Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-19904

[4.12] Egress appears to be splitting traffic between all applicable egress IPs instead of selecting a primary host address

XMLWordPrintable

      Description of problem:

      Customer has identified that we are seeing packets leave from two egressIPs to the same target address and port; splitting traffic instead of selecting a primary interface to use as egress when multiple egress IPs are 

      Version-Release number of selected component (if applicable):

      OCP 4.10.30
      

      How reproducible:

      every time on customer endpoint

      Steps to Reproduce:

      1. Deploy egressIP object with two selected IPs in valid range, scope eip to namespace with pods reaching to upstream source.
      2. Capture packets at target and observe incoming packets from two separate sources attempting to continue conversation with continued ACKs instead of starting a new conversation with SYN on first contact from new IP.
      3. traffic is fragmented, dropped/rejected by host for not coming from same origination point between requests from openshift-hosted services through EIP(s)
      

      Actual results:

      Traffic is dropped at target due to two origin points

      Expected results:

      traffic should flow from single eip as leader.

      Additional info:

      issue is mitigated when EIP is set to only include a single IP address; (occurs on multiple egressIPs deployed across multiple projects; multiple clusters affected in customer environment)
      
      See next comments for specific information/case number/data sets and conversation.

              rravaiol@redhat.com Riccardo Ravaioli
              rhn-support-wrussell Will Russell
              Jean Chen Jean Chen
              Dan Williams (Inactive), Dumitru Ceara
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: