Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-2257

[Submariner] - subctl firewall check unable to check established connection

XMLWordPrintable

    • False
    • None
    • False
    • No

      Description of problem:

      ACM 2.7 / Submariner 0.14.0

      During execution of subctl diagnose firewall inter-cluster between vsphere and other clusters, the following error appears:

       ✗ Checking if tunnels can be setup on the gateway node of cluster "o4-ibmvm-sub-01" 
 ✗ Error: the tcpdump output from the sniffer pod does not include the message sent from client pod. Please check that your firewall configuration allows UDP/4505 traffic on the "o4-ibmvm-sub-01-jpq6k-worker-blmz5" node
 ✗ Could not determine if Tunnels can be established on the gateway node of cluster "o4-ibmvm-sub-01"

      But the connection is established and e2e test are passing.

        - lastTransitionTime: "2022-12-01T17:48:26Z"
    message: |-
      The connection between clusters "o4-ibmvm-sub-01" and "mbabushk-az" is established
      The connection between clusters "o4-ibmvm-sub-01" and "mbabushk-aws" is established
    reason: ConnectionsEstablished
    status: "False"
    type: SubmarinerConnectionDegraded

      As well as the gateway state on the cluster:

      apiVersion: v1
items:
- apiVersion: submariner.io/v1
  kind: Gateway
  metadata:
    annotations:
      update-timestamp: "1669930698"
    creationTimestamp: "2022-12-01T17:48:20Z"
    generation: 2749
    name: o4-ibmvm-sub-01-jpq6k-worker-blmz5
    namespace: submariner-operator
    resourceVersion: "360674"
    uid: 50ae43e8-ff25-4f5e-be02-a386ea9330d7
  status:
    connections:
    - endpoint:
        backend: libreswan
        backend_config:
          natt-discovery-port: "4490"
          preferred-server: "false"
          udp-port: "4505"
        cable_name: submariner-cable-mbabushk-az-10-0-212-0
        cluster_id: mbabushk-az
        healthCheckIP: 242.2.255.254
        hostname: mbabushk-az-m7pph-subgw-centralus-3-w8z59
        nat_enabled: true
        private_ip: 10.0.212.0
        public_ip: 40.122.236.218
        subnets:
        - 242.2.0.0/16
      latencyRTT:
        average: 13.906135ms
        last: 13.8326ms
        max: 93.933783ms
        min: 13.461306ms
        stdDev: 462.167µs
      status: connected
      statusMessage: ""
      usingIP: 40.122.236.218
      usingNAT: true
    - endpoint:
        backend: libreswan
        backend_config:
          natt-discovery-port: "4490"
          preferred-server: "false"
          udp-port: "4505"
        cable_name: submariner-cable-mbabushk-aws-10-0-44-32
        cluster_id: mbabushk-aws
        healthCheckIP: 242.1.255.254
        hostname: ip-10-0-44-32
        nat_enabled: true
        private_ip: 10.0.44.32
        public_ip: 18.212.34.132
        subnets:
        - 242.1.0.0/16
      latencyRTT:
        average: 29.898625ms
        last: 29.837087ms
        max: 97.414251ms
        min: 29.562071ms
        stdDev: 539.426µs
      status: connected
      statusMessage: ""
      usingIP: 18.212.34.132
      usingNAT: true
    haStatus: active
    localEndpoint:
      backend: libreswan
      backend_config:
        natt-discovery-port: "4490"
        preferred-server: "false"
        udp-port: "4505"
      cable_name: submariner-cable-o4-ibmvm-sub-01-150-240-97-218
      cluster_id: o4-ibmvm-sub-01
      hostname: o4-ibmvm-sub-01-jpq6k-worker-blmz5
      nat_enabled: true
      private_ip: 150.240.97.218
      public_ip: 150.240.97.218
      subnets:
      - 242.0.0.0/16
    statusFailure: ""
    version: v0.14.0
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

              tpanteli Thomas Pantelis
              mbabushk@redhat.com Maxim Babushkin
              Maxim Babushkin Maxim Babushkin
              ACM QE Team
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: