-
Bug
-
Resolution: Done-Errata
-
Major
-
4.13.z
-
Critical
-
No
-
SDN Sprint 246, SDN Sprint 247, SDN Sprint 248
-
3
-
False
-
-
-
Enhancement
-
Rejected
-
Network
UDP Packets are subject to SNAT in a self-managed OCP 4.13.13 cluster on Azure (OVN-K as CNI) using a Load Balancer Service with `externalTrafficPolicy: Local`. UDP Packets correctly arrive to the Node hosting the Pod but the source IP seen by the Pod is the OVN GW Router of the Node.
I've reproduced the customer scenario with the following steps:
- Deploy a blank enviroment on Azure using [demo lab | https://demo.redhat.com/catalog?item=babylon-catalog-prod/azure-gpte.open-environment-azure-subscription.prod&utm_source=webapp&utm_medium=share-link ]
- Install an OCP 4.13.13 cluster with the installer
- Use this GitHub repo to deploy a simple UDP server
- Run `oc apply -f server.yaml` to deploy Deployment and Service resources
- application listens on 10001 for UDP traffic, while the load balancer listens on 10001 for UDP traffic and forward it on 10001 pod port
- Using nc from the bastion host to connect to the external load balancer IP and starting writing something
This is issue is very critical because it is blocking customer business.
- blocks
-
OCPBUGS-28818 [4.15.z] Azure - OCP IPI Installation UDP packets are subject to SNAT with LB Service using ETP equals to Local (OVN-Kubernetes as CNI)
- Closed
- is blocked by
-
FDP-223 OVN drops the first packet for session affinity timeout feature
- Closed
- is cloned by
-
OCPBUGS-28818 [4.15.z] Azure - OCP IPI Installation UDP packets are subject to SNAT with LB Service using ETP equals to Local (OVN-Kubernetes as CNI)
- Closed
- links to
-
RHEA-2024:0041 OpenShift Container Platform 4.16.z bug fix update