Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-54166

Public IP range used for Example for Private IP range

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Normal Normal
    • 4.16
    • 4.15, 4.16
    • Documentation / SDN
    • None
    • Low
    • None
    • 3
    • OSDOCS Sprint 268
    • 1
    • False
    • Hide

      None

      Show
      None

      Description of problem:

          In this document, the migration from OpenShiftSDN to OVNKubernetes is described:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/networking/ovn-kubernetes-network-plugin#initiating-limited-live-migration_migrate-from-openshift-sdn

In this documentation there is the following sentence:

"If the 100.64.0.0/16 IP address range is already in use, enter the following command to patch it to a different range. The following example uses 100.63.0.0/16."

This is not a good example. The subnet 100.63.0.0/16 falls outside the 100.64.0.0/10 network which is reserved for internal networks as described here: https://en.wikipedia.org/wiki/Reserved_IP_addresses

$ ipcalc 100.64.0.0/10
Address:   100.64.0.0           01100100.01 000000.00000000.00000000
Netmask:   255.192.0.0 = 10     11111111.11 000000.00000000.00000000
Wildcard:  0.63.255.255         00000000.00 111111.11111111.11111111
=>
Network:   100.64.0.0/10        01100100.01 000000.00000000.00000000
HostMin:   100.64.0.1           01100100.01 000000.00000000.00000001
HostMax:   100.127.255.254      01100100.01 111111.11111111.11111110
Broadcast: 100.127.255.255      01100100.01 111111.11111111.11111111
Hosts/Net: 4194302               Class A

In fact, that subnet, appears to be the property of Amazon, as shown by the following whois command:

$ whois 100.63.0.1

NetRange:       100.48.0.0 - 100.63.255.255
CIDR:           100.48.0.0/12
NetName:        AMAZO-4
NetHandle:      NET-100-48-0-0-1
Parent:         NET100 (NET-100-0-0-0-0)
NetType:        Direct Allocation
OriginAS:
Organization:   Amazon.com, Inc. (AMAZO-4)
RegDate:        2024-12-12
Updated:        2024-12-12
Ref:            https://rdap.arin.net/registry/ip/100.48.0.0

This means that if a cluster operator used 100.63.0.0/16 as a subnet for OVNKubernetes, they would risk certain Amazon networks to not be accessible / routable from within the cluster pods. Such a problem would also be fairly tricky to troubleshoot.

The following network subnets would be better examples to use:
- 100.69.0.0/16
- 100.70.0.0/16
- 100.71.0.0/16
- 100.72.0.0/16

      Version-Release number of selected component (if applicable):

          4.15, 4.16

      How reproducible:

          Always

      Steps to Reproduce:

          1.see docs
    2.
    3.

      Actual results:

          public IP

      Expected results:

          Private IP

      Additional info:

            [OCPBUGS-54166] Public IP range used for Example for Private IP range

            Darragh Fitzmaurice made changes -
            Resolution New: Done [ 1 ]
            Status Original: Verified [ 10015 ] New: Release Pending [ 15735 ]
            OpenShift Prow Bot made changes -
            Remote Link New: This issue links to "openshift/openshift-docs#91319: [enterprise-4.15] OCPBUGS-54166: Updats IP+subnet mask in patching-ovnk-address-ranges.… (Web Link)" [ 2015334 ]

            Zhanqi Zhao added a comment -

            the fixed PR LGTM , move this to verified

            Zhanqi Zhao added a comment - the fixed PR LGTM , move this to verified
            Zhanqi Zhao made changes -
            Status Original: POST [ 15726 ] New: Verified [ 10015 ]
            Darragh Fitzmaurice made changes -
            Status Original: ASSIGNED [ 14452 ] New: POST [ 15726 ]
            OpenShift Prow Bot made changes -
            Remote Link New: This issue links to "openshift/openshift-docs#91041: OCPBUGS-54166: Updats IP+subnet mask in patching-ovnk-address-ranges.… (Web Link)" [ 2008192 ]
            Darragh Fitzmaurice made changes -
            Sprint New: OSDOCS Sprint 268 [ 62108 ]
            Story Points New: 3
            Darragh Fitzmaurice made changes -
            Status Original: New [ 10016 ] New: ASSIGNED [ 14452 ]
            Darragh Fitzmaurice made changes -
            Fix Version/s New: 4.16 [ 12417854 ]
            Darragh Fitzmaurice made changes -
            Assignee Original: OCP DocsBot [ ocp-docs-bot ] New: Darragh Fitzmaurice [ dfitzmau@redhat.com ]
            Portfolio Life Cycle Management Automation Bot made changes -
            PX Impact Score New: 6022
            Tyler Walker made changes -
            QA Contact New: Zhanqi Zhao [ zzhao.coreos ]
            Tyler Walker created issue -

              dfitzmau@redhat.com Darragh Fitzmaurice
              rhn-support-tywalker Tyler Walker
              Zhanqi Zhao Zhanqi Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: