Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.19.z
Component/s: Networking / ovn-kubernetes
Labels:
- SDN:OVNK:EgressService

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Important
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
None
Sprint:
None

RH Private Keywords:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem: After OCP cluster update from 4.18.26 to 4.19.16 pods behind EgressService fail to reach external resources:

oc rsh -n rds-egress-ns rds-egress-deploy-5d778bc996-fvgkb
~ $ curl --connect-timeout 5  -Lv  http://10.46.187.195:9090/clientip
*   Trying 10.46.187.195:9090...
* Connection timed out after 5000 milliseconds
* Closing connection 0
curl: (28) Connection timed out after 5000 milliseconds
~ $ curl --connect-timeout 5  -Lv  http://[2620:52:0:2ebb::c3]:9090/clientip
*   Trying 2620:52:0:2ebb::c3:9090...
* Connection timed out after 5001 milliseconds
* Closing connection 0
curl: (28) Connection timed out after 5001 milliseconds

Service:

oc get svc -n rds-egress-ns
NAME                     TYPE           CLUSTER-IP       EXTERNAL-IP                           PORT(S)          AGE
egress-svc-1             LoadBalancer   172.30.213.181   192.200.10.1,fd12:2222:3333:4444::1   9090:32545/TCP   3h57m

oc get egressservice -n rds-egress-ns
NAME                     ASSIGNED HOST
egress-svc-1             openshift-worker-0

Ingress access works via LoadBalancer's IPv4 address but fails over IPv6:

curl -Lv --connect-timeout 3 http://192.200.10.1:9090/clientip
*   Trying 192.200.10.1...
* TCP_NODELAY set
* Connected to 192.200.10.1 (192.200.10.1) port 9090 (#0)
> GET /clientip HTTP/1.1
> Host: 192.200.10.1:9090
> User-Agent: curl/7.61.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Tue, 14 Oct 2025 12:36:29 GMT
< Content-Length: 16
< Content-Type: text/plain; charset=utf-8
<
* Connection #0 to host 192.200.10.1 left intact
100.64.0.8:56420

curl -Lv --connect-timeout 3 http://[fd12:2222:3333:4444::1]:9090/clientip
*   Trying fd12:2222:3333:4444::1...
* TCP_NODELAY set
* Connection timed out after 3001 milliseconds
* Closing connection 0
curl: (28) Connection timed out after 3001 milliseconds

External IPv4 address is reachable from all the cluster nodes.
External IPv6 address is reachable only from control-plane nodes.

Version-Release number of selected component (if applicable):
metallb-operator.v4.19.0-202509281724
OCP 4.19.16

How reproducible:
So far ran the upgrade once

Steps to Reproduce:

1. Deploy and configure baremetal dual stack cluster per RDS Core specification with OCP 4.18

2. Update the cluster to 4.19

3. Update day 2 operators (SRIOV, NMState, MetalLB, etc)

4. Check EgressService functionality

Actual results:

EgressService functionality is partially working

Expected results:

EgressService functions properly after upgrade

Assignee:: sdn-team bot

Reporter:: Yurii Prokulevych

Need Info From:: None

Contributors:: None

QA Contact:: Anurag Saxena

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2025/10/14 12:48 PM

Updated:: 2025/10/18 6:42 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates