Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.16
-
Moderate
-
No
-
Rejected
-
True
-
Description
Description of problem:
Pods can get overlapping addresses regardless of whether "enable_overlapping_ranges" is set to true or false
Version-Release number of selected component (if applicable):
4.16.0-0.nightly-2024-03-13-061822
How reproducible:
Always
Steps to Reproduce:
########## Test log from setting "enable_overlapping_ranges": true #### Configuring first NetworkAttachmentDefinition CR oc create -f ip-overlapping-true-net-NAD1.yaml#### Verifying the configued NetworkAttachmentDefinition CR oc get net-attach-def ip-overlapping-true-1 -o yaml apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: creationTimestamp: "2024-03-19T19:20:33Z" generation: 1 name: ip-overlapping-true-1 namespace: test resourceVersion: "120402" uid: 0697b261-bfab-4213-b515-a4cf10a8e70c spec: config: '{ "cniVersion": "0.3.1", "name": "ip-overlapping-true-1", "type": "macvlan", "mode": "bridge", "ipam": { "type": "whereabouts", "range": "192.168.20.0/29", "enable_overlapping_ranges": true, "network_name": "ip-overlapping-true-1" } }'#### Configuring pods using first additional network oc create -f ip-overlapping-true-net-POD1.yaml#### Verifying the pods getting the correct IP addresses for secondary interface $ oc get pod NAME READY STATUS RESTARTS AGE ip-overlapping-true-net-pod1-64f86c48d5-7nxp9 1/1 Running 0 9s ip-overlapping-true-net-pod1-64f86c48d5-7s4rc 1/1 Running 0 9s ip-overlapping-true-net-pod1-64f86c48d5-g95fp 1/1 Running 0 9s ip-overlapping-true-net-pod1-64f86c48d5-jsbpx 1/1 Running 0 9s ip-overlapping-true-net-pod1-64f86c48d5-k47ql 1/1 Running 0 9s ip-overlapping-true-net-pod1-64f86c48d5-rg9hd 1/1 Running 0 9s$ for podname in `oc get pod -o wide -n test | grep pod | grep Running | awk '{print $1}'`; do echo $podname; oc -n test exec $podname -- ip a | grep 192.168; done ip-overlapping-true-net-pod1-64f86c48d5-7nxp9 inet 192.168.20.4/29 brd 192.168.20.7 scope global net1 ip-overlapping-true-net-pod1-64f86c48d5-7s4rc inet 192.168.20.3/29 brd 192.168.20.7 scope global net1 ip-overlapping-true-net-pod1-64f86c48d5-g95fp inet 192.168.20.2/29 brd 192.168.20.7 scope global net1 ip-overlapping-true-net-pod1-64f86c48d5-jsbpx inet 192.168.20.6/29 brd 192.168.20.7 scope global net1 ip-overlapping-true-net-pod1-64f86c48d5-k47ql inet 192.168.20.1/29 brd 192.168.20.7 scope global net1 ip-overlapping-true-net-pod1-64f86c48d5-rg9hd inet 192.168.20.5/29 brd 192.168.20.7 scope global net1#### Verifying multus ippools showing correct names $ oc get overlappingrangeipreservations.whereabouts.cni.cncf.io -A NAMESPACE NAME AGE openshift-multus ip-overlapping-true-1-192.168.20.1 96s openshift-multus ip-overlapping-true-1-192.168.20.2 95s openshift-multus ip-overlapping-true-1-192.168.20.3 95s openshift-multus ip-overlapping-true-1-192.168.20.4 95s openshift-multus ip-overlapping-true-1-192.168.20.5 95s openshift-multus ip-overlapping-true-1-192.168.20.6 95s$ oc get ippools --all-namespaces NAMESPACE NAME AGE openshift-multus ip-overlapping-true-1-192.168.20.0-29 103s#### Configuring secondary NetworkAttachmentDefinition CR oc create -f ip-overlapping-true-net-NAD2.yaml#### Verifying the secondary configued NetworkAttachmentDefinition CRs oc get net-attach-def ip-overlapping-true-2 -o yaml $ oc get net-attach-def ip-overlapping-true-2 -o yaml apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: creationTimestamp: "2024-03-19T19:30:32Z" generation: 1 name: ip-overlapping-true-2 namespace: test resourceVersion: "123641" uid: 827a97e8-5d50-4cbb-a4a4-b57ab77f467d spec: config: '{ "cniVersion": "0.3.1", "name": "ip-overlapping-true-2", "type": "macvlan", "mode": "bridge", "ipam": { "type": "whereabouts", "range": "192.168.20.0/29", "enable_overlapping_ranges": true, "network_name": "ip-overlapping-true-2" } }'#### Configuring pods using secondary additional network oc create -f ip-overlapping-true-net-POD2.yaml #### Verifying the pods can not get the correct IP addresses for secondary interface $ oc get pod NAME READY STATUS RESTARTS AGE ip-overlapping-true-net-pod1-64f86c48d5-7nxp9 1/1 Running 0 10m ip-overlapping-true-net-pod1-64f86c48d5-7s4rc 1/1 Running 0 10m ip-overlapping-true-net-pod1-64f86c48d5-g95fp 1/1 Running 0 10m ip-overlapping-true-net-pod1-64f86c48d5-jsbpx 1/1 Running 0 10m ip-overlapping-true-net-pod1-64f86c48d5-k47ql 1/1 Running 0 10m ip-overlapping-true-net-pod1-64f86c48d5-rg9hd 1/1 Running 0 10m ip-overlapping-true-net-pod2-7f9f65cb8f-9n7wd 1/1 Running 0 27s ip-overlapping-true-net-pod2-7f9f65cb8f-brh2z 1/1 Running 0 27s ip-overlapping-true-net-pod2-7f9f65cb8f-ksw2l 1/1 Running 0 27s ip-overlapping-true-net-pod2-7f9f65cb8f-sqnd6 1/1 Running 0 27s ip-overlapping-true-net-pod2-7f9f65cb8f-t2wjk 1/1 Running 0 27s ip-overlapping-true-net-pod2-7f9f65cb8f-vj8sx 1/1 Running 0 27s$ for podname in `oc get pod -o wide -n test | grep pod | grep Running | awk '{print $1}'`; do echo $podname; oc -n test exec $podname -- ip a | grep 192.168; done ip-overlapping-true-net-pod1-64f86c48d5-7nxp9 inet 192.168.20.4/29 brd 192.168.20.7 scope global net1 ip-overlapping-true-net-pod1-64f86c48d5-7s4rc inet 192.168.20.3/29 brd 192.168.20.7 scope global net1 ip-overlapping-true-net-pod1-64f86c48d5-g95fp inet 192.168.20.2/29 brd 192.168.20.7 scope global net1 ip-overlapping-true-net-pod1-64f86c48d5-jsbpx inet 192.168.20.6/29 brd 192.168.20.7 scope global net1 ip-overlapping-true-net-pod1-64f86c48d5-k47ql inet 192.168.20.1/29 brd 192.168.20.7 scope global net1 ip-overlapping-true-net-pod1-64f86c48d5-rg9hd inet 192.168.20.5/29 brd 192.168.20.7 scope global net1 ip-overlapping-true-net-pod2-7f9f65cb8f-9n7wd inet 192.168.20.6/29 brd 192.168.20.7 scope global net1 ip-overlapping-true-net-pod2-7f9f65cb8f-brh2z inet 192.168.20.5/29 brd 192.168.20.7 scope global net1 ip-overlapping-true-net-pod2-7f9f65cb8f-ksw2l inet 192.168.20.2/29 brd 192.168.20.7 scope global net1 ip-overlapping-true-net-pod2-7f9f65cb8f-sqnd6 inet 192.168.20.3/29 brd 192.168.20.7 scope global net1 ip-overlapping-true-net-pod2-7f9f65cb8f-t2wjk inet 192.168.20.4/29 brd 192.168.20.7 scope global net1 ip-overlapping-true-net-pod2-7f9f65cb8f-vj8sx inet 192.168.20.1/29 brd 192.168.20.7 scope global net1#### Verifying multus ippools showing correct names $ oc get overlappingrangeipreservations.whereabouts.cni.cncf.io -A NAMESPACE NAME AGE openshift-multus ip-overlapping-true-1-192.168.20.1 14m openshift-multus ip-overlapping-true-1-192.168.20.2 14m openshift-multus ip-overlapping-true-1-192.168.20.3 14m openshift-multus ip-overlapping-true-1-192.168.20.4 14m openshift-multus ip-overlapping-true-1-192.168.20.5 14m openshift-multus ip-overlapping-true-1-192.168.20.6 14m openshift-multus ip-overlapping-true-2-192.168.20.1 5m1s openshift-multus ip-overlapping-true-2-192.168.20.2 5m1s openshift-multus ip-overlapping-true-2-192.168.20.3 5m1s openshift-multus ip-overlapping-true-2-192.168.20.4 5m openshift-multus ip-overlapping-true-2-192.168.20.5 5m openshift-multus ip-overlapping-true-2-192.168.20.6 5m $ oc get ippools --all-namespaces NAMESPACE NAME AGE openshift-multus ip-overlapping-true-1-192.168.20.0-29 14m openshift-multus ip-overlapping-true-2-192.168.20.0-29 5m9s ########## Test log from setting "enable_overlapping_ranges": false #### Configuring first NetworkAttachmentDefinition CR oc create -f ip-overlapping-false-net-NAD1.yaml#### Verifying the configued NetworkAttachmentDefinition CR oc get net-attach-def ip-overlapping-false-1 -o yaml$ oc get net-attach-def ip-overlapping-false-1 -o yaml apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: creationTimestamp: "2024-03-19T20:07:07Z" generation: 1 name: ip-overlapping-false-1 namespace: test resourceVersion: "135576" uid: fb2367eb-e84d-4042-96d7-392514488392 spec: config: '{ "cniVersion": "0.3.1", "name": "ip-overlapping-false-1", "type": "macvlan", "mode": "bridge", "ipam": { "type": "whereabouts", "range": "192.168.20.0/29", "enable_overlapping_ranges": false, "network_name": "ip-overlapping-false-1" } }'#### Configuring pods using first additional network oc create -f ip-overlapping-false-net-POD1.yaml#### Verifying the pods getting the correct IP addresses for secondary interface $ oc get pod NAME READY STATUS RESTARTS AGE ip-overlapping-false-net-pod1-84d7895c87-74qgm 1/1 Running 0 48s ip-overlapping-false-net-pod1-84d7895c87-7qh9t 1/1 Running 0 48s ip-overlapping-false-net-pod1-84d7895c87-8l5r9 1/1 Running 0 48s ip-overlapping-false-net-pod1-84d7895c87-q5rdm 1/1 Running 0 48s ip-overlapping-false-net-pod1-84d7895c87-tlxmf 1/1 Running 0 48s ip-overlapping-false-net-pod1-84d7895c87-x2qr5 1/1 Running 0 48s $ for podname in `oc get pod -o wide -n test | grep pod | grep Running | awk '{print $1}'`; do echo $podname; oc -n test exec $podname -- ip a | grep 192.168; done ip-overlapping-false-net-pod1-84d7895c87-74qgm inet 192.168.20.4/29 brd 192.168.20.7 scope global net1 ip-overlapping-false-net-pod1-84d7895c87-7qh9t inet 192.168.20.5/29 brd 192.168.20.7 scope global net1 ip-overlapping-false-net-pod1-84d7895c87-8l5r9 inet 192.168.20.1/29 brd 192.168.20.7 scope global net1 ip-overlapping-false-net-pod1-84d7895c87-q5rdm inet 192.168.20.6/29 brd 192.168.20.7 scope global net1 ip-overlapping-false-net-pod1-84d7895c87-tlxmf inet 192.168.20.3/29 brd 192.168.20.7 scope global net1 ip-overlapping-false-net-pod1-84d7895c87-x2qr5 inet 192.168.20.2/29 brd 192.168.20.7 scope global net1 #### Verifying multus ippools showing correct names $ oc get overlappingrangeipreservations.whereabouts.cni.cncf.io -A No resources found$ oc get ippools --all-namespaces NAMESPACE NAME AGE openshift-multus ip-overlapping-false-1-192.168.20.0-29 3m12s #### Configuring secondary NetworkAttachmentDefinition CR oc create -f ip-overlapping-false-net-NAD2.yaml#### Verifying the secondary configued NetworkAttachmentDefinition CRs oc get net-attach-def ip-overlapping-false-2 -o yaml $ oc get net-attach-def ip-overlapping-false-2 -o yaml apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: creationTimestamp: "2024-03-19T20:11:29Z" generation: 1 name: ip-overlapping-false-2 namespace: test resourceVersion: "137018" uid: 022877c5-d9fc-4665-833a-e37687e614c5 spec: config: '{ "cniVersion": "0.3.1", "name": "ip-overlapping-false-2", "type": "macvlan", "mode": "bridge", "ipam": { "type": "whereabouts", "range": "192.168.20.0/29", "enable_overlapping_ranges": false, "network_name": "ip-overlapping-false-2" } }' #### Configuring pods using secondary additional network oc create -f ip-overlapping-false-net-POD2.yaml#### Verifying the pods can not get the correct IP addresses for secondary interface$ for podname in `oc get pod -o wide -n test | grep pod | grep Running | awk '{print $1}'`; do echo $podname; oc -n test exec $podname -- ip a | grep 192.168; done ip-overlapping-false-net-pod1-84d7895c87-74qgm inet 192.168.20.4/29 brd 192.168.20.7 scope global net1 ip-overlapping-false-net-pod1-84d7895c87-7qh9t inet 192.168.20.5/29 brd 192.168.20.7 scope global net1 ip-overlapping-false-net-pod1-84d7895c87-8l5r9 inet 192.168.20.1/29 brd 192.168.20.7 scope global net1 ip-overlapping-false-net-pod1-84d7895c87-q5rdm inet 192.168.20.6/29 brd 192.168.20.7 scope global net1 ip-overlapping-false-net-pod1-84d7895c87-tlxmf inet 192.168.20.3/29 brd 192.168.20.7 scope global net1 ip-overlapping-false-net-pod1-84d7895c87-x2qr5 inet 192.168.20.2/29 brd 192.168.20.7 scope global net1 ip-overlapping-false-net-pod2-57957c545f-5rtj7 inet 192.168.20.3/29 brd 192.168.20.7 scope global net1 ip-overlapping-false-net-pod2-57957c545f-866sh inet 192.168.20.4/29 brd 192.168.20.7 scope global net1 ip-overlapping-false-net-pod2-57957c545f-mttsr inet 192.168.20.1/29 brd 192.168.20.7 scope global net1 ip-overlapping-false-net-pod2-57957c545f-q7zjq inet 192.168.20.6/29 brd 192.168.20.7 scope global net1 ip-overlapping-false-net-pod2-57957c545f-tspwt inet 192.168.20.2/29 brd 192.168.20.7 scope global net1 ip-overlapping-false-net-pod2-57957c545f-vjsw7 inet 192.168.20.5/29 brd 192.168.20.7 scope global net1#### Verifying multus ippools showing correct names $ oc get overlappingrangeipreservations.whereabouts.cni.cncf.io -A No resources found $ oc get ippools --all-namespaces NAMESPACE NAME AGE openshift-multus ip-overlapping-false-1-192.168.20.0-29 5m44s openshift-multus ip-overlapping-false-2-192.168.20.0-29 98s
Actual results:
Pods can get overlapping address when setting "enable_overlapping_ranges": true
Expected results:
The overlapping ranges feature is enabled by default, and will not allow an IP address to be re-assigned across two different ranges which overlap. However, this can be disabled. * `enable_overlapping_ranges`: *(boolean)* Checks to see if an IP has been allocated across another range before assigning it (defaults to `true`).
Additional info: