openshift
diff --git a/‎modules/how-the-live-migration-process-works.adoc
Lines changed: 102 additions & 0 deletions b/‎modules/how-the-live-migration-process-works.adoc
Lines changed: 102 additions & 0 deletions
diff --git a/‎modules/live-migration-metrics-information.adoc
Lines changed: 54 additions & 0 deletions b/‎modules/live-migration-metrics-information.adoc
Lines changed: 54 additions & 0 deletions
diff --git a/‎modules/nw-network-plugin-migration-process.adoc
Lines changed: 5 additions & 3 deletions b/‎modules/nw-network-plugin-migration-process.adoc
Lines changed: 5 additions & 3 deletions
diff --git a/‎modules/nw-ovn-kubernetes-checking-live-migration-metrics.adoc
Lines changed: 75 additions & 0 deletions b/‎modules/nw-ovn-kubernetes-checking-live-migration-metrics.adoc
Lines changed: 75 additions & 0 deletions
diff --git a/‎modules/nw-ovn-kubernetes-live-migration-about.adoc
Lines changed: 88 additions & 0 deletions b/‎modules/nw-ovn-kubernetes-live-migration-about.adoc
Lines changed: 88 additions & 0 deletions
@@ -0,0 +1,102 @@
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.adoc
+
+ifeval::["{context}" == "migrate-to-openshift-sdn"]
+:sdn: OpenShift SDN
+:previous-sdn: OVN-Kubernetes
+:type: OpenShiftSDN
+endif::[]
+ifeval::["{context}" == "migrate-from-openshift-sdn"]
+:sdn: OVN-Kubernetes
+:previous-sdn: OpenShift SDN
+:type: OVNKubernetes
+endif::[]
+
+[id="how-the-live-migration-process-works_{context}"]
+= How the live migration process works
+
+The following table summarizes the live migration process by segmenting between the user-initiated steps in the process and the actions that the migration script performs in response.
+
+.Live migration to OVNKubernetes from OpenShiftSDN
+[cols="1,1a",options="header"]
+|===
+|User-initiated steps|Migration activity
+ifdef::openshift-rosa,openshift-dedicated[]
+| Add the `unsupported-red-hat-internal-testing` annotation to the cluster-level network configuration. 
+| The Cluster Network Operator (CNO) acknowledges the unsupported testing environment.
+endif::[]
+
+| Patch the cluster-level networking configuration by changing the `networkType` from `OpenShiftSDN` to `OVNKubernetes`.
+| 
+Cluster Network Operator (CNO)::
++
+--
+* Sets migration-related fields in the `network.operator` custom resource (CR) and waits for routable MTUs to be applied to all nodes.
+* Patches the `network.operator` CR to set the migration mode to `Live` for OVN-Kubernetes and deploys the OpenShift SDN network plugin in migration mode.
+* Deploys OVN-Kubernetes with hybrid overlay enabled, ensuring that no racing conditions occur.
+* Waits for the OVN-Kubernetes deployment and updates the conditions in the status of the `network.config` CR.
+* Triggers the Machine Config Operator (MCO) to apply the new machine config to each machine config pool, which includes node cordoning, draining, and rebooting.
+* OVN-Kubernetes adds nodes to the appropriate zones and recreates pods using OVN-Kubernetes as the default CNI plugin.
+* Removes migration-related fields from the network.operator CR and performs cleanup actions, such as deleting OpenShift SDN resources and redeploying OVN-Kubernetes in normal mode with the necessary configurations.
+* Waits for the OVN-Kubernetes redeployment and updates the status conditions in the `network.config` CR to indicate migration completion. If your migration is blocked, see "Checking live migration metrics" for information on troubleshooting the issue.
+--
+|===
+
+////
+ifeval::["{context}" == "migrate-from-openshift-sdn"]
+If a rollback to OpenShift SDN is required, the following table describes the process.
+
+[IMPORTANT]
+====
+You must wait until the migration process from OpenShift SDN to OVN-Kubernetes network plugin is successful before initiating a rollback.
+====
+
+.Performing a rollback to OpenShift SDN
+[cols="1,1a",options="header"]
+|===
+
+|User-initiated steps|Migration activity
+
+|Suspend the MCO to ensure that it does not interrupt the migration.
+|The MCO stops.
+
+|
+Set the `migration` field of the `Network.operator.openshift.io` custom resource (CR) named `cluster` to `OpenShiftSDN`. Make sure the `migration` field is `null` before setting it to a value.
+|
+CNO:: Updates the status of the `Network.config.openshift.io` CR named `cluster` accordingly.
+
+|Update the `networkType` field.
+|
+CNO:: Performs the following actions:
++
+--
+* Destroys the OVN-Kubernetes control plane pods.
+* Deploys the OpenShift SDN control plane pods.
+* Updates the Multus objects to reflect the new network plugin.
+--
+
+|
+Reboot each node in the cluster.
+|
+Cluster:: As nodes reboot, the cluster assigns IP addresses to pods on the OpenShift-SDN network.
+
+|
+Enable the MCO after all nodes in the cluster reboot.
+|
+MCO:: Rolls out an update to the systemd configuration necessary for OpenShift SDN; the MCO updates a single machine per pool at a time by default, so the total time the migration takes increases with the size of the cluster.
+
+|===
+endif::[]
+
+////
+
+ifdef::sdn[]
+:!sdn:
+endif::[]
+ifdef::previous-sdn[]
+:!previous-sdn:
+endif::[]
+ifdef::type[]
+:!type:
+endif::[]
@@ -0,0 +1,54 @@
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="live-migration-metrics-information"]
+= Information about live migration metrics
+
+The following table shows you the available metrics and the label values populated from the `openshift_network_operator_live_migration_procedure` expression. Use this information to monitor progress or to troubleshoot the migration.
+
+
+.Live migration metrics
+[cols="1a,1a",options="header"]
+|===
+| Metric | Label values
+| 
+*`openshift_network_operator_live_migration_blocked:`*::
++
+--
+A Prometheus gauge vector metric. A metric that contains a constant `1` value labeled with the reason that the CNI live migration might not have started. This metric is available when the CNI live migration has started by annotating the `Network` custom resource. +
+This metric is not published unless the live migration is blocked. 
+--
+| 
+The list of label values includes the following::
++
+--
+* `UnsupportedCNI`: Unable to migrate to the unsupported target CNI. Valid CNI is `OVNKubernetes` when migrating from OpenShift SDN.
+* `UnsupportedHyperShiftCluster`: Live migration is unsupported within an HCP cluster.
+* `UnsupportedSDNNetworkIsolationMode`: OpenShift SDN is configured with an unsupported network isolation mode `Multitenant`. Migrate to a supported network isolation mode before performing live migration.
+* `UnsupportedMACVLANInterface`: Remove the egress router or any pods which contain the pod annotation `pod.network.openshift.io/assign-macvlan`. 
+Find the offending pod's namespace or pod name with the following command: +
+ +
+`oc get pods -Ao=jsonpath='{range .items[?(@.metadata.annotations.pod\.network\.openshift\.io/assign-macvlan=="")]}{@.metadata.namespace}{"\t"}{@.metadata.name}{"\n"}'`.
+--
+
+| 
+*`openshift_network_operator_live_migration_condition:`*::
++
+--
+A metric which represents the status of each condition type for the CNI live migration. The set of status condition types is defined for `network.config` to support observability of the CNI live migration. +
+A `1` value represents condition status `true`. A `0` value represents `false`. `-1` represents unknown. This metric is available when the CNI live migration has started by annotating the `Network` custom resource (CR). +
+This metric is only available when the live migration has been triggered by adding the relevant annotation to the `Network` CR cluster, otherwise, it is not published. If the following condition types are not present within the Network CR cluster, the metric and their labels are cleared.
+--
+| 
+The list of label values includes the following::
++
+--
+* `NetworkTypeMigrationInProgress`
+* `NetworkTypeMigrationTargetCNIAvailable`
+* `NetworkTypeMigrationTargetCNIInUse`
+* `NetworkTypeMigrationOriginalCNIPurged`
+* `NetworkTypeMigrationMTUReady`
+--
+|===
@@ -15,11 +15,11 @@ ifeval::["{context}" == "migrate-from-openshift-sdn"]
 endif::[]
 
 [id="how-the-migration-process-works_{context}"]
-= How the migration process works
+= How the offline migration process works
 
 The following table summarizes the migration process by segmenting between the user-initiated steps in the process and the actions that the migration performs in response.
 
-.Migrating to {sdn} from {previous-sdn}
+.Offline migration to {sdn} from {previous-sdn}
 [cols="1,1a",options="header"]
 |===
 
@@ -38,7 +38,7 @@ CNO:: Performs the following actions:
 --
 * Destroys the {previous-sdn} control plane pods.
 * Deploys the {sdn} control plane pods.
-* Updates the Multus objects to reflect the new network plugin.
+* Updates the Multus daemon sets and config map objects to reflect the new network plugin.
 --
 
 |
@@ -48,6 +48,7 @@ Cluster:: As nodes reboot, the cluster assigns IP addresses to pods on the {sdn}
 
 |===
 
+////
 ifeval::["{context}" == "migrate-from-openshift-sdn"]
 If a rollback to OpenShift SDN is required, the following table describes the process.
 
@@ -92,6 +93,7 @@ MCO:: Rolls out an update to the systemd configuration necessary for OpenShift S
 
 |===
 endif::[]
+////
 
 ifdef::sdn[]
 :!sdn:
 
@@ -0,0 +1,75 @@
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="checking-live-migration-metrics"]
+= Checking live migration metrics 
+
+Metrics are available to monitor the progress of the live migration. Metrics can be viewed on the {product-title} web console, or by using the `oc` CLI.
+
+.Prerequisites
+
+* You have initiated a live migration to OVN-Kubernetes.
+
+.Procedure
+
+. To view live migration metrics on the {product-title} web console:
+
+.. Click *Observe* -> *Metrics*.
+
+.. In the *Expression* box, type *openshift_network* and click the *openshift_network_operator_live_migration_procedure* option. 
+
+. To view metrics by using the `oc` CLI:
+
+.. Enter the following command to generate a token for the `prometheus-k8s` service account in the `openshift-monitoring` namespace:
++
+[source,terminal]
+----
+$ oc create token prometheus-k8s -n openshift-monitoring
+----
++
+.Example output
++
+[source,terminal]
+----
+eyJhbGciOiJSUzI1NiIsImtpZCI6IlZiSUtwclcwbEJ2VW9We...
+----
+
+.. Enter the following command to request information about the `openshift_network_operator_live_migration_condition` metric:
++
+[source,terminal]
+----
+$ oc -n openshift-monitoring exec -c prometheus prometheus-k8s-0 -- curl -k -H "Authorization: <eyJhbGciOiJSUzI1NiIsImtpZCI6IlZiSUtwclcwbEJ2VW9We...>" "https://<openshift_API_endpoint>" --data-urlencode "query=openshift_network_operator_live_migration_condition" | jq`
+----
++
+.Example output
++
+[source,terminal]
+----
+ "status": "success",
+  "data": {
+    "resultType": "vector",
+    "result": [
+      {
+        "metric": {
+          "__name__": "openshift_network_operator_live_migration_condition",
+          "container": "network-operator",
+          "endpoint": "metrics",
+          "instance": "10.0.83.62:9104",
+          "job": "metrics",
+          "namespace": "openshift-network-operator",
+          "pod": "network-operator-6c87754bc6-c8qld",
+          "prometheus": "openshift-monitoring/k8s",
+          "service": "metrics",
+          "type": "NetworkTypeMigrationInProgress"
+        },
+        "value": [
+          1717653579.587,
+          "1"
+        ]
+      },
+...
+----
+
+The table in "Information about live migration metrics" shows you the available metrics and the label values populated from the `openshift_network_operator_live_migration_procedure` expression. Use this information to monitor progress or to troubleshoot the migration.
@@ -0,0 +1,88 @@
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.adoc
+
+[id="nw-ovn-kubernetes-live-migration-about_{context}"]
+= Live migration to the OVN-Kubernetes network plugin overview
+
+The live migration method is the process in which the OpenShift SDN network plugin and its network configurations, connections, and associated resources, are migrated to the OVN-Kubernetes network plugin without service interruption. It is available for {product-title}, {product-dedicated}, {product-rosa}, and Azure Red Hat OpenShift deployment types. It is not available for HyperShift deployment types. This migration method is valuable for deployment types that require constant service availability and offers the following benefits:
+
+* Continuous service availability
+* Minimized downtime
+* Automatic node rebooting
+* Seamless transition from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin
+
+Although a rollback procedure is provided, the live migration is intended to be a one-way process.
+
+include::snippets/sdn-deprecation-statement.adoc[]
+
+The following sections provide more information about the live migration method.
+
+[id="supported-platforms-live-migrating-ovn-kubernetes"]
+== Supported platforms when using the live migration method
+
+The following table provides information about the supported platforms for the live migration type.
+
+.Supported platforms for the live migration method
+[cols="1,1", options="header"]
+|===
+| Platform              | Live Migration
+
+| Bare metal hardware (IPI and UPI)             |&#10003;
+| Amazon Web Services (AWS) (IPI and UPI)       |&#10003;
+| Google Cloud Platform (GCP) (IPI and UPI)     |&#10003;
+| {ibm-cloud-name} (IPI and UPI)                |&#10003;
+| Microsoft Azure (IPI and UPI)                 |&#10003;
+| {rh-openstack-first} (IPI and UPI)            |&#10003;
+| VMware vSphere (IPI and UPI)                  |&#10003;
+| AliCloud (IPI and UPI)                        |&#10003;
+| Nutanix (IPI and UPI)                         |&#10003;
+|===
+
+[id="considerations-live-migrating-ovn-kubernetes-network-provider_{context}"]
+== Considerations for live migration to the OVN-Kubernetes network plugin
+
+Before using the live migration method to the OVN-Kubernetes network plugin, cluster administrators should consider the following information:
+
+* The live migration procedure is unsupported for clusters with OpenShift SDN multitenant mode enabled. 
+
+* Egress router pods block the live migration process. They must be removed before beginning the live migration process.
+
+* During the live migration, multicast, egress IP addresses, and egress firewalls are temporarily disabled. They can be migrated from OpenShift SDN to OVN-Kubernetes after the live migration process has finished.
+
+* The migration is intended to be a one-way process. However, for users that want to rollback to OpenShift-SDN, migration from OpenShift-SDN to OVN-Kubernetes must have succeeded. Users can follow the same procedure below to migrate to the OpenShift SDN network plugin from the OVN-Kubernetes network plugin.
+
+* The live migration is not supported on HyperShift clusters.
+
+* OpenShift SDN does not support IPsec. After the migration, cluster administrators can enable IPsec.
+
+* OpenShift SDN does not support IPv6. After the migration, cluster administrators can enable dual-stack.
+
+* The cluster MTU is the MTU value for pod interfaces. It is always less than your hardware MTU to account for the cluster network overlay overhead. The overhead is 100 bytes for OVN-Kubernetes and 50 bytes for OpenShift SDN.
++
+During the live migration, both OVN-Kubernetes and OpenShift SDN run in parallel. OVN-Kubernetes manages the cluster network of some nodes, while OpenShift SDN manages the cluster network of others. To ensure that cross-CNI traffic remains functional, the Cluster Network Operator updates the routable MTU to ensure that both CNIs share the same overlay MTU. As a result, after the migration has completed, the cluster MTU is 50 bytes less.
+
+* Some parameters of OVN-Kubernetes cannot be changed after installation. The following parameters can be set only before starting the live migration:
+
+** `InternalTransitSwitchSubnet`
+** `internalJoinSubnet`
+
+* Unless otherwise configured, OVN-Kubernetes uses the following IP address ranges:
+** `100.64.0.0/1`. This IP address range is used for the `internalJoinSubnet` parameter of OVN-Kubernetes by default. If this IP address range is already in use, enter the following command to update it to `100.63.0.0/16`:
++
+[source,terminal]
+----
+$ oc patch network.operator.openshift.io cluster --type='merge' -p='{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"ipv4":{"internalJoinSubnet": "100.63.0.0/16"}}}}}'
+----
+** `100.88.0.0/16`. This IP address range is used for the `internalTransSwitchSubnet` parameter of OVN-Kubernetes by default. If this IP address range is already in use by another network, enter the following command to update it to `100.99.0.0/16`:
++
+[source,terminal]
+----
+$ oc patch network.operator.openshift.io cluster --type='merge' -p='{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"ipv4":{"internalTransitSwitchSubnet": "100.99.0.0/16"}}}}}'
+----
+
+* In most cases, the live migration is independent of the secondary interfaces of pods created by the Multus CNI plugin. However, if these secondary interfaces were set up on the default network interface controller (NIC) of the host, for example, using MACVLAN, IPVLAN, SR-IOV, or bridge interfaces with the default NIC as the control node, OVN-Kubernetes might encounter malfunctions. Users should remove such configurations before proceeding with the live migration.
+
+* When there are multiple NICs inside of the host, and the default route is not on the interface that has the Kubernetes NodeIP, you must use the offline migration instead.
+
+* All `DaemonSet` objects in the `openshift-sdn` namespace, which are not managed by the Cluster Network Operator (CNO), must be removed before initiating the live migration. These unmanaged daemon sets can cause the migration status to remain incomplete if not properly handled.