-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.16.z
-
Quality / Stability / Reliability
-
False
-
-
5
-
Critical
-
Yes
-
None
-
CORENET Sprint 273, CORENET Sprint 274, CORENET Sprint 275, CORENET Sprint 278, CORENET Sprint 279
-
5
-
In Progress
-
Bug Fix
-
Prior to the fix, any unrelated changes to a netpol resource triggered a full reconcile of the object, including deleting and re-adding rules. With this change a netpol object will only be fully reconciled when required, otherwise it will be skipped.
-
None
-
None
-
None
-
None
Description of problem:
Packets are not being forwarded from pod interface to worker edge interface. Behavior observed with a packet capture and with retis reporting OVS_DROP_LAST_ACTION.
A network policy is blocking egress traffic by default and an application is permitted access. An operator is periodically re-apply the same network policy that is allowing egress traffic through, but traffic is being dropped at pod interface.
Version-Release number of selected component (if applicable):
4.16.z
How reproducible:
Unknown.
Behavior has been observed multiple times.
Steps to Reproduce:
Behavior is not known to be readily reproducible.
Actual results:
Cluster external server sends TCP segment and pod sends ACK. Worker edge interface does not forward ACK and eventually TCP connection is torn down after LDAPĀ server enters RTO.
Expected results:
Consistent data from from
pod -> worker -> external serverĀ
and
external server -> worker -> pod
Additional info:
Affected Platforms:
OCP 4.16.z
customer issue
- clones
-
-
- Verified
-
- is blocked by
-
-
- Verified
-
- links to
