Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-31070

[Whereabouts] Pods can get overlapping addresses regardless of whether "enable_overlapping_ranges" is set to true or false

    XMLWordPrintable

Details

    • Moderate
    • No
    • Rejected
    • True
    • Hide

      Testing blocker

      Show
      Testing blocker

    Description

      Description of problem:

      Pods can get overlapping addresses regardless of whether "enable_overlapping_ranges" is set to true or false

      Version-Release number of selected component (if applicable):

      4.16.0-0.nightly-2024-03-13-061822

      How reproducible:

      Always

      Steps to Reproduce:

      ########## Test log from setting "enable_overlapping_ranges": true
####
Configuring first NetworkAttachmentDefinition CR
oc create -f ip-overlapping-true-net-NAD1.yaml####
Verifying the configued NetworkAttachmentDefinition CR
oc get net-attach-def ip-overlapping-true-1 -o yaml
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  creationTimestamp: "2024-03-19T19:20:33Z"
  generation: 1
  name: ip-overlapping-true-1
  namespace: test
  resourceVersion: "120402"
  uid: 0697b261-bfab-4213-b515-a4cf10a8e70c
spec:
  config: '{ "cniVersion": "0.3.1", "name": "ip-overlapping-true-1", "type": "macvlan",
    "mode": "bridge", "ipam": { "type": "whereabouts", "range": "192.168.20.0/29",
    "enable_overlapping_ranges": true, "network_name": "ip-overlapping-true-1" } }'####
Configuring pods using first additional network
oc create -f ip-overlapping-true-net-POD1.yaml####
Verifying the pods getting the correct IP addresses for secondary interface
$ oc get pod
NAME                                            READY   STATUS    RESTARTS   AGE
ip-overlapping-true-net-pod1-64f86c48d5-7nxp9   1/1     Running   0          9s
ip-overlapping-true-net-pod1-64f86c48d5-7s4rc   1/1     Running   0          9s
ip-overlapping-true-net-pod1-64f86c48d5-g95fp   1/1     Running   0          9s
ip-overlapping-true-net-pod1-64f86c48d5-jsbpx   1/1     Running   0          9s
ip-overlapping-true-net-pod1-64f86c48d5-k47ql   1/1     Running   0          9s
ip-overlapping-true-net-pod1-64f86c48d5-rg9hd   1/1     Running   0          9s$ for podname in `oc get pod -o wide -n test  | grep pod | grep Running | awk '{print $1}'`; do echo $podname; oc -n test exec $podname -- ip a | grep 192.168; done
ip-overlapping-true-net-pod1-64f86c48d5-7nxp9
    inet 192.168.20.4/29 brd 192.168.20.7 scope global net1
ip-overlapping-true-net-pod1-64f86c48d5-7s4rc
    inet 192.168.20.3/29 brd 192.168.20.7 scope global net1
ip-overlapping-true-net-pod1-64f86c48d5-g95fp
    inet 192.168.20.2/29 brd 192.168.20.7 scope global net1
ip-overlapping-true-net-pod1-64f86c48d5-jsbpx
    inet 192.168.20.6/29 brd 192.168.20.7 scope global net1
ip-overlapping-true-net-pod1-64f86c48d5-k47ql
    inet 192.168.20.1/29 brd 192.168.20.7 scope global net1
ip-overlapping-true-net-pod1-64f86c48d5-rg9hd
    inet 192.168.20.5/29 brd 192.168.20.7 scope global net1#### Verifying multus ippools showing correct names
$ oc get overlappingrangeipreservations.whereabouts.cni.cncf.io -A
NAMESPACE          NAME                                 AGE
openshift-multus   ip-overlapping-true-1-192.168.20.1   96s
openshift-multus   ip-overlapping-true-1-192.168.20.2   95s
openshift-multus   ip-overlapping-true-1-192.168.20.3   95s
openshift-multus   ip-overlapping-true-1-192.168.20.4   95s
openshift-multus   ip-overlapping-true-1-192.168.20.5   95s
openshift-multus   ip-overlapping-true-1-192.168.20.6   95s$ oc get ippools --all-namespaces
NAMESPACE          NAME                                    AGE
openshift-multus   ip-overlapping-true-1-192.168.20.0-29   103s####
Configuring secondary NetworkAttachmentDefinition CR
oc create -f ip-overlapping-true-net-NAD2.yaml####
Verifying the secondary configued NetworkAttachmentDefinition CRs
oc get net-attach-def ip-overlapping-true-2 -o yaml
$ oc get net-attach-def ip-overlapping-true-2 -o yaml
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  creationTimestamp: "2024-03-19T19:30:32Z"
  generation: 1
  name: ip-overlapping-true-2
  namespace: test
  resourceVersion: "123641"
  uid: 827a97e8-5d50-4cbb-a4a4-b57ab77f467d
spec:
  config: '{ "cniVersion": "0.3.1", "name": "ip-overlapping-true-2", "type": "macvlan",
    "mode": "bridge", "ipam": { "type": "whereabouts", "range": "192.168.20.0/29",
    "enable_overlapping_ranges": true, "network_name": "ip-overlapping-true-2" } }'####
Configuring pods using secondary additional network
oc create -f ip-overlapping-true-net-POD2.yaml
####
Verifying the pods can not get the correct IP addresses for secondary interface
$ oc get pod
NAME                                            READY   STATUS    RESTARTS   AGE
ip-overlapping-true-net-pod1-64f86c48d5-7nxp9   1/1     Running   0          10m
ip-overlapping-true-net-pod1-64f86c48d5-7s4rc   1/1     Running   0          10m
ip-overlapping-true-net-pod1-64f86c48d5-g95fp   1/1     Running   0          10m
ip-overlapping-true-net-pod1-64f86c48d5-jsbpx   1/1     Running   0          10m
ip-overlapping-true-net-pod1-64f86c48d5-k47ql   1/1     Running   0          10m
ip-overlapping-true-net-pod1-64f86c48d5-rg9hd   1/1     Running   0          10m
ip-overlapping-true-net-pod2-7f9f65cb8f-9n7wd   1/1     Running   0          27s
ip-overlapping-true-net-pod2-7f9f65cb8f-brh2z   1/1     Running   0          27s
ip-overlapping-true-net-pod2-7f9f65cb8f-ksw2l   1/1     Running   0          27s
ip-overlapping-true-net-pod2-7f9f65cb8f-sqnd6   1/1     Running   0          27s
ip-overlapping-true-net-pod2-7f9f65cb8f-t2wjk   1/1     Running   0          27s
ip-overlapping-true-net-pod2-7f9f65cb8f-vj8sx   1/1     Running   0          27s$ for podname in `oc get pod -o wide -n test  | grep pod | grep Running | awk '{print $1}'`; do echo $podname; oc -n test exec $podname -- ip a | grep 192.168; done
ip-overlapping-true-net-pod1-64f86c48d5-7nxp9
    inet 192.168.20.4/29 brd 192.168.20.7 scope global net1
ip-overlapping-true-net-pod1-64f86c48d5-7s4rc
    inet 192.168.20.3/29 brd 192.168.20.7 scope global net1
ip-overlapping-true-net-pod1-64f86c48d5-g95fp
    inet 192.168.20.2/29 brd 192.168.20.7 scope global net1
ip-overlapping-true-net-pod1-64f86c48d5-jsbpx
    inet 192.168.20.6/29 brd 192.168.20.7 scope global net1
ip-overlapping-true-net-pod1-64f86c48d5-k47ql
    inet 192.168.20.1/29 brd 192.168.20.7 scope global net1
ip-overlapping-true-net-pod1-64f86c48d5-rg9hd
    inet 192.168.20.5/29 brd 192.168.20.7 scope global net1
ip-overlapping-true-net-pod2-7f9f65cb8f-9n7wd
    inet 192.168.20.6/29 brd 192.168.20.7 scope global net1
ip-overlapping-true-net-pod2-7f9f65cb8f-brh2z
    inet 192.168.20.5/29 brd 192.168.20.7 scope global net1
ip-overlapping-true-net-pod2-7f9f65cb8f-ksw2l
    inet 192.168.20.2/29 brd 192.168.20.7 scope global net1
ip-overlapping-true-net-pod2-7f9f65cb8f-sqnd6
    inet 192.168.20.3/29 brd 192.168.20.7 scope global net1
ip-overlapping-true-net-pod2-7f9f65cb8f-t2wjk
    inet 192.168.20.4/29 brd 192.168.20.7 scope global net1
ip-overlapping-true-net-pod2-7f9f65cb8f-vj8sx
    inet 192.168.20.1/29 brd 192.168.20.7 scope global net1#### Verifying multus ippools showing correct names
$ oc get overlappingrangeipreservations.whereabouts.cni.cncf.io -A
NAMESPACE          NAME                                 AGE
openshift-multus   ip-overlapping-true-1-192.168.20.1   14m
openshift-multus   ip-overlapping-true-1-192.168.20.2   14m
openshift-multus   ip-overlapping-true-1-192.168.20.3   14m
openshift-multus   ip-overlapping-true-1-192.168.20.4   14m
openshift-multus   ip-overlapping-true-1-192.168.20.5   14m
openshift-multus   ip-overlapping-true-1-192.168.20.6   14m
openshift-multus   ip-overlapping-true-2-192.168.20.1   5m1s
openshift-multus   ip-overlapping-true-2-192.168.20.2   5m1s
openshift-multus   ip-overlapping-true-2-192.168.20.3   5m1s
openshift-multus   ip-overlapping-true-2-192.168.20.4   5m
openshift-multus   ip-overlapping-true-2-192.168.20.5   5m
openshift-multus   ip-overlapping-true-2-192.168.20.6   5m
$ oc get ippools --all-namespaces
NAMESPACE          NAME                                    AGE
openshift-multus   ip-overlapping-true-1-192.168.20.0-29   14m
openshift-multus   ip-overlapping-true-2-192.168.20.0-29   5m9s


########## Test log from setting "enable_overlapping_ranges": false
####
Configuring first NetworkAttachmentDefinition CR
oc create -f ip-overlapping-false-net-NAD1.yaml####
Verifying the configued NetworkAttachmentDefinition CR
oc get net-attach-def ip-overlapping-false-1 -o yaml$ oc get net-attach-def ip-overlapping-false-1 -o yaml
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  creationTimestamp: "2024-03-19T20:07:07Z"
  generation: 1
  name: ip-overlapping-false-1
  namespace: test
  resourceVersion: "135576"
  uid: fb2367eb-e84d-4042-96d7-392514488392
spec:
  config: '{ "cniVersion": "0.3.1", "name": "ip-overlapping-false-1", "type": "macvlan",
    "mode": "bridge", "ipam": { "type": "whereabouts", "range": "192.168.20.0/29",
    "enable_overlapping_ranges": false, "network_name": "ip-overlapping-false-1" }
    }'####
Configuring pods using first additional network
oc create -f ip-overlapping-false-net-POD1.yaml####
Verifying the pods getting the correct IP addresses for secondary interface
$ oc get pod
NAME                                             READY   STATUS    RESTARTS   AGE
ip-overlapping-false-net-pod1-84d7895c87-74qgm   1/1     Running   0          48s
ip-overlapping-false-net-pod1-84d7895c87-7qh9t   1/1     Running   0          48s
ip-overlapping-false-net-pod1-84d7895c87-8l5r9   1/1     Running   0          48s
ip-overlapping-false-net-pod1-84d7895c87-q5rdm   1/1     Running   0          48s
ip-overlapping-false-net-pod1-84d7895c87-tlxmf   1/1     Running   0          48s
ip-overlapping-false-net-pod1-84d7895c87-x2qr5   1/1     Running   0          48s
$ for podname in `oc get pod -o wide -n test  | grep pod | grep Running | awk '{print $1}'`; do echo $podname; oc -n test exec $podname -- ip a | grep 192.168; done
ip-overlapping-false-net-pod1-84d7895c87-74qgm
    inet 192.168.20.4/29 brd 192.168.20.7 scope global net1
ip-overlapping-false-net-pod1-84d7895c87-7qh9t
    inet 192.168.20.5/29 brd 192.168.20.7 scope global net1
ip-overlapping-false-net-pod1-84d7895c87-8l5r9
    inet 192.168.20.1/29 brd 192.168.20.7 scope global net1
ip-overlapping-false-net-pod1-84d7895c87-q5rdm
    inet 192.168.20.6/29 brd 192.168.20.7 scope global net1
ip-overlapping-false-net-pod1-84d7895c87-tlxmf
    inet 192.168.20.3/29 brd 192.168.20.7 scope global net1
ip-overlapping-false-net-pod1-84d7895c87-x2qr5
    inet 192.168.20.2/29 brd 192.168.20.7 scope global net1
#### Verifying multus ippools showing correct names
$ oc get overlappingrangeipreservations.whereabouts.cni.cncf.io -A
No resources found$ oc get ippools --all-namespaces
NAMESPACE          NAME                                     AGE
openshift-multus   ip-overlapping-false-1-192.168.20.0-29   3m12s
####
Configuring secondary NetworkAttachmentDefinition CR
oc create -f ip-overlapping-false-net-NAD2.yaml####
Verifying the secondary configued NetworkAttachmentDefinition CRs
oc get net-attach-def ip-overlapping-false-2 -o yaml
$ oc get net-attach-def ip-overlapping-false-2 -o yaml
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  creationTimestamp: "2024-03-19T20:11:29Z"
  generation: 1
  name: ip-overlapping-false-2
  namespace: test
  resourceVersion: "137018"
  uid: 022877c5-d9fc-4665-833a-e37687e614c5
spec:
  config: '{ "cniVersion": "0.3.1", "name": "ip-overlapping-false-2", "type": "macvlan",
    "mode": "bridge", "ipam": { "type": "whereabouts", "range": "192.168.20.0/29",
    "enable_overlapping_ranges": false, "network_name": "ip-overlapping-false-2" }
    }'
####
Configuring pods using secondary additional network
oc create -f ip-overlapping-false-net-POD2.yaml####
Verifying the pods can not get the correct IP addresses for secondary interface$ for podname in `oc get pod -o wide -n test  | grep pod | grep Running | awk '{print $1}'`; do echo $podname; oc -n test exec $podname -- ip a | grep 192.168; done
ip-overlapping-false-net-pod1-84d7895c87-74qgm
    inet 192.168.20.4/29 brd 192.168.20.7 scope global net1
ip-overlapping-false-net-pod1-84d7895c87-7qh9t
    inet 192.168.20.5/29 brd 192.168.20.7 scope global net1
ip-overlapping-false-net-pod1-84d7895c87-8l5r9
    inet 192.168.20.1/29 brd 192.168.20.7 scope global net1
ip-overlapping-false-net-pod1-84d7895c87-q5rdm
    inet 192.168.20.6/29 brd 192.168.20.7 scope global net1
ip-overlapping-false-net-pod1-84d7895c87-tlxmf
    inet 192.168.20.3/29 brd 192.168.20.7 scope global net1
ip-overlapping-false-net-pod1-84d7895c87-x2qr5
    inet 192.168.20.2/29 brd 192.168.20.7 scope global net1
ip-overlapping-false-net-pod2-57957c545f-5rtj7
    inet 192.168.20.3/29 brd 192.168.20.7 scope global net1
ip-overlapping-false-net-pod2-57957c545f-866sh
    inet 192.168.20.4/29 brd 192.168.20.7 scope global net1
ip-overlapping-false-net-pod2-57957c545f-mttsr
    inet 192.168.20.1/29 brd 192.168.20.7 scope global net1
ip-overlapping-false-net-pod2-57957c545f-q7zjq
    inet 192.168.20.6/29 brd 192.168.20.7 scope global net1
ip-overlapping-false-net-pod2-57957c545f-tspwt
    inet 192.168.20.2/29 brd 192.168.20.7 scope global net1
ip-overlapping-false-net-pod2-57957c545f-vjsw7
    inet 192.168.20.5/29 brd 192.168.20.7 scope global net1#### Verifying multus ippools showing correct names
$ oc get overlappingrangeipreservations.whereabouts.cni.cncf.io -A
No resources found
$ oc get ippools --all-namespaces
NAMESPACE          NAME                                     AGE
openshift-multus   ip-overlapping-false-1-192.168.20.0-29   5m44s
openshift-multus   ip-overlapping-false-2-192.168.20.0-29   98s
      

      Actual results:

      Pods can get overlapping address when setting "enable_overlapping_ranges": true  

      Expected results:

      The overlapping ranges feature is enabled by default, and will not allow an IP address to be re-assigned across two different ranges which overlap. However, this can be disabled.
* `enable_overlapping_ranges`: *(boolean)* Checks to see if an IP has been allocated across another range before assigning it (defaults to `true`).    

      Additional info:

      Attachments

        Activity

          People

            dosmith Douglas Smith
            weliang1@redhat.com Weibin Liang
            Weibin Liang Weibin Liang
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: