openshift · weliang1 · Jun 18, 2026 · Jun 18, 2026 · Jun 18, 2026 · coderabbitai
diff --git a/bindata/network/ovn-kubernetes/common/008-script-lib.yaml b/bindata/network/ovn-kubernetes/common/008-script-lib.yaml
@@ -604,6 +604,17 @@ data:
         node_mgmt_port_netdev_flags="$node_mgmt_port_netdev_flags --ovnkube-node-mgmt-port-dp-resource-name ${OVNKUBE_NODE_MGMT_PORT_DP_RESOURCE_NAME}"
       fi
 
+      multi_network_enabled_flag=
+      if [[ "{{.OVN_MULTI_NETWORK_ENABLE}}" == "true" && "${OVN_NODE_MODE}" != "dpu-host" ]]; then
+        multi_network_enabled_flag="--enable-multi-network"
+      fi
+
+      network_segmentation_enabled_flag=
+      if [[ "${OVN_NODE_MODE}" != "dpu-host" ]]; then
+        multi_network_enabled_flag="--enable-multi-network"
+        network_segmentation_enabled_flag="--enable-network-segmentation"
+      fi
+
       route_advertisements_enable_flag=
       if [[ "{{.OVN_ROUTE_ADVERTISEMENTS_ENABLE}}" == "true" ]]; then
         route_advertisements_enable_flag="--enable-route-advertisements"

diff --git a/bindata/network/ovn-kubernetes/managed/004-config.yaml b/bindata/network/ovn-kubernetes/managed/004-config.yaml
@@ -40,7 +40,9 @@ data:
 {{- if .ReachabilityNodePort }}
     egressip-node-healthcheck-port={{.ReachabilityNodePort}}
 {{- end }}
+    {{- if not .OVN_MULTI_NETWORK_ENABLE }}
     enable-multi-network=true
+    {{- end }}
     enable-network-segmentation=true
     enable-preconfigured-udn-addresses=true
 
@@ -128,7 +130,12 @@ data:
 {{- if .ReachabilityNodePort }}
     egressip-node-healthcheck-port={{.ReachabilityNodePort}}
 {{- end }}
+{{- if .OVN_MULTI_NETWORK_ENABLE }}
+    enable-multi-network=true
+{{- end }}
+    {{- if not .OVN_MULTI_NETWORK_ENABLE }}
     enable-multi-network=true
+    {{- end }}
     enable-network-segmentation=true
     enable-preconfigured-udn-addresses=true
 {{- if .OVN_MULTI_NETWORK_POLICY_ENABLE }}

diff --git a/bindata/network/ovn-kubernetes/self-hosted/004-config.yaml b/bindata/network/ovn-kubernetes/self-hosted/004-config.yaml
@@ -46,7 +46,9 @@ data:
 {{- if .ReachabilityNodePort }}
     egressip-node-healthcheck-port={{.ReachabilityNodePort}}
 {{- end }}
+    {{- if not .OVN_MULTI_NETWORK_ENABLE }}
     enable-multi-network=true
+    {{- end }}
-    {{- if not .OVN_MULTI_NETWORK_ENABLE }}
-    enable-multi-network=true
-    {{- end }}
+    enable-multi-network={{.OVN_MULTI_NETWORK_ENABLE}}
-    {{- if not .OVN_MULTI_NETWORK_ENABLE }}
-    enable-multi-network=true
-    {{- end }}
+    enable-multi-network={{.OVN_MULTI_NETWORK_ENABLE}}
     enable-network-segmentation=true
     enable-preconfigured-udn-addresses=true
 {{- if .OVN_MULTI_NETWORK_POLICY_ENABLE }}

diff --git a/pkg/network/ovn_kubernetes.go b/pkg/network/ovn_kubernetes.go
@@ -461,8 +461,13 @@ func renderOVNKubernetes(conf *operv1.NetworkSpec, bootstrapResult *bootstrap.Bo
 	data.Data["NorthdThreads"] = 1
 	data.Data["IsSNO"] = bootstrapResult.OVN.ControlPlaneReplicaCount == 1
 
+	data.Data["OVN_MULTI_NETWORK_ENABLE"] = true
 	data.Data["OVN_MULTI_NETWORK_POLICY_ENABLE"] = false
-	if conf.UseMultiNetworkPolicy != nil && *conf.UseMultiNetworkPolicy {
+	if conf.DisableMultiNetwork != nil && *conf.DisableMultiNetwork {
+		data.Data["OVN_MULTI_NETWORK_ENABLE"] = false
+	} else if conf.UseMultiNetworkPolicy != nil && *conf.UseMultiNetworkPolicy {
+		// Multi-network policy support requires multi-network support to be
+		// enabled
 		data.Data["OVN_MULTI_NETWORK_POLICY_ENABLE"] = true
 	}
 

diff --git a/pkg/network/ovn_kubernetes_test.go b/pkg/network/ovn_kubernetes_test.go
@@ -307,7 +307,6 @@ enable-egress-firewall=true
 enable-egress-qos=true
 enable-egress-service=true
 egressip-node-healthcheck-port=9107
-enable-multi-network=true
 enable-network-segmentation=true
 enable-preconfigured-udn-addresses=true
 enable-admin-network-policy=true
@@ -353,7 +352,6 @@ enable-egress-firewall=true
 enable-egress-qos=true
 enable-egress-service=true
 egressip-node-healthcheck-port=9107
-enable-multi-network=true
 enable-network-segmentation=true
 enable-preconfigured-udn-addresses=true
 enable-admin-network-policy=true
@@ -413,7 +411,6 @@ enable-egress-qos=true
 enable-egress-service=true
 egressip-reachability-total-timeout=3
 egressip-node-healthcheck-port=9107
-enable-multi-network=true
 enable-network-segmentation=true
 enable-preconfigured-udn-addresses=true
 enable-admin-network-policy=true
@@ -475,7 +472,6 @@ enable-egress-qos=true
 enable-egress-service=true
 egressip-reachability-total-timeout=0
 egressip-node-healthcheck-port=9107
-enable-multi-network=true
 enable-network-segmentation=true
 enable-preconfigured-udn-addresses=true
 enable-admin-network-policy=true
@@ -536,7 +532,6 @@ enable-egress-firewall=true
 enable-egress-qos=true
 enable-egress-service=true
 egressip-node-healthcheck-port=9107
-enable-multi-network=true
 enable-network-segmentation=true
 enable-preconfigured-udn-addresses=true
 enable-admin-network-policy=true
@@ -597,7 +592,6 @@ enable-egress-firewall=true
 enable-egress-qos=true
 enable-egress-service=true
 egressip-node-healthcheck-port=9107
-enable-multi-network=true
 enable-network-segmentation=true
 enable-preconfigured-udn-addresses=true
 enable-admin-network-policy=true
@@ -647,7 +641,6 @@ enable-egress-firewall=true
 enable-egress-qos=true
 enable-egress-service=true
 egressip-node-healthcheck-port=9107
-enable-multi-network=true
 enable-network-segmentation=true
 enable-preconfigured-udn-addresses=true
 enable-admin-network-policy=true
@@ -700,7 +693,6 @@ enable-egress-firewall=true
 enable-egress-qos=true
 enable-egress-service=true
 egressip-node-healthcheck-port=9107
-enable-multi-network=true
 enable-network-segmentation=true
 enable-preconfigured-udn-addresses=true
 enable-admin-network-policy=true
@@ -718,6 +710,47 @@ logfile-maxage=0`,
 			controlPlaneReplicaCount: 2,
 			disableGRO:               true,
 		},
+		{
+			desc: "disabled multi-network",
+			expected: `
+[default]
+mtu="1500"
+cluster-subnets="10.128.0.0/15/23,10.0.0.0/14/24"
+encap-port="8061"
+enable-lflow-cache=true
+lflow-cache-limit-kb=1048576
+enable-udp-aggregation=true
+udn-allowed-default-services="default/kubernetes,openshift-dns/dns-default"
+
+[kubernetes]
+service-cidrs="172.30.0.0/16"
+ovn-config-namespace="openshift-ovn-kubernetes"
+apiserver="https://testing.test:8443"
+host-network-namespace="openshift-host-network"
+platform-type="GCP"
+healthz-bind-address="0.0.0.0:10256"
+dns-service-namespace="openshift-dns"
+dns-service-name="dns-default"
+
+[ovnkubernetesfeature]
+egressip-node-healthcheck-port=9107
+enable-multi-network=true
+enable-network-segmentation=true
+enable-preconfigured-udn-addresses=true
+
+[gateway]
+mode=shared
+nodeport=true
+
+[logging]
+libovsdblogfile=/var/log/ovnkube/libovsdb.log
+logfile-maxsize=100
+logfile-maxbackups=5
+logfile-maxage=0`,
+			controlPlaneReplicaCount: 2,
+
+			disableMultiNet: true,
+		},
 		{
 			desc: "enable multi-network policies and admin network policies",
 			expected: `
@@ -746,7 +779,6 @@ enable-egress-firewall=true
 enable-egress-qos=true
 enable-egress-service=true
 egressip-node-healthcheck-port=9107
-enable-multi-network=true
 enable-network-segmentation=true
 enable-preconfigured-udn-addresses=true
 enable-multi-networkpolicy=true
@@ -795,7 +827,6 @@ enable-egress-firewall=true
 enable-egress-qos=true
 enable-egress-service=true
 egressip-node-healthcheck-port=9107
-enable-multi-network=true
 enable-network-segmentation=true
 enable-preconfigured-udn-addresses=true
 enable-admin-network-policy=true
@@ -814,7 +845,7 @@ logfile-maxage=0`,
 			enabledFeatureGates:      []configv1.FeatureGateName{},
 		},
 		{
-			desc: "enable multi-network policies with DisableMultiNetwork",
+			desc: "enable multi-network policies without multi-network support",
 			expected: `
 [default]
 mtu="1500"
@@ -841,12 +872,8 @@ enable-egress-firewall=true
 enable-egress-qos=true
 enable-egress-service=true
 egressip-node-healthcheck-port=9107
-enable-multi-network=true
 enable-network-segmentation=true
 enable-preconfigured-udn-addresses=true
-enable-multi-networkpolicy=true
-enable-admin-network-policy=true
-enable-multi-external-gateway=true
 
 [gateway]
 mode=shared
@@ -890,7 +917,6 @@ enable-egress-firewall=true
 enable-egress-qos=true
 enable-egress-service=true
 egressip-node-healthcheck-port=9107
-enable-multi-network=true
 enable-network-segmentation=true
 enable-preconfigured-udn-addresses=true
 enable-admin-network-policy=true
@@ -937,7 +963,6 @@ enable-egress-firewall=true
 enable-egress-qos=true
 enable-egress-service=true
 egressip-node-healthcheck-port=9107
-enable-multi-network=true
 enable-network-segmentation=true
 enable-preconfigured-udn-addresses=true
 enable-admin-network-policy=true
@@ -983,7 +1008,6 @@ enable-egress-firewall=true
 enable-egress-qos=true
 enable-egress-service=true
 egressip-node-healthcheck-port=9107
-enable-multi-network=true
 enable-network-segmentation=true
 enable-preconfigured-udn-addresses=true
 enable-admin-network-policy=true