Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-48796

BFD configuraion need to match between frr-k8s and MetalLb by default

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • 4.16, 4.17, 4.18, 4.19
    • Networking / Metal LB
    • None
    • None
    • False
    • Hide

      None

      Show
      None

      Description of problem:

          When in a cluster it is required to configure frr-k8s to learn via BGP some prefixes from peers, and the same peers are used by MetalLB to publish some LoadBalancer services via BGP as well, in the configuration it is mandatory to configure the BFD profile that match in both configuration. From the user experience perspective it is hidden that we must configure that.

      Version-Release number of selected component (if applicable):

          OpenShift 4.16+

      How reproducible:

          This is happening always that you configure frrconfig and use MetalLB with frr-k8s as backend, using the same peers without specify the BFD profile settins within the frrconfig.

      Steps to Reproduce:

          1.Configure MetalLB using frr-k8s as backend
    2.Configure MetalLB BGPPeers, BFDProfile, BGPAdvertisements and ipAddressPools to allow the creation of LoadBlanaced services to publish pods port to outside the cluster using BGP. IMPORTANT: use a secundary node interface for the BGPPeers and the Advertisements, instead of the br-ex interface on the node.
    3.Configure frrconfig to learn prefixes from the same peers defined in the MetalLB BGPPeers. IMPORTANT: we should not add the toAdvertise field in the neighbors configuration neither the bfdprofile settings.
   4. Create a pod and a service of type LoadBalancer with the required MetalLB annotations.

  

      Actual results:

      With this scenario a log like the below should be watched in the speaker 

{"level":"error","ts":"2025-01-22T16:38:26Z","msg":"Reconciler error","controller":"frrconfiguration","controllerGroup":"frrk8s.metallb.io","co ntrollerKind":"FRRConfiguration","FRRConfiguration":{"name":"reload","namespace":"metallbreload"},"namespace":"metallbreload","name":"reload"," reconcileID":"dc276fc7-66ce-4356-aed0-af32d6776d45","error":"admission webhook \"frrconfigurationsvalidationwebhook.metallb.io\" denied the request: resource is invalid for node worker0.ocp1.r450.org: multiple bfd profiles specified for neighbor 192.168.200.1 at vrf ","stacktrace":"sig s.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/metallb/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:329\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/metallb/vendor/si gs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/metallb/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:227"}

And also there will be only one frrconfiguration, the one from MetalLB is not created, and the prefix of the MetalLB service is not advertise from the node.     

      Expected results:

          We should see that two frrconfigurations are created, the one we configured manually and the one generated by MetalLB. Also the desired behavior should be the advertisement of the MetalLB prefixes.

      Additional info:

          This issue can be fixed by adding the same BFD profile in both places, in the MetalLB and in the frr-k8s configurations, adding the same profile name inthe frrconfig on each neighbor.

              fpaoline@redhat.com Federico Paolinelli
              dchavero Daniel Chavero Gaspar
              Arti Sood Arti Sood
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: