cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
yamope
Cadet
Cadet
‎08-15-2025 05:58 PM
  • 390 Views

OCP 4.16 Deployment – Master and Worker Nodes on Different Subnets?

I am planning to install OpenShift Container Platform (OCP) version 4.16 with the following topology:

  • 3 master nodes (control plane)

  • 3 worker nodes (data plane)

Question:
Can the master node IP addresses and the worker node IP addresses be in different network subnets? If yes, what are the technical considerations or requirements for such a setup?

The compliance team has advised that:

  • Master nodes (control plane) must be in the control-plane subnet.

  • Worker nodes (data plane) must be in the data-plane subnet.

Proposed configuration:

 

 
apilb01 api-loadbalancer01.com.vn 10.1.13.103 255.255.0.0
apilb02 api-loadbalancer02.com.vn 10.1.13.104 255.255.0.0
apilbvip 10.1.13.105
ingresslb01 ingress-loadbalancer01.com.vn 172.16.1.11 255.255.0.0
ingresslb02 ingress-loadbalancer02.com.vn 172.16.1.12 255.255.0.0
ingresslbvip 172.16.1.13
*.apps *.apps.com.vn 172.16.1.13 255.255.0.0
master01 master01.com.vn 10.1.13.85 255.255.0.0
master02 master02.com.vn 10.1.13.86 255.255.0.0
master03 master03.com.vn 10.1.13.87 255.255.0.0
worker01 worker01.com.vn 172.16.1.85 255.255.0.0
worker02 worker02.com.vn 172.16.1.86 255.255.0.0
worker03 worker03.com.vn 172.16.1.87 255.255.0.0
Labels (1)
Labels
Join the discussion
3 Replies
Chetan_Tiwary_
Community Manager
Community Manager
‎08-15-2025 06:17 PM
  • 384 Views

@yamope Refer this documentation : https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/nodes/remote-worker-...  

https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/deploying_ins...  

https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/nodes/remote-worker-...

some obvious things that one need inorder is that routing works seamlessly between all your subnets. You want to be sure the installer understands how these subnets are set up.

Also, be sure to put your Ingress VIP in the right spot.

yamope
Cadet
Cadet
‎08-16-2025 05:31 AM
  • 351 Views

Thanks Chetan, It's value for me.

I also found some other redhat topic metion about this too. The next question is do we know what is best practise : All workers and master the same subnet or separate ? or depend on use cases? if yes, what are use cases?  ( I'm going to looking for this information and update , looking forward for your rep too)
example:

https://issues.redhat.com/browse/OCPSTRAT-462

or 

https://access.redhat.com/solutions/7018925

Issue

  • The worker nodes are in different subnets and there's a requirement to place the ingressVIP virtual IP address exclusively with the control plane nodes.
  • How to configure ingressVIP to be placed over control plane nodes only in vSphere?

Resolution

  • From OpenShift 4.13 onwards, it's possible to configure network components to run on the control plane such as ingressVIP.
  • First, create the install-config.yaml file and then manifests from it.

 

Chetan_Tiwary_
Community Manager
Community Manager
‎08-17-2025 04:41 PM
  • 296 Views

@yamope 

The decision between a single, unified network and a split, segmented one comes down to your cluster's goals.

For simplicity, a single subnet for both the control plane and workers works well. It is a great choice for smaller, contained environments.

If you need to scale, spread your cluster across different locations, or meet specific security rules, separating your subnets is a much better choice. For remote deployments, strict security needs, or certain cloud offerings, using segmented subnets is the best practice. Refer the same here in OCP doc :

Chetan_Tiwary__3-1755445255055.png

 

Also from the same OCP dcouments ,I can see that you must place the ingress VIP on the control plane :

Chetan_Tiwary__1-1755444669263.png

Check the same in Azure Red Hat Openshift ( ARO ) :

 

Chetan_Tiwary__0-1755444624553.png

Red Hat Openshift on AWS ( ROSA ) :

Chetan_Tiwary__2-1755444820084.png

 

0 Kudos
Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2025 Red Hat, Inc. Privacy policy Terms of use