Skip to content

Update Pod CIDR recommendation with RFC 6598 #322

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update Pod CIDR recommendation with RFC 6598 #322

wants to merge 1 commit into from

Conversation

tyler-lloyd
Copy link

Added reference to RFC 6598 for Pod CIDR private ranges.

Addresses Azure/AKS#5299

@tyler-lloyd
Update Pod CIDR recommendation with RFC 6598
4e79f90 
Added reference to RFC 6598 for Pod CIDR private ranges.
@prmerger-automator
Copy link
Contributor

@tyler-lloyd : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

@learn-build-service-prod
Copy link
Contributor

Learn Build status updates of commit 4e79f90:

✅ Validation status: passed

File Status Preview URL Details
articles/aks/azure-cni-overlay.md ✅Succeeded

For more details, please refer to the build report.

@v-dirichards v-dirichards requested a review from Copilot October 16, 2025 21:09
@v-dirichards
Copy link
Contributor

@asudbring

Can you review the proposed changes?

Important: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

Copilot
Copilot AI reviewed Oct 16, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Adds an additional standards reference (RFC 6598) to the documentation of recommended Pod CIDR ranges.

  • Expanded list of CIDR standards from only RFC 1918 to also include RFC 6598.
  • Modification occurs in an [!IMPORTANT] advisory block within Azure CNI Overlay guidance.

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

articles/aks/azure-cni-overlay.md

> [!IMPORTANT]
> The private CIDR ranges available for the Pod CIDR are defined in [RFC 1918](https://tools.ietf.org/html/rfc1918). While we don't block the use of public IP ranges, they are considered out of Microsoft's support scope. We recommend using private IP ranges for pod CIDR.
> The private CIDR ranges available for the Pod CIDR are defined in [RFC 1918](https://tools.ietf.org/html/rfc1918) and [RFC 6598](https://tools.ietf.org/html/rfc6598). While we don't block the use of public IP ranges, they are considered out of Microsoft's support scope. We recommend using private IP ranges for pod CIDR.
Copy link

Copilot AI Oct 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RFC 6598 (100.64.0.0/10) defines Shared Address Space for carrier-grade NAT, not private address space like RFC 1918; labeling it as a 'private CIDR range' is inaccurate and may mislead users. Suggest rewording to: 'The address spaces suitable for Pod CIDR include the private ranges defined in RFC 1918 and, where appropriate, the shared address space (RFC 6598, 100.64.0.0/10). Note that RFC 6598 is reserved for carrier-grade NAT and its use may have operational implications.'

Suggested change
> The private CIDR ranges available for the Pod CIDR are defined in [RFC 1918](https://tools.ietf.org/html/rfc1918) and [RFC 6598](https://tools.ietf.org/html/rfc6598). While we don't block the use of public IP ranges, they are considered out of Microsoft's support scope. We recommend using private IP ranges for pod CIDR.
> The address spaces suitable for Pod CIDR include the private ranges defined in [RFC 1918](https://tools.ietf.org/html/rfc1918) and, where appropriate, the shared address space ([RFC 6598](https://tools.ietf.org/html/rfc6598), 100.64.0.0/10). Note that RFC 6598 is reserved for carrier-grade NAT and its use may have operational implications. While we don't block the use of public IP ranges, they are considered out of Microsoft's support scope. We recommend using private IP ranges for pod CIDR.

Copilot uses AI. Check for mistakes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@asudbring asudbring Awaiting requested review from asudbring

+1 more reviewer

@meecethereese meecethereese meecethereese approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@asudbring asudbring

Labels

aks-networking/subsvc aq-pr-triaged azure-kubernetes-service/svc Change sent to author do-not-merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tyler-lloyd @v-dirichards @meecethereese @asudbring