Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-23915

A network policy applies also to ICMP

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • 2
    • None
    • No
    • None
    • None
    • None
    • OSDOCS Sprint 245, OSDOCS Sprint 246
    • 2
    • None
    • Release Note Not Required
    • N/A
    • None
    • None
    • None
    • None

      Description of problem:

      docs state, that

"A network policy applies to only the TCP, UDP, and SCTP protocols. Other protocols are not affected."
  
When applying network policies to a pod, also ICMP (ping) is restricted.

      Version-Release number of selected component (if applicable):

      How reproducible:

          always

      Steps to Reproduce:

          1. create two unselected pods with ping utility installed
    2. ping pod2 from pod1 (result: success)
    3. apply a egress networkpolicy to pod1 (or an ingress networkpolicy to pod2), allowing only port 8080 (i.e)
    4. ping pod2 from pod1 (result: fail)

      Actual results:

      Expected results:

      Additional info:

      Using OVNKubernetes on Openshift 4.14
This seems to be a doc issue, not a technical issue. only the line "A network policy applies to only the TCP, UDP, and SCTP protocols. Other protocols are not affected." seems to be inaccurate

              jaldinge@redhat.com Joe Aldinger
              sluetzen Steffen Lützenkirchen
              Arti Sood Arti Sood
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: