[OCPBUGS-54166] Public IP range used for Example for Private IP range - Red Hat Issue Tracker

Type: Bug
Resolution: Done
Priority: Normal
Fix Version/s: 4.16
Affects Version/s: 4.15, 4.16
Component/s: Documentation / SDN
Labels:
None

Severity:
Low
Regression:
None
Story Points:
3
Sprint:
OSDOCS Sprint 268
sprint_count:
1
Blocked:
False
Blocked Reason:

Hide

None

Show
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Description of problem:

    In this document, the migration from OpenShiftSDN to OVNKubernetes is described:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/networking/ovn-kubernetes-network-plugin#initiating-limited-live-migration_migrate-from-openshift-sdn

In this documentation there is the following sentence:

"If the 100.64.0.0/16 IP address range is already in use, enter the following command to patch it to a different range. The following example uses 100.63.0.0/16."

This is not a good example. The subnet 100.63.0.0/16 falls outside the 100.64.0.0/10 network which is reserved for internal networks as described here: https://en.wikipedia.org/wiki/Reserved_IP_addresses

$ ipcalc 100.64.0.0/10
Address:   100.64.0.0           01100100.01 000000.00000000.00000000
Netmask:   255.192.0.0 = 10     11111111.11 000000.00000000.00000000
Wildcard:  0.63.255.255         00000000.00 111111.11111111.11111111
=>
Network:   100.64.0.0/10        01100100.01 000000.00000000.00000000
HostMin:   100.64.0.1           01100100.01 000000.00000000.00000001
HostMax:   100.127.255.254      01100100.01 111111.11111111.11111110
Broadcast: 100.127.255.255      01100100.01 111111.11111111.11111111
Hosts/Net: 4194302               Class A

In fact, that subnet, appears to be the property of Amazon, as shown by the following whois command:

$ whois 100.63.0.1

NetRange:       100.48.0.0 - 100.63.255.255
CIDR:           100.48.0.0/12
NetName:        AMAZO-4
NetHandle:      NET-100-48-0-0-1
Parent:         NET100 (NET-100-0-0-0-0)
NetType:        Direct Allocation
OriginAS:
Organization:   Amazon.com, Inc. (AMAZO-4)
RegDate:        2024-12-12
Updated:        2024-12-12
Ref:            https://rdap.arin.net/registry/ip/100.48.0.0

This means that if a cluster operator used 100.63.0.0/16 as a subnet for OVNKubernetes, they would risk certain Amazon networks to not be accessible / routable from within the cluster pods. Such a problem would also be fairly tricky to troubleshoot.

The following network subnets would be better examples to use:
- 100.69.0.0/16
- 100.70.0.0/16
- 100.71.0.0/16
- 100.72.0.0/16

Version-Release number of selected component (if applicable):

    4.15, 4.16

How reproducible:

    Always

Steps to Reproduce:

    1.see docs
    2.
    3.

Actual results:

    public IP

Expected results:

    Private IP

Additional info:

links to

openshift/openshift-docs#91041: OCPBUGS-54166: Updats IP+subnet mask in patching-ovnk-address-ranges.…

openshift/openshift-docs#91319: [enterprise-4.15] OCPBUGS-54166: Updats IP+subnet mask in patching-ovnk-address-ranges.…

Assignee:: Darragh Fitzmaurice

Reporter:: Tyler Walker

QA Contact:: Zhanqi Zhao

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/03/24 3:58 PM

Updated:: 2025/03/31 11:09 AM

Resolved:: 2025/03/31 11:09 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide