Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-44240

Setting ESP offload off for bonds does not work reliably

XMLWordPrintable

    • None
    • SDN Sprint 262
    • 1
    • Proposed
    • False
    • Hide

      None

      Show
      None
    • Hide
      Previously, enabling Encapsulated Security Payload (ESP) hardware offload by using IPSec on attached interfaces in Open vSwitch (OVS) interrupted connectivity because of a bug in OVS. With this release, OpenShift Container Platform automatically disables ESP hardware offload on the OVS-attached interfaces so that the issue is resolved. (link:https://issues.redhat.com/browse/OCPBUGS-44240[*OCPBUGS-44240*])
      Show
      Previously, enabling Encapsulated Security Payload (ESP) hardware offload by using IPSec on attached interfaces in Open vSwitch (OVS) interrupted connectivity because of a bug in OVS. With this release, OpenShift Container Platform automatically disables ESP hardware offload on the OVS-attached interfaces so that the issue is resolved. (link: https://issues.redhat.com/browse/OCPBUGS-44240 [* OCPBUGS-44240 *])
    • Bug Fix
    • Done

      This is a clone of issue OCPBUGS-44043. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-43917. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-42987. The following is the description of the original issue:

      It is been observed that the esp_offload kernel module might be loaded by libreswan even if bond ESP offloads have been correctly turned off.

      This might be because ipsec service and configure-ovs run at the same time, so it is possible that ipsec service starts when bond offloads are not yet turned off and trick libreswan into thinking they should be used.

      The potential fix would be to run ipsec service after configure-ovs.

              jcaamano@redhat.com Jaime CaamaƱo Ruiz
              openshift-crt-jira-prow OpenShift Prow Bot
              Ross Brattain Ross Brattain
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: