Skip to content

[enterprise-4.17] : Address EgressIP for sec interface consideration to nw… #103005

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 25, 2025
Merged

[enterprise-4.17] : Address EgressIP for sec interface consideration to nw… #103005

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions modules/nw-egress-ips-multi-nic-considerations.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,12 +28,16 @@ You can determine which other network interfaces might support egress IP address
OVN-Kubernetes provides a mechanism to control and direct outbound network traffic from specific namespaces and pods. This ensures that it exits the cluster through a particular network interface and with a specific egress IP address.
====

For users who want an egress IP address and traffic to be routed over a particular interface that is not the primary network interface, the following conditions must be met:
As an administrator who wants an egress IP address and traffic to route over a particular interface that is not the primary network interface, you must meet the following conditions:

* {product-title} is installed on a bare-metal cluster. This feature is disabled within a cloud or a hypervisor environment.

* Your {product-title} pods are not configured as _host-networked_.

* If a network interface is removed or if the IP address and subnet mask which allows the egress IP address to be hosted on the interface is removed, the egress IP address is reconfigured. Consequently, the egress IP address could be assigned to another node and interface.
* You understand that if a network interface is removed or if the IP address and subnet mask which allows the egress IP address to be hosted on the interface is removed, reconfiguration of the egress IP address occurs. Consequently, the egress IP address might get assigned to another node and interface.

* If you use an Egress IP address on a secondary network interface card (NIC), you must use the Node Tuning Operator to enable IP forwarding on the secondary NIC.
* If you use an Egress IP address on a secondary network interface card (NIC), you must use the Node Tuning Operator to enable IP forwarding on the secondary NIC.

* You configured a NIC with routes by ensuring a gateway exists in the main routing table. As a postinstallation task, Red Hat does not support configuring a NIC on a cluster that uses OVN-Kubernetes.

* Routes associated with an egress interface get copied from the main routing table to the routing table that was created to support the Egress IP object.