-
Bug
-
Resolution: Done-Errata
-
Major
-
4.13.z
-
Critical
-
No
-
SDN Sprint 246, SDN Sprint 247, SDN Sprint 248, SDN Sprint 249
-
4
-
False
-
-
Enhancement
-
In Progress
-
Network
-
-
-
customers who need session affinity
-
-
-
UDP Packets are subject to SNAT in a self-managed OCP 4.13.13 cluster on Azure (OVN-K as CNI) using a Load Balancer Service with `externalTrafficPolicy: Local`. UDP Packets correctly arrive to the Node hosting the Pod but the source IP seen by the Pod is the OVN GW Router of the Node.
I've reproduced the customer scenario with the following steps:
- Deploy a blank enviroment on Azure using [demo lab | https://demo.redhat.com/catalog?item=babylon-catalog-prod/azure-gpte.open-environment-azure-subscription.prod&utm_source=webapp&utm_medium=share-link ]
- Install an OCP 4.13.13 cluster with the installer
- Use this GitHub repo to deploy a simple UDP server
- Run `oc apply -f server.yaml` to deploy Deployment and Service resources
- application listens on 10001 for UDP traffic, while the load balancer listens on 10001 for UDP traffic and forward it on 10001 pod port
- Using nc from the bastion host to connect to the external load balancer IP and starting writing something
This is issue is very critical because it is blocking customer business.
- blocks
-
-
- Closed
-
- clones
-
-
- Verified
-
- is blocked by
-
-
- Verified
-
- is cloned by
-
-
- Closed
-
- links to
-
RHSA-2023:7198
OpenShift Container Platform 4.15 security update
