-
Bug
-
Resolution: Unresolved
-
Major
-
4.20.0
-
Quality / Stability / Reliability
-
False
-
-
None
-
Important
-
None
-
None
-
Rejected
-
CORENET Sprint 274, CORENET Sprint 275, CORENET Sprint 277, CORENET Sprint 278
-
4
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Two issues have been observed with some of the (C)UDN service flows
- At least one UDN service flow relies on the ClusterIP field of the service instead of the ClusterIPs field
flows := []string{fmt.Sprintf("cookie=%s, priority=300, table=2, %s, %s_dst=%s, "+ "actions=set_field:%s->eth_dst,output:%s", defaultOpenFlowCookie, ipPrefix, ipPrefix, service.Spec.ClusterIP, npw.ofm.getDefaultBridgeMAC().String(), defaultNetConfig.ofPortPatch)} - At least one UDN service flow hardcodes a field on IPv4 family
flows = append(flows, fmt.Sprintf("cookie=%s, priority=490, in_port=%s, ip, ip_src=%s,actions=ct(zone=%d,nat,table=3)", defaultOpenFlowCookie, defaultNetConfig.ofPortPatch, service.Spec.ClusterIP, config.Default.HostMasqConntrackZone))
For the first issue, no actual consequence has been observed although it is expected that traffic flows to the non-preferred IP family of the KAPI/DNS services (so IPv6 on dual stack) will fail.
The second issue has been observed on a single stack IPv6 cluster causing the complete flow sync to fail permanently when a CUDN is advertised, making traffic flows CUDN<->external to fail (and potentially impacting any further networking change afterwards):
E0708 08:42:22.397822 12930 openflow_manager.go:133] Failed to add flows, error: exit status 1, stderr, ovs-ofctl: -:2: fd02::1: invalid IP address , flows: map[DEFAULT:[cookie=0xdeff105, priority=205, in_port=1, dl_dst=00:35:01:a6:81:fe, udp6, udp_dst=6081, actions=output:LOCAL cookie=0xdeff105, priority=200, in_port=1, udp6, udp_dst=6081, actions=NORMAL cookie=0xdeff105, priority=200, in_port=LOCAL, udp6, udp_dst=6081, actions=output:1 cookie=0xdeff105, priority=500, in_port=2, ipv6, ipv6_dst=fd69::2, ipv6_src=fd2e:6f44:5dd8:c956::19,actions=ct(commit,zone=64001,nat(dst=fd2e:6f44:5dd8:c956::19),table=4) cookie=0xdeff105, priority=500, in_port=3, ipv6, ipv6_dst=fd69::2, ipv6_src=fd2e:6f44:5dd8:c956::19,actions=ct(commit,zone=64001,nat(dst=fd2e:6f44:5dd8:c956::19),table=4) cookie=0xdeff105, priority=500, in_port=2, ipv6, ipv6_dst=fd00:1101::1bcd:4ef3:764:ec61, ipv6_src=fd2e:6f44:5dd8:c956::19,actions=ct(commit,zone=64001,table=4) cookie=0xdeff105, priority=500, in_port=3, ipv6, ipv6_dst=fd00:1101::1bcd:4ef3:764:ec61, ipv6_src=fd2e:6f44:5dd8:c956::19,actions=ct(commit,zone=64001,table=4) cookie=0xdeff105, priority=500, in_port=2, ipv6, ipv6_dst=fd2e:6f44:5dd8:ca56::19, ipv6_src=fd2e:6f44:5dd8:c956::19,actions=ct(commit,zone=64001,table=4) cookie=0xdeff105, priority=500, in_port=3, ipv6, ipv6_dst=fd2e:6f44:5dd8:ca56::19, ipv6_src=fd2e:6f44:5dd8:c956::19,actions=ct(commit,zone=64001,table=4) cookie=0xdeff105, priority=500, in_port=LOCAL, ipv6, ipv6_dst=fd69::1,actions=ct(zone=64002,nat,table=5) cookie=0xdeff105, priority=500, in_port=LOCAL, ipv6, ipv6_dst=fd02::/112, actions=ct(commit,zone=64001,nat(src=fd69::2),table=2) cookie=0xdeff105, priority=550, in_port=LOCAL, ipv6, ipv6_src=fd69::/112, ipv6_dst=fd02::/112, actions=ct(commit,zone=64001,table=2) cookie=0xdeff105, priority=550, in_port=LOCAL, ipv6, ipv6_src=fdc4:1042:13::/56, ipv6_dst=fd02::/112, actions=ct(commit,zone=64001,table=2) cookie=0xdeff105, priority=500, in_port=2, ipv6, ipv6_src=fd02::/112, ipv6_dst=fd69::/112,actions=ct(zone=64001,nat,table=3) cookie=0xdeff105, priority=105, in_port=2, ipv6, ipv6_dst=fd02::/112,actions=drop cookie=0xdeff105, priority=500, in_port=3, ipv6, ipv6_src=fd02::/112, ipv6_dst=fd69::/112,actions=ct(zone=64001,nat,table=3) cookie=0xdeff105, priority=105, in_port=3, ipv6, ipv6_dst=fd02::/112,actions=drop cookie=0xdeff105, priority=110, table=0, in_port=1, ipv6, nw_frag=yes, actions=ct(table=0,zone=64004) cookie=0xdeff105, priority=100, table=1, ipv6, ct_state=+trk+est, ct_mark=0x1, actions=output:2 cookie=0xdeff105, priority=100, table=1, ipv6, ct_state=+trk+rel, ct_mark=0x1, actions=output:2 cookie=0xdeff105, priority=100, table=1, ipv6, ct_state=+trk+est, ct_mark=0x4, actions=output:3 cookie=0xdeff105, priority=100, table=1, ipv6, ct_state=+trk+rel, ct_mark=0x4, actions=output:3 cookie=0xdeff105, priority=100, table=1, ip6, ct_state=+trk+est, ct_mark=0x2, actions=output:LOCAL cookie=0xdeff105, priority=100, table=1, ip6, ct_state=+trk+rel, ct_mark=0x2, actions=output:LOCAL cookie=0xdeff105, priority=10, table=1, dl_dst=00:35:01:a6:81:fe, actions=output:LOCAL cookie=0xdeff105, priority=100, table=2, actions=set_field:00:35:01:a6:81:fe->eth_dst,output:2 cookie=0xdeff105, priority=200, table=2, ip6, ipv6_src=fdc4:1042:13::/56, actions=set_field:00:35:01:a6:81:fe->eth_dst,output:3 cookie=0xdeff105, priority=200, table=2, ip6, pkt_mark=0x1001, actions=set_field:00:35:01:a6:81:fe->eth_dst,output:3 cookie=0xdeff105, table=3, actions=move:NXM_OF_ETH_DST[]->NXM_OF_ETH_SRC[],set_field:00:35:01:a6:81:fe->eth_dst,output:LOCAL cookie=0xdeff105, table=4,ipv6, actions=ct(commit,zone=64002,nat(src=fd69::1),table=3) cookie=0xdeff105, table=5, ipv6, actions=ct(commit,zone=64001,nat,table=2) cookie=0xdeff105, priority=10, table=0, in_port=1, dl_dst=00:35:01:a6:81:fe, actions=output:2,output:3,output:LOCAL cookie=0xdeff105, priority=10, table=0, in_port=3, dl_src=00:35:01:a6:81:fe, actions=output:NORMAL cookie=0xdeff105, priority=9, table=0, in_port=3, actions=drop cookie=0xdeff105, priority=10, table=0, in_port=2, dl_src=00:35:01:a6:81:fe, actions=output:NORMAL cookie=0xdeff105, priority=9, table=0, in_port=2, actions=drop cookie=0xdeff105, priority=105, in_port=2, dl_src=00:35:01:a6:81:fe, ipv6, pkt_mark=0x3f0 actions=ct(commit, zone=64000, nat(src=fd2e:6f44:5dd8:c956::19), exec(set_field:0x1->ct_mark)),output:1 cookie=0xdeff105, priority=100, in_port=2, dl_src=00:35:01:a6:81:fe, ipv6, actions=ct(commit, zone=64000, exec(set_field:0x1->ct_mark)), output:1 cookie=0xdeff105, priority=102, in_port=2, dl_src=00:35:01:a6:81:fe, ipv6, ipv6_dst=fd00:1101::1bcd:4ef3:764:ec61/128, actions=ct(commit, zone=64000, exec(set_field:0x1->ct_mark)), output:NORMAL cookie=0xdeff105, priority=102, in_port=2, dl_src=00:35:01:a6:81:fe, ipv6, ipv6_dst=fd2e:6f44:5dd8:c956::19/128, actions=ct(commit, zone=64000, exec(set_field:0x1->ct_mark)), output:NORMAL cookie=0xdeff105, priority=102, in_port=2, dl_src=00:35:01:a6:81:fe, ipv6, ipv6_dst=fd2e:6f44:5dd8:ca56::19/128, actions=ct(commit, zone=64000, exec(set_field:0x1->ct_mark)), output:NORMAL cookie=0xdeff105, priority=102, in_port=2, dl_src=00:35:01:a6:81:fe, icmp6, icmpv6_type=135, actions=ct(commit, zone=64000, exec(set_field:0x1->ct_mark)), output:NORMAL cookie=0xdeff105, priority=102, in_port=2, dl_src=00:35:01:a6:81:fe, icmp6, icmpv6_type=136, actions=ct(commit, zone=64000, exec(set_field:0x1->ct_mark)), output:NORMAL cookie=0xdeff105, priority=105, in_port=3, dl_src=00:35:01:a6:81:fe, ipv6, pkt_mark=0x3f0 actions=ct(commit, zone=64000, nat(src=fd2e:6f44:5dd8:c956::19), exec(set_field:0x4->ct_mark)),output:1 cookie=0xdeff105, priority=100, in_port=3, dl_src=00:35:01:a6:81:fe, ipv6, ipv6_src=fd69::b, actions=ct(commit, zone=64000, nat(src=fd2e:6f44:5dd8:c956::19), exec(set_field:0x4->ct_mark)), output:1 cookie=0xdeff105, priority=100, in_port=LOCAL, ipv6, actions=ct(commit, zone=64000, exec(set_field:0x2->ct_mark)), output:1 cookie=0xdeff105, priority=50, in_port=1, ipv6, actions=ct(zone=64000, nat, table=1) cookie=0xdeff105, priority=104, in_port=2, ipv6, ipv6_src=fd01::/48, actions=drop cookie=0xdeff105, priority=109, in_port=2, dl_src=00:35:01:a6:81:fe, ipv6, ipv6_src=fd01:0:0:6::/64actions=ct(commit, zone=64000, exec(set_field:0x1->ct_mark)), output:1 cookie=0xdeff105, priority=15, table=1, ipv6, ipv6_dst=fd01::/48, actions=output:2 cookie=0xdeff105, priority=16, table=1, ipv6, ipv6_dst=fd01:0:0:6::2, actions=output:LOCAL cookie=0xdeff105, priority=15, table=1, ipv6, ipv6_dst=fdc4:1042:13::/56, actions=output:3 cookie=0xdeff105, priority=16, table=1, ipv6, ipv6_dst=fdc4:1042:13:3::2, actions=output:LOCAL cookie=0xdeff105, priority=10, table=1, dl_dst=00:35:01:a6:81:fe, actions=output:LOCAL cookie=0xdeff105, priority=14, table=1,icmp6,icmpv6_type=134 actions=FLOOD cookie=0xdeff105, priority=14, table=1,icmp6,icmpv6_type=136 actions=FLOOD cookie=0xdeff105, priority=13, table=1, in_port=1, udp6, tp_dst=3784, actions=output:2,output:LOCAL cookie=0xdeff105, priority=0, table=1, actions=output:NORMAL] NORMAL:[table=0,priority=0,actions=NORMAL ] UDNAllowedSVC_default_kubernetes:[cookie=0xdeff105, priority=300, table=2, ipv6, ipv6_dst=fd02::1, actions=set_field:00:35:01:a6:81:fe->eth_dst,output:2 cookie=0xdeff105, priority=490, in_port=2, ip, ip_src=fd02::1,actions=ct(zone=64001,nat,table=3)] UDNAllowedSVC_openshift-dns_dns-default:[cookie=0xdeff105, priority=300, table=2, ipv6, ipv6_dst=fd02::a, actions=set_field:00:35:01:a6:81:fe->eth_dst,output:2 cookie=0xdeff105, priority=490, in_port=2, ip, ip_src=fd02::a,actions=ct(zone=64001,nat,table=3)]]