Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-43323

[Docs] IPsec upgrade from 4.14 to 4.15 pods losing connectivity

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • 4.15
    • Documentation / SDN
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • Hide
      During an upgrade from 4.14 to 4.15, cluster nodes are rebooted and IPsec pods are restarted. There is currently a known issue that is causing the restarted IPsec pods to not establish IPsec security association (SA). As a consequence, pod-to-pod communication is broken between nodes in which the pod traffic flows over the IPsec tunnel. This happens on both newly installed 4.15 clusters, during the upgrade process from 4.14 to 4.15, as well as when IPsec pods are restarted.
      Show
      During an upgrade from 4.14 to 4.15, cluster nodes are rebooted and IPsec pods are restarted. There is currently a known issue that is causing the restarted IPsec pods to not establish IPsec security association (SA). As a consequence, pod-to-pod communication is broken between nodes in which the pod traffic flows over the IPsec tunnel. This happens on both newly installed 4.15 clusters, during the upgrade process from 4.14 to 4.15, as well as when IPsec pods are restarted.
    • Known Issue
    • In Progress

      Description of problem:

      
      Cause:
      During 4.14 to 4.15 IPsec upgrade, there are two occasions cluster nodes get rebooted which causes IPsec pod also get restarted, This causes IPsec SA is not established between some nodes. This may happen on a freshly installed >=4.15 cluster as well when IPsec pods are restarted.
      Consequence:
      Since IPsec SA is not established between nodes, pod to pod communication is completely broken between those nodes because pod traffic flows over via IPsec tunnel.
      Fix
      We are actively working to find out root cause and providing resolution for the problem.

      Version-Release number of selected component (if applicable):

          

      How reproducible:

          

      Steps to Reproduce:

          1.
          2.
          3.
          

      Actual results:

          

      Expected results:

          

      Additional info:

          

            jaldinge@redhat.com Joe Aldinger
            jaldinge@redhat.com Joe Aldinger
            Zenghui Shi Zenghui Shi
            Votes:
            0 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: