Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-37541

No response from applications exposed via NodePort when client ephemeral port is 22623 or 22624

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Critical
    • Yes
    • None
    • CNF Network Sprint 257
    • 1
    • +
    • Done
    • Release Note Not Required
    • N/A

      Description of problem:
      Apps exposed via NodePort do not return responses to client requests if the client's ephemeral port is 22623 or 22624.
      When testing with curl command specifying the local port as shown below, a response is returned if the ephemeral port is 22622 or 22626, but it times out if the ephemeral port is 22623 or 22624.

      [root@bastion ~]# for i in {22622..22626}; do echo localport:${i}; curl -m 10 -I 10.0.0.20:32325 --local-port ${i}; done
localport:22622
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 25 Jul 2024 07:44:22 GMT
Content-Type: text/html
Content-Length: 37451
Last-Modified: Wed, 24 Jul 2024 12:20:19 GMT
Connection: keep-alive
ETag: "66a0f183-924b"
Accept-Ranges: bytes
localport:22623
curl: (28) Connection timed out after 10001 milliseconds
localport:22624
curl: (28) Connection timed out after 10000 milliseconds
localport:22625
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 25 Jul 2024 07:44:42 GMT
Content-Type: text/html
Content-Length: 37451
Last-Modified: Wed, 24 Jul 2024 12:20:19 GMT
Connection: keep-alive
ETag: "66a0f183-924b"
Accept-Ranges: bytes
localport:22626
HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 25 Jul 2024 07:44:42 GMT
Content-Type: text/html
Content-Length: 37451
Last-Modified: Wed, 24 Jul 2024 12:20:19 GMT
Connection: keep-alive
ETag: "66a0f183-924b"
Accept-Ranges: bytes

      This issue has been occurring since upgrading to version 4.16. Confirmed that it does not occur in versions 4.14 and 4.12.

      Version-Release number of selected component (if applicable):
      OCP 4.16

      How reproducible:
      100%

      Steps to Reproduce:
      1. Prepare a 4.16 cluster.
      2. Launch any web app pod (nginx, httpd, etc.).
      3. Expose the application externally using NodePort.
      4. Access the URL using curl --local-port option to specify 22623 or 22624.

      Actual results:
      No response is returned from the exposed application when the ephemeral port is 22623 or 22624.

      Expected results:
      A response is returned regardless of the ephemeral port.

      Additional info:
      This issue started occurring from version 4.16, so it is possible that this is due to changes in RHEL 9.4, particularly those related to nftables.

              carlosgoncalves Carlos Goncalves
              rhn-support-yuokada Yuki Okada
              None
              Dan Winship
              Huiran Wang Huiran Wang
              None
              Votes:
              0 Vote for this issue
              Watchers:
              16 Start watching this issue

                Created:
                Updated:
                Resolved: