|
| 1 | +// Module included in the following assemblies: |
| 2 | +// |
| 3 | +// * networking/cluster-network-operator.adoc |
| 4 | + |
| 5 | +:_mod-docs-content-type: PROCEDURE |
| 6 | +[id="nw-cno-enable-ip-forwarding_{context}"] |
| 7 | += Enabling IP forwarding globally |
| 8 | + |
| 9 | +From {product-title} 4.14 onward, global IP address forwarding is disabled on OVN-Kubernetes based cluster deployments to prevent undesirable effects for cluster administrators with nodes acting as routers. However, in some cases where an administrator expects traffic to be forwarded a new configuration parameter `ipForwarding` is available to allow forwarding of all IP traffic. |
| 10 | + |
| 11 | +To re-enable IP forwarding for all traffic on OVN-Kubernetes managed interfaces set the `gatewayConfig.ipForwarding` specification in the Cluster Network Operator to `Global` following this procedure: |
| 12 | + |
| 13 | +.Procedure |
| 14 | + |
| 15 | +. Backup the existing network configuration by running the following command: |
| 16 | ++ |
| 17 | +[source,terminal] |
| 18 | +---- |
| 19 | +$ oc get network.operator cluster -o yaml > network-config-backup.yaml |
| 20 | +---- |
| 21 | + |
| 22 | +. Run the following command to modify the existing network configuration: |
| 23 | ++ |
| 24 | +[source,terminal] |
| 25 | +---- |
| 26 | +$ oc edit network.operator cluster |
| 27 | +---- |
| 28 | + |
| 29 | +.. Add or update the following block under `spec` as illustrated in the following example: |
| 30 | ++ |
| 31 | +[source,yaml] |
| 32 | +---- |
| 33 | +spec: |
| 34 | + clusterNetwork: |
| 35 | + - cidr: 10.128.0.0/14 |
| 36 | + hostPrefix: 23 |
| 37 | + serviceNetwork: |
| 38 | + - 172.30.0.0/16 |
| 39 | + networkType: OVNKubernetes |
| 40 | + clusterNetworkMTU: 8900 |
| 41 | + defaultNetwork: |
| 42 | + ovnKubernetesConfig: |
| 43 | + gatewayConfig: |
| 44 | + ipForwarding: Global |
| 45 | +---- |
| 46 | + |
| 47 | +.. Save and close the file. |
| 48 | + |
| 49 | +. After applying the changes, the OpenShift Cluster Network Operator (CNO) applies the update across the cluster. You can monitor the progress by using the following command: |
| 50 | ++ |
| 51 | +[source,terminal] |
| 52 | +---- |
| 53 | +$ oc get clusteroperators network |
| 54 | + |
| 55 | +---- |
| 56 | ++ |
| 57 | +The status should eventually report as `Available`, `Progressing=False`, and `Degraded=False`. |
| 58 | +
|
| 59 | +. Alternatively, you can enable IP forwarding globally by running the following command: |
| 60 | ++ |
| 61 | +[source,terminal] |
| 62 | +---- |
| 63 | +$ oc patch network.operator cluster -p '{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"gatewayConfig":{"ipForwarding": "Global"}}}}} |
| 64 | +---- |
| 65 | ++ |
| 66 | +[NOTE] |
| 67 | +==== |
| 68 | +The other valid option for this parameter is `Restricted` in case you want to revert this change. `Restricted` is the default and with that setting global IP address forwarding is disabled. |
| 69 | +==== |
| 70 | +
|
0 commit comments