Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1894268

Summary: SDN to OVN migration problem due to overlap with "Join network"
Product: OpenShift Container Platform Reporter: milti leonard <mleonard>
Component: NetworkingAssignee: Peng Liu <pliu>
Networking sub component: ovn-kubernetes QA Contact: Weibin Liang <weliang>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: bbennett, bleanhar, dahernan, erich, jboxman, mharri, pliu, rh-container, rupatel, sgarciam, yaoli, zzhao
Version: 4.6Keywords: Reopened, Upgrades
Target Milestone: ---   
Target Release: 4.12.0   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-01-17 19:46:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description milti leonard 2020-11-03 21:39:38 UTC 
Description of problem:

customer attempted OVS->OVN migration on UPI-baremetal OCPv4.6.1 cluster which failed w the following error:

Migration failed : illegal network configuration: cluster subnet "100.64.0.0/14" overlaps built-in join subnet "100.64.0.0/16"

Version-Release number of selected component (if applicable):

OCPv4.6.1

How reproducible:

unsure

Steps to Reproduce:
1. install UPI-baremetal OCP4.5.13 cluster 
2. upgrade to 4.6.1
3. initiate OVS->OVN migration of default SDN

Actual results:

cluster crashed w the following error: 
Migration failed : illegal network configuration: cluster subnet "100.64.0.0/14" overlaps built-in join subnet "100.64.0.0/16"

Expected results:

working cluster w default SDN of OVN
Additional info:
Comment 1 Peng Liu 2020-11-04 01:20:28 UTC 
It looks like you are using overlapped CIRD for the clusterNetwork "100.64.0.0/14" and serviceNetwork "100.64.0.0/16", which is not allowed by ovn-kubernetes.

Also, the new migration document https://github.com/openshift/openshift-docs/pull/26102 for openshift 4.6 has not been released yet. The old procedure would not work on 4.6 cluster.
Comment 10 Ben Bennett 2020-11-05 14:18:45 UTC 
Assigning to the development branch to investigate.  We will consider the backport when the issue is understood.
Comment 14 Ben Bennett 2020-12-14 15:46:32 UTC 
We'll hold this fix for the next release.

The join network is used inside ovn-kubernetes for the ip addresses for the logical join switches on each node.  But if those addresses are not reachable outside the cluster we have effectively imposed another requirement on the operator of the cluster.

If that's the case, then I think we need to expose this, and indicate what it means (it can overlap with another cluster, the traffic will never be seen outside, but it can't be something that overlaps with a range the cluster is using, or with something the cluster will want to reach.

But I don't want to race this in to 4.7, we need to think about this.
Comment 26 Weibin Liang 2022-09-09 20:59:12 UTC 
## SDN to OVN migration
[weliang@weliang sdn2ovn-multus]$ oc exec -c ovnkube-master ovnkube-master-hn8vj -- ovn-nbctl lr-route-list ovn_cluster_router
IPv4 Routes
Route Table <main>:
               100.64.0.2                100.64.0.2 dst-ip
               100.64.0.3                100.64.0.3 dst-ip
               100.64.0.4                100.64.0.4 dst-ip
               100.64.0.5                100.64.0.5 dst-ip
               100.64.0.6                100.64.0.6 dst-ip
               100.64.0.7                100.64.0.7 dst-ip
            10.128.0.0/23                100.64.0.7 src-ip
            10.128.2.0/23                100.64.0.5 src-ip
            10.129.0.0/23                100.64.0.3 src-ip
            10.129.2.0/23                100.64.0.2 src-ip
            10.130.0.0/23                100.64.0.6 src-ip
            10.131.0.0/23                100.64.0.4 src-ip




##SDN to OVN migration with setting oc patch Network.operator.openshift.io cluster --type='merge' --patch "{\"spec\":{\"defaultNetwork\":{\"ovnKubernetesConfig\":{\"v4InternalSubnet\":\"100.66.0.0/16\"}}}}"
[weliang@weliang sdn2ovn-multus]$ oc exec -c ovnkube-master ovnkube-master-xzbdt -- ovn-nbctl lr-route-list ovn_cluster_router
IPv4 Routes
Route Table <main>:
               100.66.0.2                100.66.0.2 dst-ip
               100.66.0.3                100.66.0.3 dst-ip
               100.66.0.4                100.66.0.4 dst-ip
               100.66.0.5                100.66.0.5 dst-ip
               100.66.0.6                100.66.0.6 dst-ip
               100.66.0.7                100.66.0.7 dst-ip
            10.128.0.0/23                100.66.0.6 src-ip
            10.128.2.0/23                100.66.0.3 src-ip
            10.129.0.0/23                100.66.0.5 src-ip
            10.129.2.0/23                100.66.0.2 src-ip
            10.130.0.0/23                100.66.0.4 src-ip
            10.131.0.0/23                100.66.0.7 src-ip

[weliang@weliang sdn2ovn-multus]$ oc get clusterversion
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.12.0-0.nightly-2022-09-08-114806   True        False         63m     Cluster version is 4.12.0-0.nightly-2022-09-08-114806
[weliang@weliang sdn2ovn-multus]$
Comment 29 errata-xmlrpc 2023-01-17 19:46:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399