Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-46040

one load balancer's ipv6 listening address(fd01:0:0:1::2) don't work as expected

XMLWordPrintable

    • Important
    • None
    • 1
    • uShift Sprint 263, uShift Sprint 264
    • 2
    • False
    • Hide

      None

      Show
      None
    • Hide
      *Cause*: What actions or circumstances cause this bug to present.
      *Consequence*: What happens when the bug presents.
      *Fix*: What was done to fix the bug.
      *Result*: Bug doesn’t present anymore.
      Show
      *Cause*: What actions or circumstances cause this bug to present. *Consequence*: What happens when the bug presents. *Fix*: What was done to fix the bug. *Result*: Bug doesn’t present anymore.
    • Release Note Not Required
    • In Progress

      This is a clone of issue OCPBUGS-45192. The following is the description of the original issue:

      Description of problem:

          OCP-73203 failed in a ginkgo test on an ipv6 miscorshift cluster(https://mastern-jenkins-csb-openshift-qe.apps.ocp-c1.prod.psi.redhat.com/job/ocp-common/job/ginkgo-test/279284/console)

From the below logs: it looked like load balancer [fd02::1:0]:10080 didn't work well:(in the test run, specified ipv6 address fd02::1:0 and port 10080)

11-27 11:03:46.346      I1127 03:02:01.119331 4197 client.go:835] Running 'oc --kubeconfig=/home/jenkins/kubeconf/kubeconfig exec -n e2e-ne-ocp73203-n1kdnxvv hello-pod -- curl http://service-unsecure1-ocp73203.apps.example.com:10080 -I --resolve service-unsecure1-ocp73203.apps.example.com:10080:fd02::1:0 --connect-timeout 10'
11-27 11:03:46.346      I1127 03:02:04.299326 4197 client.go:835] Running 'oc --kubeconfig=/home/jenkins/kubeconf/kubeconfig exec -n e2e-ne-ocp73203-n1kdnxvv hello-pod -- curl http://service-unsecure1-ocp73203.apps.example.com:10080 -I --resolve service-unsecure1-ocp73203.apps.example.com:10080:fd02::1:0 --connect-timeout 10'

11-27 11:03:46.346          {
11-27 11:03:46.346              s: "case: [sig-network-edge] Network_Edge should MicroShiftOnly-Author:shudili-NonPreRelease-Longduration-High-73203-configuring listening IP addresses and listening Ports [Disruptive]\nerror: max time reached but can't execute the cmd successfully for the desired times",
11-27 11:03:46.346          }

      Version-Release number of selected component (if applicable):

          4.17

      How reproducible:

      100% in the cluster

      Steps to Reproduce:

      1. create pods, a service and a route
% oc -n test get route NAME               HOST                                     ADMITTED   SERVICE            TLS service-unsecure   service-unsecure-test.apps.example.com   True       service-unsecure  
 
% oc -n test get ep service-unsecure NAME               ENDPOINTS               AGE service-unsecure   [fd01:0:0:1::13]:8080   6d14h

2. debug node, added the listen port and restart the service
% oc debug node/microshift-dev.local
sh-4.4# chroot /host
sh-5.1# cd /etc/microshift/
sh-5.1# cat config.yaml
apiServer:
    # SubjectAltNames added to API server certs
    subjectAltNames: [dhcp-1-235-194.arm.eng.rdu2.redhat.com,microshift-dev.local,microshift-dev.local,microshift-dev.local,microshift-dev.local,microshift-dev.local,2620:52:0:1eb:6a1:1b78:8b99:d1c3,10.1.235.194]
network:
    clusterNetwork:
        - fd01::/48
    serviceNetwork:
        - fd02::/112
node:
    nodeIP: 2620:52:0:1eb:6a1:1b78:8b99:d1c3
ingress:        
    ports:
        http: 10080
        https: 10443
sh-5.1# sudo systemctl restart microshift

3.     
% oc -n openshift-ingress get svc
NAME                      TYPE           CLUSTER-IP   EXTERNAL-IP                                                PORT(S)                           AGE
router-default            LoadBalancer   fd02::ddd1   2620:52:0:1eb:6a1:1b78:8b99:d1c3,fd01:0:0:1::2,fd02::1:0   10080:31921/TCP,10443:31772/TCP   2d
router-internal-default   ClusterIP      fd02::a18d   <none>                                                     80/TCP,443/TCP,1936/TCP           2d

4. rsh to a client pod, curl the route with all the ipv6 address of the load balancer, all were passed, except fd01:0:0:1::2
% oc -n test rsh centos-pod 
sh-4.4# curl http://service-unsecure-test.apps.example.com:10080 --resolve service-unsecure-test.apps.example.com:10080:[2620:52:0:1eb:6a1:1b78:8b99:d1c3]
Hello-OpenShift web-server-rc-dc76n http-8080
sh-4.4# 
sh-4.4# curl http://service-unsecure-test.apps.example.com:10080 --resolve service-unsecure-test.apps.example.com:10080:[fd02::1:0]
Hello-OpenShift web-server-rc-dc76n http-8080
sh-4.4# 
sh-4.4# curl http://service-unsecure-test.apps.example.com:10080 --resolve service-unsecure-test.apps.example.com:10080:[fd01:0:0:1::2]
curl: (7) Failed to connect to service-unsecure-test.apps.example.com port 10080: Permission denied
sh-4.4#

      Actual results:

          curl route with destination fd01:0:0:1::2 was failed

      Expected results:

      sh-4.4# curl http://service-unsecure-test.apps.example.com:10080 --resolve service-unsecure-test.apps.example.com:10080:[fd01:0:0:1::2]    
Hello-OpenShift web-server-rc-dc76n http-8080

      Additional info:

              pacevedo@redhat.com Pablo Acevedo Montserrat
              openshift-crt-jira-prow OpenShift Prow Bot
              Shudi Li Shudi Li
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: