-
Bug
-
Resolution: Done-Errata
-
Critical
-
4.19.0
-
Quality / Stability / Reliability
-
False
-
-
None
-
Critical
-
No
-
2025-03-31: Blocker for BGP GA in 4.19.0
-
None
-
Rejected
-
CORENET Sprint 269
-
1
-
In Progress
-
Release Note Not Required
-
N/A
-
None
-
None
-
None
-
None
Description of problem:
LGW mode with BGP and UDN enabled
- from external --> udn pod ip success
- from same host worker --> UDN pod ip failed
same host can ping udn pod but cannot curl, mean ICMP is working, but not tcp , from the below tcpdump show getting RST
sh-5.1# tcpdump -i any -nn host 30.100.2.4
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
10:07:23.706089 ovn-k8s-mp11 Out IP 30.100.2.2.43774 > 30.100.2.4.8080: Flags [S], seq 725483478, win 65520, options [mss 1260,sackOK,TS val 3533312449 ecr 0,nop,wscale 7], length 0
10:07:23.706629 58945473a0948_3 Out IP 30.100.2.2.43774 > 30.100.2.4.8080: Flags [S], seq 725483478, win 65520, options [mss 1260,sackOK,TS val 3533312449 ecr 0,nop,wscale 7], length 0
10:07:23.706666 58945473a0948_3 P IP 30.100.2.4.8080 > 30.100.2.2.43774: Flags [S.], seq 3088258894, ack 725483479, win 64896, options [mss 1260,sackOK,TS val 877953634 ecr 3533312449,nop,wscale 7], length 0
10:07:23.706835 ovn-k8s-mp11 In IP 30.100.2.4.8080 > 30.100.2.2.43774: Flags [S.], seq 3088258894, ack 725483479, win 64896, options [mss 1260,sackOK,TS val 877953634 ecr 3533312449,nop,wscale 7], length 0
10:07:23.706863 ovn-k8s-mp11 Out IP 30.100.2.2.43774 > 30.100.2.4.8080: Flags [R], seq 725483479, win 0, length 0
10:07:23.707006 58945473a0948_3 Out IP 30.100.2.2.43774 > 30.100.2.4.8080: Flags [R], seq 725483479, win 0, length 0
10:07:24.756010 ovn-k8s-mp11 Out IP 30.100.2.2.43774 > 30.100.2.4.8080: Flags [S], seq 725483478, win 65520, options [mss 1260,sackOK,TS val 3533313499 ecr 0,nop,wscale 7], length 0
10:07:24.756028 58945473a0948_3 Out IP 30.100.2.2.43774 > 30.100.2.4.8080: Flags [S], seq 725483478, win 65520, options [mss 1260,sackOK,TS val 3533313499 ecr 0,nop,wscale 7], length 0
10:07:24.756066 58945473a0948_3 P IP 30.100.2.4.8080 > 30.100.2.2.43774: Flags [S.], seq 3104655889, ack 725483479, win 64896, options [mss 1260,sackOK,TS val 877954684 ecr 3533313499,nop,wscale 7], length 0
10:07:24.756074 ovn-k8s-mp11 In IP 30.100.2.4.8080 > 30.100.2.2.43774: Flags [S.], seq 3104655889, ack 725483479, win 64896, options [mss 1260,sackOK,TS val 877954684 ecr 3533313499,nop,wscale 7], length 0
10:07:24.756095 ovn-k8s-mp11 Out IP 30.100.2.2.43774 > 30.100.2.4.8080: Flags [R], seq 725483479, win 0, length 0
10:07:24.756101 58945473a0948_3 Out IP 30.100.2.2.43774 > 30.100.2.4.8080: Flags [R], seq 725483479, win 0, length 0
10:07:26.804017 ovn-k8s-mp11 Out IP 30.100.2.2
- from different host worker --> UDN podip failed
both ICMP and TCP cannot work for different host worker to UDN podip
SGW mode with BGP and UDN enabled
- from external --> udn pod ip success
- from same host worker --> UDN pod ip failed
- from different host worker --> UDN podip success
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
- apply the following UDN
apiVersion: k8s.ovn.org/v1
kind: UserDefinedNetwork
metadata:
name: l3-primary-sec
labels:
app: udn
spec:
topology: Layer3
layer3:
role: Primary
mtu: 1300
subnets:
- cidr: "30.100.0.0/16"
hostSubnet: 24
2. apply the RA
apiVersion: k8s.ovn.org/v1
kind: RouteAdvertisements
metadata:
name: udn
spec:
networkSelector:
matchLabels:
app: udn
advertisements:
- "PodNetwork"
3.
Actual results:
Expected results:
When UDN advertise to defaut VRF, they host should be accessed UDN pods IIUC
discussion in slack: https://redhat-internal.slack.com/archives/C07AT0XP4J0/p1742544738664619
- links to
-
RHEA-2024:11038
OpenShift Container Platform 4.19.z bug fix update
(1 links to)