Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-58456

CCM/AWS - hairpin connection failed when Service type-LoadBalancer NLB with internal scheme

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      Hairpin connection failed on Service type-LoadBalancer NLB with internal scheme.
      
      The hairpin connection impacts any application which the client and server are hosted in the same node, exposed by a Service type-LoadBalancer NLB (only). The CCM creates a NLB with preserve source IP address attribute enabled by default, and does not provide interface to change it, leading to fail in those scenarios.
      
      The Default router deployed by Cluster Ingress Controller on OCP standalone on AWS and ROSA HCP private deployments.
      
      For more information, see upstream issue[1], and e2e tests[2] reproducing the problem on NLB.

      Version-Release number of selected component (if applicable):

          

      How reproducible:

      Always

      Steps to Reproduce:

      Scenario 1) Standalone Service app:
      - Deploy a sample server application sticking to single node
      - Expose the server through a Service type-LB NLB with private scheme 
      - Run a client/curl to reach the LB endpoint from the same node the server was deployed
      
      Scenario 2) Using OCP Default Router
      - Create OCP/ROSA HCP private cluster
      - Deploy a sample server application sticking to single node
      - Expose the server app through a router 
      - Run a client/curl to reach the router endpoint from the same node the server was deployed

      Actual results:

      Scenario 1) connection timeout for single node
      Scenario 2) Eventually connection timeouts depending the number of replicas the router have in the cluster    

      Expected results:

      hairpin connection works in the private service type-LoadBalancers    

      Additional info:

      [1] Upstream CCM-AWS Issue: https://github.com/kubernetes/cloud-provider-aws/issues/1160
      [2] Upstream e2e tests reproducing the problem: https://github.com/kubernetes/cloud-provider-aws/pull/1161

              mimccune@redhat.com Michael McCune
              rhn-support-mrbraga Marco Braga
              None
              None
              Zhaohua Sun Zhaohua Sun
              None
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: