Details
-
Bug
-
Resolution: Unresolved
-
Major
-
4.13.z
-
Critical
-
No
-
SDN Sprint 246, SDN Sprint 247, SDN Sprint 248
-
3
-
False
-
-
Users can now use a new way to configure session affinity without a timeout in OVNK which is to set the timeout to 86400 seconds, in which case affinity is treat like permanent unless we have network disruptions like endpoints or nodes going down.
-
Enhancement
-
In Progress
-
Network
-
customers who need session affinity
Description
UDP Packets are subject to SNAT in a self-managed OCP 4.13.13 cluster on Azure (OVN-K as CNI) using a Load Balancer Service with `externalTrafficPolicy: Local`. UDP Packets correctly arrive to the Node hosting the Pod but the source IP seen by the Pod is the OVN GW Router of the Node.
I've reproduced the customer scenario with the following steps:
- Deploy a blank enviroment on Azure using [demo lab | https://demo.redhat.com/catalog?item=babylon-catalog-prod/azure-gpte.open-environment-azure-subscription.prod&utm_source=webapp&utm_medium=share-link ]
- Install an OCP 4.13.13 cluster with the installer
- Use this GitHub repo to deploy a simple UDP server
- Run `oc apply -f server.yaml` to deploy Deployment and Service resources
- application listens on 10001 for UDP traffic, while the load balancer listens on 10001 for UDP traffic and forward it on 10001 pod port
- Using nc from the bastion host to connect to the external load balancer IP and starting writing something
This is issue is very critical because it is blocking customer business.
Attachments
Issue Links
- blocks
-
-
- Closed
-
- is blocked by
-
-
- New
-
- is cloned by
-
-
- Closed
-
- links to
-
RHEA-2024:0041
OpenShift Container Platform 4.16.z bug fix update
