-
Bug
-
Resolution: Done
-
Undefined
-
None
-
4.12
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
Rejected
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
At hypershift the workload nodes are virt-launcher pods running on infra clusters using the infra cluster network CIDR, when a lod balancer service is created at infra to connect to the a tenant service the SYN,ACK at tenant does not reach the infra cluster.
Version-Release number of selected component (if applicable):
How reproducible:
Always
Steps to Reproduce:
1. Create a hypershift cluster at ocp 4.12 2. Apply the openshift-service-example.yaml to tenant cluster 3. curl the infra new load balancer service generated by hypershift to access the tenant http server.
Actual results:
Curl does not response
Expected results:
Curl response with hello world
Additional info:
After some tcpdump investigations at tenant looks like the tcp SYN,ACK is never reaching the infra cluster. Some tcpdump work: https://docs.google.com/document/d/1NJ54ONmBCr4keLE_DXUQyUKlcMghKUd7b3cbpO2Ce7k/edit#heading=h.in0i5l12rukz Infra must-gather: https://drive.google.com/file/d/1XT2ZqR6jQRZSbCC8qj-6sQzR_LoiealD/view?usp=sharing Checking the ovs-controller logs at the tenant worker we have the following warnings 2022-09-16T06:28:47.277Z|00132|physical|WARN|Failed to locate tunnel to reach main chassis e4bcf439-6f2e-47e4-b58c-9a18455b625d for port jtor-GR_nargaman-hosted-l7bsv. Cloning packets disabled for the chassis.
