-
Bug
-
Resolution: Done
-
Major
-
None
-
CNV v4.15.0
-
2
-
False
-
-
False
-
-
None
-
Bug Fix
-
Rejected
-
---
-
---
-
-
No
Description of problem:
If you create a NetworkAttachmentDefinition using our example, it will set macspoofchk to true.
This will cause packet flow issues for any VM using a bonded interface, including active-backup using fail_over_mac mode 0 or 2.
macspoofchk defaults to false. We should use defaults in our example or explicitly call out the defaults in the information about the setting.
Our example:
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: bridge-network
annotations:
k8s.v1.cni.cncf.io/resourceName: bridge.network.kubevirt.io/bridge-interface
spec:
config: '{
"cniVersion": "0.3.1",
"name": "bridge-network",
"type": "cnv-bridge",
"bridge": "bridge-interface",
"macspoofchk": true,
"vlan": 100,
"preserveDefaultVlan": false
}'
Version-Release number of selected component (if applicable):
4.16
How reproducible:
Always
Steps to Reproduce:
1. Baremetal OCP with OCP Virt Installed 2. Create NetworkAttachmentDefinition based on our example 3. Attach NICs to VMs 4. Build OCP Cluster with VMs using an active-backup nmstate bonding config
Actual results:
The install will fail and network traffic will be dropped due to the macspoofchk being set to true.
Expected results:
Successful install.
Additional info:
https://docs.openshift.com/container-platform/4.15/virt/vm_networking/virt-connecting-vm-to-linux-bridge.html#virt-creating-linux-bridge-nad-cli_virt-connecting-vm-to-linux-bridge
- clones
-
-
- Closed
-
- links to
