Loading...

XML

Word

Printable

Type: Bug
Resolution: Not a Bug
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.20
Component/s: Networking / Metal LB
Labels:
None

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
None
Sprint:
CNF Network Sprint 273
sprint_count:
1

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

BGP routes not advertised - in the speaker pods logs we can see messages about "invalid allowed prefixes"

Version-Release number of selected component (if applicable):

- Started to see this in OpenShift 4.20 nightly 2025-06-28 11:54 and newer.
- MetalLB pre-ga operator: 4.19.0

How reproducible:

100%

Steps to Reproduce:

Actual results:

BGP routes not being advertised

Expected results:

BGP routes are advertised

Additional info:

[kni@provisioner.cluster1.dfwt5g.lab ~]$ oc get clusterversion
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS                                                                      
version   4.20.0-0.nightly-2025-07-01-051543   True        False         10h     Cluster version is 4.20.0-0.nightly-2025-07-01-051543 

[kni@provisioner.cluster1.dfwt5g.lab ~]$ oc -n metallb-system get csv | grep metal                                                                           
metallb-operator.v4.19.0                   MetalLB Operator                           4.19.0                Succeeded                                        
[kni@provisioner.cluster1.dfwt5g.lab ~]$ oc -n metallb-system get pods
NAME                                                   READY   STATUS    RESTARTS   AGE                                                                      
controller-7b688cf4db-xb7dx                            2/2     Running   0          8h                                                                       
metallb-operator-controller-manager-6b98b445b8-qfw7f   1/1     Running   0          9h                                                                       
metallb-operator-webhook-server-6d84c4bfd8-djxbm       1/1     Running   0          9h                                                                       
speaker-k8g24                                          2/2     Running   0          8h                                                                       
speaker-ks64v                                          2/2     Running   0          8h                                                                       
speaker-q7qmq                                          2/2     Running   0          8h                                                                       
speaker-tx95z                                          2/2     Running   0          8h

[kni@provisioner.cluster1.dfwt5g.lab ~]$ oc -n metallb-system logs speaker-k8g24 | grep error | tail -1                                                      
Defaulted container "speaker" out of: speaker, kube-rbac-proxy
{"level":"error","ts":"2025-07-02T20:02:38Z","msg":"Reconciler error","controller":"frrconfiguration","controllerGroup":"frrk8s.metallb.io","controllerKind":"FRRConfiguration","FRRConfiguration":{"name":"reload","namespace":"metallbreload"},"namespace":"metallbreload","name":"reload","reconcileID":"89ee1bec-00b7-496c-8dbd-be45dd238fa6","error":"admission webhook \"frrconfigurationsvalidationwebhook.metallb.io\" denied the request: invalid allowed prefixes [10.100.1.50/32 fdb4:da34:100:1::5/128] for neighbor 65000@192.168.15.2, err: prefix fdb4:da34:100:1::5/128 is not compatible with the ipfamily ipv4\nresource is invalid for node worker-3","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler\n\t/metallb/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:341\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem\n\t/metallb/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:288\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.2\n\t/metallb/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:249"}

[kni@provisioner.cluster1.dfwt5g.lab ~]$ oc -n metallb-app-vlan404 get pods
NAME                               READY   STATUS    RESTARTS   AGE
httpbin-vlan404-5dc856c46d-j97sp   1/1     Running   0          8h
httpbin-vlan404-5dc856c46d-kk4v9   1/1     Running   0          8h

[kni@provisioner.cluster1.dfwt5g.lab ~]$ oc -n metallb-app-vlan404 get service
NAME              TYPE           CLUSTER-IP     EXTERNAL-IP                      PORT(S)          AGE
metallb-vlan404   LoadBalancer   172.30.19.14   10.100.1.50,fdb4:da34:100:1::5   8080:32267/TCP   8h

[kni@provisioner.cluster1.dfwt5g.lab ~]$ oc -n metallb-app-vlan404 get service metallb-vlan404 -o json | jq .spec
{
  "allocateLoadBalancerNodePorts": true,
  "clusterIP": "172.30.19.14",
  "clusterIPs": [
    "172.30.19.14",
    "fd03::437"
  ],
  "externalTrafficPolicy": "Cluster",
  "internalTrafficPolicy": "Cluster",
  "ipFamilies": [
    "IPv4",
    "IPv6"
  ],
  "ipFamilyPolicy": "PreferDualStack",
  "ports": [
    {
      "nodePort": 32267,
      "port": 8080,
      "protocol": "TCP",
      "targetPort": 8080
    }
  ],
  "selector": {
    "app": "vlan404"
  },
  "sessionAffinity": "None",
  "type": "LoadBalancer"
}
[kni@provisioner.cluster1.dfwt5g.lab ~]$ oc -n metallb-system get IPAddressPool
NAME      AUTO ASSIGN   AVOID BUGGY IPS   ADDRESSES
vlan404   true          false             ["10.100.1.50-10.100.1.70","fdb4:da34:100:1::5-fdb4:da34:100:1::10"]

[kni@provisioner.cluster1.dfwt5g.lab ~]$ oc -n metallb-system get BGPAdvertisement vlan404 -o yaml                                                           
apiVersion: metallb.io/v1beta1
kind: BGPAdvertisement
metadata:
  creationTimestamp: "2025-07-02T11:13:45Z"
  generation: 1
  name: vlan404
  namespace: metallb-system
  resourceVersion: "153443"
  uid: ff760a3f-269c-4625-aeea-88f9aa68fe2b
spec:
  aggregationLength: 32
  aggregationLengthV6: 128
  ipAddressPools:
  - vlan404
  peers:
  - dfw01edge-sp01-cluster1-vlan404-ipv4
  - dfw01edge-sp02-cluster1-vlan404-ipv4
  - dfw01edge-sp01-cluster1-vlan404-ipv6
  - dfw01edge-sp02-cluster1-vlan404-ipv6

CI-job: https://www.distributed-ci.io/jobs/fe561fb1-37b9-45e8-97a7-e4fbc276c345/jobStates?sort=date
must-gather: must_gather.tar.gz

Assignee:: Federico Paolinelli

Reporter:: Manuel Rodriguez

Need Info From:: None

Contributors:: None

QA Contact:: Arti Sood

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2025/07/02 8:30 PM

Updated:: 2025/08/01 1:16 PM

Resolved:: 2025/07/03 8:51 AM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates

Hide