the existing network configuration:
+
[source,terminal]
----
$ oc edit network.operator cluster
----

.. Add or update the following block under `spec` as illustrated in the following example:
+
[source,yaml]
----
spec:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  serviceNetwork:
  - 172.30.0.0/16
  networkType: OVNKubernetes
  clusterNetworkMTU: 8900
  defaultNetwork:
    ovnKubernetesConfig:
      gatewayConfig:
        ipForwarding: Global
----

.. Save and close the file.

. After applying the changes, the OpenShift Cluster Network Operator (CNO) applies the update across the cluster. You can monitor the progress by using the following command:
+
[source,terminal]
----
$ oc get clusteroperators network

----
+
The status should eventually report as `Available`, `Progressing=False`, and `Degraded=False`.

. Alternatively, you can enable IP forwarding globally by running the following command:
+
[source,terminal]
----
$ oc patch network.operator cluster -p '{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"gatewayConfig":{"ipForwarding": "Global"}}}}}' --type=merge
----
+
[NOTE]
====
The other valid option for this parameter is `Restricted` in case you want to revert this change. `Restricted` is the default and with that setting global IP address forwarding is disabled.
====