Uploaded image for project: 'OpenShift Virtualization'
  1. OpenShift Virtualization
  2. CNV-10590

[1885605] It is not possible to reconfigure node's default interface using NodeNetworkConfigurationPolicy when OVN Kubernetes is used

XMLWordPrintable

    • 0.42
    • False
    • False
    • Telco:Case Telco, cnvcu0, NoActiveCustomerTickets
    • NEW
    • Release Notes
    • CNV-16692 - Networking OVN and UDN Integration
    • Hide
      Previously known issue is now fixed in 4.15. Please update the RN text.

      If your OpenShift Container Platform cluster uses OVN-Kubernetes as the default Container Network Interface (CNI) provider, you cannot attach a Linux bridge or bonding device to a host’s default interface because of a change in the host network topology of OVN-Kubernetes. (BZ#1885605)

      As a workaround, you can use a secondary network interface connected to your host, or switch to the OpenShift SDN default CNI provider.
      Show
      Previously known issue is now fixed in 4.15. Please update the RN text. If your OpenShift Container Platform cluster uses OVN-Kubernetes as the default Container Network Interface (CNI) provider, you cannot attach a Linux bridge or bonding device to a host’s default interface because of a change in the host network topology of OVN-Kubernetes. (BZ#1885605) As a workaround, you can use a secondary network interface connected to your host, or switch to the OpenShift SDN default CNI provider.
    • Bug Fix
    • Proposed
    • ---
    • ---
    • High
    • No

      Description of problem:

      One of the common network setups of OpenShift Virtualization is a VM connected to both the default OpenShift network and also to a secondary network providing flat L2 network. This flat L2 network is needed to allow users to do PXE booting and to maintain open connections during live migrations. This network may be also used to isolate part of the traffic or provide better performance.

      This network is provided by configuring a Linux bridge on cluster nodes. This bridge is connected either directly or through a bonding to a physical NIC. Later, users can be connected to these bridges using Multus+Linux bridge CNI.

      When users have only a single NIC available on their nodes, it is not uncommon to use this NIC for both the default network and for a secondary L2 network. In these cases we configure a linux bridge on top of the NIC and move the original IP of the NIC on top of the bridge. That way, this network can be still used by the default SDN while also utilized for secondary L2 connections.

      With a recent change of the gateway mode in OVN Kubernetes, the default NIC of a host is now attached to an OVS bridge "br-ex". Due to that, it is not possible anymore to use this NIC under a Linux bridge.

      This change in OVN Kubernetes breaks a common setup of OpenShift Virtualization and worse - it prevents customers who used this setup in previous versions from upgrading.

      Version-Release number of selected component (if applicable):
      OCP 4.6
      CNV 2.5

      How reproducible:
      Always

      Steps to Reproduce:
      1. Deploy OCP and CNV, with OVN Kubernetes used as the network plugin
      2. Create a Linux bridge on top of the default interface using:

      cat <<EOF | oc apply -f -
      apiVersion: nmstate.io/v1alpha1
      kind: NodeNetworkConfigurationPolicy
      metadata:
      name: br10-eth1
      spec:
      desiredState:
      interfaces:

      • name: br10
        type: linux-bridge
        state: up
        ipv4:
        enabled: false
        bridge:
        port:
      • name: eth0
        EOF

      Actual results:
      Configuration fails since the interface is already assigned to br-ex.

      Expected results:
      We are still able to configure bridges on top of the default network.

              phoracek@redhat.com Petr Horacek
              phoracek@redhat.com Petr Horacek
              Yossi Segev Yossi Segev
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: