Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: 4.16.z
Component/s: Networking / ovn-kubernetes
Labels:

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
5
Severity:
Critical
Regression:
Yes

Target Backport Versions:

4.17.z, 4.16.z, 4.18.z, 4.19.z, 4.20.z
Target Version:

4.19.z
Release Blocker:
None
Sprint:
CORENET Sprint 280
sprint_count:
1

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Review Complete:
PX Impact Score:

Release Note Status:
In Progress
Release Note Type:
Bug Fix
Release Note Text:

Hide
Before this release, any unrelated changes to a `netpol` resource triggered a full reconcile of the object, including deleting and re-adding rules. With this release, a `netpol` object fully reconciles when required. Otherwise, it is skipped. (link:https://issues.redhat.com/browse/OCPBUGS-64590[~~OCPBUGS-64590~~])

Show
Before this release, any unrelated changes to a `netpol` resource triggered a full reconcile of the object, including deleting and re-adding rules. With this release, a `netpol` object fully reconciles when required. Otherwise, it is skipped. (link: https://issues.redhat.com/browse/OCPBUGS-64590 [ OCPBUGS-64590 ])

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

Packets are not being forwarded from pod interface to worker edge interface. Behavior observed with a packet capture and with retis reporting OVS_DROP_LAST_ACTION.

A network policy is blocking egress traffic by default and an application is permitted access. An operator is periodically re-apply the same network policy that is allowing egress traffic through, but traffic is being dropped at pod interface.

Version-Release number of selected component (if applicable):

4.16.z

How reproducible:

Unknown.

Behavior has been observed multiple times.

Steps to Reproduce:

Behavior is not known to be readily reproducible.

Actual results:

Cluster external server sends TCP segment and pod sends ACK. Worker edge interface does not forward ACK and eventually TCP connection is torn down after LDAP server enters RTO.

Expected results:

Consistent data from from

pod -> worker -> external server

and

external server -> worker -> pod

Additional info:

Affected Platforms:

OCP 4.16.z

customer issue

clones

OCPBUGS-64590 [release-4.20] Packets not being forwarded from pod to edge interface (OVS_DROP_LAST_ACTION)

Closed

is blocked by

OCPBUGS-64590 [release-4.20] Packets not being forwarded from pod to edge interface (OVS_DROP_LAST_ACTION)

Closed

links to

openshift/ovn-kubernetes#2862: OCPBUGS-65658, CORENET-6055, OCPBUGS-65909, OCPBUGS-65956: Branch Sync release-4.20 to release-4.19 [11-14-2025]

Assignee:: Arkadeep Sen (Aurko)

Reporter:: Jacob Shivers

Need Info From:: Zhanqi Zhao

Contributors:: None

QA Contact:: Zhanqi Zhao

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/11/25 4:14 AM

Updated:: 2025/11/25 8:00 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates