-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
4.16, 4.17, 4.18, 4.19, 4.20
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
Hairpin connection failed on Service type-LoadBalancer NLB with internal scheme. The hairpin connection impacts any application which the client and server are hosted in the same node, exposed by a Service type-LoadBalancer NLB (only). The CCM creates a NLB with preserve source IP address attribute enabled by default, and does not provide interface to change it, leading to fail in those scenarios. The Default router deployed by Cluster Ingress Controller on OCP standalone on AWS and ROSA HCP private deployments. For more information, see upstream issue[1], and e2e tests[2] reproducing the problem on NLB.
Version-Release number of selected component (if applicable):
How reproducible:
Always
Steps to Reproduce:
Scenario 1) Standalone Service app: - Deploy a sample server application sticking to single node - Expose the server through a Service type-LB NLB with private scheme - Run a client/curl to reach the LB endpoint from the same node the server was deployed Scenario 2) Using OCP Default Router - Create OCP/ROSA HCP private cluster - Deploy a sample server application sticking to single node - Expose the server app through a router - Run a client/curl to reach the router endpoint from the same node the server was deployed
Actual results:
Scenario 1) connection timeout for single node Scenario 2) Eventually connection timeouts depending the number of replicas the router have in the cluster
Expected results:
hairpin connection works in the private service type-LoadBalancers
Additional info:
[1] Upstream CCM-AWS Issue: https://github.com/kubernetes/cloud-provider-aws/issues/1160 [2] Upstream e2e tests reproducing the problem: https://github.com/kubernetes/cloud-provider-aws/pull/1161
- relates to
-
SPLAT-2324 [Tech Preview] CCM-AWS/Service/NLB: Implement support for hairpining traffic solution on OpenShift private routers
-
- In Progress
-
-
SPLAT-2257 [Investigation] AWS/Service/NLB: Explore solution to resolve hairpin connection issue affecting default router service on ROSA HCP
-
- Closed
-
-
OCPBUGS-16199 Add warning about internal NLBs Client IP Preservation issue
-
- Closed
-