From cb3ca21ed9491f36b3f73fc5e96dd9cf3f1de1da Mon Sep 17 00:00:00 2001
From: Traci Morrison <traci.morrison@docker.com>
Date: Mon, 4 Nov 2019 10:52:31 -0500
Subject: [PATCH] Add table for IP ranges

---
 ee/ucp/admin/install/plan-installation.md | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/ee/ucp/admin/install/plan-installation.md b/ee/ucp/admin/install/plan-installation.md
index c6ccf82b68..3554114c22 100644
--- a/ee/ucp/admin/install/plan-installation.md
+++ b/ee/ucp/admin/install/plan-installation.md
@@ -42,11 +42,19 @@ this.
 
 ## Avoid IP range conflicts
 
-Engine `fixed-cidr` - CIDR range for `docker0` interface and local containers, default `172.17.0.0/16`.  
-Engine `default-address-pools` - CIDR range for `docker_gwbridge` interface and bridge networks, default `172.18.0.0/16`.  
-Swarm `default-addr-pool` - CIDR range for Swarm overlay networks, default `10.0.0.0/8`.  
-Kubernetes `pod-cidr` - CIDR range for Kubernetes pods, default `192.168.0.0/16`.  
-Kubernetes `service-cluster-ip-range` - CIDR range for Kubernetes services, default `10.96.0.0/16`.
+The following table indicates which subnet configurations can safely overlap explicitly **between** clusters and which can overlap **within** a cluster.
+
+
+| Subnet                                   | Overlap between clusters             | Overlap within a cluster             |
+|------------------------------------------|------------------------------------------|------------------------------------------|
+| `default-address-pools`                  | Only accessible on the local node.  Can be the same between clusters, even on the same infra subnet. Can be the same on all nodes in a cluster. |                                          |
+| `fixed-cidr` and `bip`                   | docker0 subset of `default-address-pools` and for the purposes of avoiding subnet overlaps, potentially redundant to `default-address-pools`.  Not a required configuration for subnet overlap avoidance. Can be the same on all nodes in a cluster. |                                          |
+| `default-addr-pool`                      | Encapsulated within swarm VXLAN overlay.  Only accessible within the cluster.  Can be the same between clusters, even on the same infra subnet. |                                          |
+| `pod-cidr`[^1]                              | Encapsulated in IP-IP (or VXLAN with forthcoming Windows CNI).  Only accessible from within the cluster.  Can be the same between clusters, even on the same infra subnet.  |                                          |
+| `service-cluster-ip-range`[^1]             | Also encapsulated in IP-IP or VXLAN. Only accessible from within the cluster.  Can be the same between clusters, even on the same infra subnet.  |                                          |
+| `default-address-pool`, `default-addr-pool`, `pod-cidr`, or `service-cluster-ip-range`  |                                          | None of these should overlap between clusters |
+
+[^1]: Azure without Windows VXLAN CNI uses infrastructure routes pod-pod, so whether or not these can overlap between clusters depends on the routing and security policies between the clusters.
 
 ### Engine