Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-19904

[4.12] Egress appears to be splitting traffic between all applicable egress IPs instead of selecting a primary host address

XMLWordPrintable

      Description of problem:

      Customer has identified that we are seeing packets leave from two egressIPs to the same target address and port; splitting traffic instead of selecting a primary interface to use as egress when multiple egress IPs are

      Version-Release number of selected component (if applicable):

      OCP 4.10.30

      How reproducible:

      every time on customer endpoint

      Steps to Reproduce:

      1. Deploy egressIP object with two selected IPs in valid range, scope eip to namespace with pods reaching to upstream source.
2. Capture packets at target and observe incoming packets from two separate sources attempting to continue conversation with continued ACKs instead of starting a new conversation with SYN on first contact from new IP.
3. traffic is fragmented, dropped/rejected by host for not coming from same origination point between requests from openshift-hosted services through EIP(s)

      Actual results:

      Traffic is dropped at target due to two origin points

      Expected results:

      traffic should flow from single eip as leader.

      Additional info:

      issue is mitigated when EIP is set to only include a single IP address; (occurs on multiple egressIPs deployed across multiple projects; multiple clusters affected in customer environment)

See next comments for specific information/case number/data sets and conversation.

            rravaiol@redhat.com Riccardo Ravaioli
            rhn-support-wrussell Will Russell
            Jean Chen Jean Chen
            Dan Williams (Inactive), Dumitru Ceara
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: