Description of problem: customer attempted OVS->OVN migration on UPI-baremetal OCPv4.6.1 cluster which failed w the following error: Migration failed : illegal network configuration: cluster subnet "100.64.0.0/14" overlaps built-in join subnet "100.64.0.0/16" Version-Release number of selected component (if applicable): OCPv4.6.1 How reproducible: unsure Steps to Reproduce: 1. install UPI-baremetal OCP4.5.13 cluster 2. upgrade to 4.6.1 3. initiate OVS->OVN migration of default SDN Actual results: cluster crashed w the following error: Migration failed : illegal network configuration: cluster subnet "100.64.0.0/14" overlaps built-in join subnet "100.64.0.0/16" Expected results: working cluster w default SDN of OVN Additional info:
It looks like you are using overlapped CIRD for the clusterNetwork "100.64.0.0/14" and serviceNetwork "100.64.0.0/16", which is not allowed by ovn-kubernetes. Also, the new migration document https://github.com/openshift/openshift-docs/pull/26102 for openshift 4.6 has not been released yet. The old procedure would not work on 4.6 cluster.
Assigning to the development branch to investigate. We will consider the backport when the issue is understood.
We'll hold this fix for the next release. The join network is used inside ovn-kubernetes for the ip addresses for the logical join switches on each node. But if those addresses are not reachable outside the cluster we have effectively imposed another requirement on the operator of the cluster. If that's the case, then I think we need to expose this, and indicate what it means (it can overlap with another cluster, the traffic will never be seen outside, but it can't be something that overlaps with a range the cluster is using, or with something the cluster will want to reach. But I don't want to race this in to 4.7, we need to think about this.
## SDN to OVN migration [weliang@weliang sdn2ovn-multus]$ oc exec -c ovnkube-master ovnkube-master-hn8vj -- ovn-nbctl lr-route-list ovn_cluster_router IPv4 Routes Route Table <main>: 100.64.0.2 100.64.0.2 dst-ip 100.64.0.3 100.64.0.3 dst-ip 100.64.0.4 100.64.0.4 dst-ip 100.64.0.5 100.64.0.5 dst-ip 100.64.0.6 100.64.0.6 dst-ip 100.64.0.7 100.64.0.7 dst-ip 10.128.0.0/23 100.64.0.7 src-ip 10.128.2.0/23 100.64.0.5 src-ip 10.129.0.0/23 100.64.0.3 src-ip 10.129.2.0/23 100.64.0.2 src-ip 10.130.0.0/23 100.64.0.6 src-ip 10.131.0.0/23 100.64.0.4 src-ip ##SDN to OVN migration with setting oc patch Network.operator.openshift.io cluster --type='merge' --patch "{\"spec\":{\"defaultNetwork\":{\"ovnKubernetesConfig\":{\"v4InternalSubnet\":\"100.66.0.0/16\"}}}}" [weliang@weliang sdn2ovn-multus]$ oc exec -c ovnkube-master ovnkube-master-xzbdt -- ovn-nbctl lr-route-list ovn_cluster_router IPv4 Routes Route Table <main>: 100.66.0.2 100.66.0.2 dst-ip 100.66.0.3 100.66.0.3 dst-ip 100.66.0.4 100.66.0.4 dst-ip 100.66.0.5 100.66.0.5 dst-ip 100.66.0.6 100.66.0.6 dst-ip 100.66.0.7 100.66.0.7 dst-ip 10.128.0.0/23 100.66.0.6 src-ip 10.128.2.0/23 100.66.0.3 src-ip 10.129.0.0/23 100.66.0.5 src-ip 10.129.2.0/23 100.66.0.2 src-ip 10.130.0.0/23 100.66.0.4 src-ip 10.131.0.0/23 100.66.0.7 src-ip [weliang@weliang sdn2ovn-multus]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.12.0-0.nightly-2022-09-08-114806 True False 63m Cluster version is 4.12.0-0.nightly-2022-09-08-114806 [weliang@weliang sdn2ovn-multus]$
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7399