|
| 1 | +// Module included in the following assemblies: |
| 2 | +// |
| 3 | +// * networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc |
| 4 | + |
| 5 | +:_mod-docs-content-type: REFERENCE |
| 6 | +[id="virt-routes-route-rules_{context}"] |
| 7 | += Routes and route rules |
| 8 | + |
| 9 | +[role="_abstract"] |
| 10 | +After you configure an IP address for a network interface, you can configure routes and route rules in the NMState configuration for cluster nodes. |
| 11 | + |
| 12 | +[IMPORTANT] |
| 13 | +==== |
| 14 | +You cannot use the OVN-Kubernetes `br-ex` bridge as the next hop interface when configuring a static route unless you manually configured a customized `br-ex` bridge. |
| 15 | +
|
| 16 | +For more information, see "Creating a manifest object that includes a customized br-ex bridge" in the _Deploying installer-provisioned clusters on bare metal_ document or the _Installing a user-provisioned cluster on bare metal_ document. |
| 17 | +==== |
| 18 | + |
| 19 | +The `routes` parameter defines static routes and these routes determine the traffic that leaves the network interfaces and the destination network for the traffic. Supported values include `running` and `config`. |
| 20 | + |
| 21 | +[NOTE] |
| 22 | +==== |
| 23 | +After you apply an NMState configuration to cluster nodes and you want to change existing routes, you must specify the old route with the `state: absent` parameter and the new route with the `state: present` parameter. The NMState Operator can then delete the old route and apply the new route to cluster nodes. |
| 24 | +
|
| 25 | +Setting the `state` parameter to `ignore` means that the Operator ignores certain routes. |
| 26 | +==== |
| 27 | + |
| 28 | +The `route-rules` parameter implements a policy-based routing capability for cluster nodes. This capability allows traffic that originates from a different source IP address to be segregated and routed through different gateways and network paths. |
| 29 | + |
| 30 | +The following YAML configuration shows a static route and a static IP confiuration on interface `eth1`: |
| 31 | + |
| 32 | +[source,yaml] |
| 33 | +---- |
| 34 | +dns-resolver: |
| 35 | + config: |
| 36 | +# ... |
| 37 | +interfaces: |
| 38 | + - name: eth1 |
| 39 | + description: Static routing on eth1 |
| 40 | + type: ethernet |
| 41 | + state: up |
| 42 | + ipv4: |
| 43 | + dhcp: false |
| 44 | + enabled: true |
| 45 | + address: |
| 46 | + - ip: 192.0.2.251 |
| 47 | + prefix-length: 24 |
| 48 | +route-rules: |
| 49 | + config: |
| 50 | + - ip-from: 198.51.100.0/24 |
| 51 | + priority: 1000 |
| 52 | + route-table: 200 |
| 53 | +routes: |
| 54 | + config: |
| 55 | + - destination: 198.51.100.0/24 |
| 56 | + next-hop-interface: eth1 |
| 57 | + next-hop-address: 192.0.2.1 |
| 58 | + metric: 150 |
| 59 | + table-id: 200 |
| 60 | +# ... |
| 61 | +---- |
| 62 | +* `config.ip-from`: Applies a rule to any network packet that originates from the specified IP address. |
| 63 | +* `config.priority`: Sets the priority order for the rule. |
| 64 | +* `config.route-table`: Specifies the routing table that the Operator uses to check that network traffic matches the `ip-from` condition. |
| 65 | +* `address.ip`: The static IP address for the Ethernet interface. |
| 66 | +* `config.next-hop-address`: The next hop address for the node traffic. This must be in the same subnet as the IP address set for the Ethernet interface. |
| 67 | +
|
0 commit comments