Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-16051

MetalLB does not work when traffic comes from a secondary nic

    XMLWordPrintable

Details

    • Critical
    • Yes
    • Proposed
    • False
    • Hide

      None

      Show
      None
    • Hide
      For {product-title} 4.14.0 and future versions, global IP forwarding is disabled by default on OVN-Kubernetes based cluster deployments.

      New cluster deployments with secondary host network interfaces requiring IP forwarding must enable it. See xref (see <link to doc documenting CNO new parameter added in https://issues.redhat.com/browse/OCPBUGS-3176&gt;).

      For clusters upgrading to OpenShift 4.14, IP forwarding configuration will remain untouched to avoid disruption of existing workloads. You can disable global IP forwarding if you do not need to harden security.
      Show
      For {product-title} 4.14.0 and future versions, global IP forwarding is disabled by default on OVN-Kubernetes based cluster deployments. New cluster deployments with secondary host network interfaces requiring IP forwarding must enable it. See xref (see <link to doc documenting CNO new parameter added in https://issues.redhat.com/browse/OCPBUGS-3176&gt;) . For clusters upgrading to OpenShift 4.14, IP forwarding configuration will remain untouched to avoid disruption of existing workloads. You can disable global IP forwarding if you do not need to harden security.
    • Known Issue
    • Proposed
    • Hide
      08/18: We added the release notes requirements and have the docs team involved to complete the required text. Green for 4.14.
      08/08: Short term solution path for 4.14 was decided. This will need documentation and release notes. The required fields to be updated.

      Show
      08/18: We added the release notes requirements and have the docs team involved to complete the required text. Green for 4.14. 08/08: Short term solution path for 4.14 was decided. This will need documentation and release notes. The required fields to be updated.

    Description

      Description of problem:

      MetalLB does not work when traffic comes from a secondary nic. The root cause of this failure is net.ipv4.ip_forward flag change from 1 to 0. If we re-enable this flag everything works as expected.

      Version-Release number of selected component (if applicable):

      Server Version: 4.14.0-0.nightly-2023-07-05-191022

      How reproducible:

      Run any test case that tests metallb via secondary interface. 

      Steps to Reproduce:

      1.
      2.
      3.
      

      Actual results:

      Test failed

      Expected results:

      Test Passed

      Additional info:

      Looks like this PR is the root cause: https://github.com/openshift/machine-config-operator/pull/3676/files#

      Attachments

        Issue Links

          Activity

            People

              trozet@redhat.com Tim Rozet
              nkononov@redhat.com Nikita Kononov
              Arti Sood Arti Sood
              Donagh Brennan Donagh Brennan
              Votes:
              0 Vote for this issue
              Watchers:
              23 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: