Network ‐ OVN Routing Health Check

Description

This rule checks that the routing table contains routes via OVN management interfaces (ovn-k8s-mp0, ovn-k8s-mp1, etc.), which are essential for:

• Pod-to-pod communication
• Pod-to-service communication
• Cluster network connectivity
• Node-to-API server connectivity

Prerequisites

• OpenShift cluster with OVN-Kubernetes networking
• OVN controller running on node
• OVN management interface created (ovn-k8s-mp)
• Command: ip

Impact

Missing OVN routes cause complete network failure:

• Pod communication failure - Pods cannot communicate with other pods
• Service networking broken - Pods cannot reach Kubernetes services
• Node NotReady state - Node cannot reach API server
• DNS resolution failure - Pods cannot reach DNS (CoreDNS)
• Application failures - All pod workloads fail networking
• Cluster degradation - Node effectively isolated from cluster

Root Cause

Common scenarios causing missing OVN routes:

• OVN Controller Not Running
• OVN Management Interface Missing
• OVN Database Connectivity Issues
• OVN Configuration Errors
• System Routing Table Corruption

Diagnostics

Check the routing table for routes via OVN management interface:

# Display all routes
ip route show

# Look for routes via ovn-k8s-mp0 or ovn-k8s-mp1
ip route show | grep ovn-k8s-mp

# Check if OVN management interface exists and is UP
ip link show | grep ovn-k8s-mp
ip link show ovn-k8s-mp0

The node should have routes via the OVN management interface (ovn-k8s-mp0 or ovn-k8s-mp1).

Resources

• Red Hat KB Article 7053694 - Routing issues with routingViaHost and secondary interfaces
• Red Hat KB Article 6962558 - OVN-Kubernetes ignores host routes for outgoing traffic
• OpenShift - OVN-Kubernetes network provider
• OpenShift - Troubleshooting network issues
• OVN - Architecture
• OVN - Controller