Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: None
Affects Version/s: 4.11.z
Component/s: Networking / ovn-kubernetes
Labels:
None

Severity:
Critical
Sprint:
SDN Sprint 229, SDN Sprint 230, SDN Sprint 231
sprint_count:
3
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.11.z

SFDC Cases Counter:
SFDC Cases Links:

Description

Description of problem:
Follow-up of: https://issues.redhat.com/browse/SDN-2988

This failure is perma-failing in the e2e-metal-ipi-ovn-dualstack-local-gateway jobs.

Example: https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-release-master-nightly-4.13-e2e-metal-ipi-ovn-dualstack-local-gateway/1597574181430497280
Search CI: https://search.ci.openshift.org/?search=when+using+openshift+ovn-kubernetes+should+ensure+egressfirewall+is+created&maxAge=336h&context=1&type=junit&name=e2e-metal-ipi-ovn-dualstack-local-gateway&excludeName=&maxMatches=5&maxBytes=20971520&groupBy=job
Sippy: https://sippy.dptools.openshift.org/sippy-ng/jobs/4.13/analysis?filters=%7B%22items%22%3A%5B%7B%22columnField%22%3A%22name%22%2C%22operatorValue%22%3A%22equals%22%2C%22value%22%3A%22periodic-ci-openshift-release-master-nightly-4.13-e2e-metal-ipi-ovn-dualstack-local-gateway%22%7D%5D%7D

Version-Release number of selected component (if applicable):

4.12,4.13

How reproducible:

Every time

Steps to Reproduce:

1. Setup dualstack KinD cluster
2. Create egress fw policy with spec
Spec:
  Egress:
    To:
      Cidr Selector:  0.0.0.0/0
    Type:             Deny
3. create a pod and ping to 1.1.1.1

Actual results:

Egress policy does not block flows to external IP

Expected results:

Egress policy blocks flows to external IP

Additional info:

It seems mixing ip4 and ip6 operands in ACL matchs doesnt work

Attachments

Issue Links

clones

OCPBUGS-6823 [release-4.12] Egress FW ACL rules are invalid in dualstack mode

Closed

depends on

OCPBUGS-6823 [release-4.12] Egress FW ACL rules are invalid in dualstack mode

Closed

is cloned by

OCPBUGS-7012 [release-4.10] Egress FW ACL rules are invalid in dualstack mode

Closed

is depended on by

OCPBUGS-7012 [release-4.10] Egress FW ACL rules are invalid in dualstack mode

Closed

links to

openshift/ovn-kubernetes#1507: OCPBUGS-7010: [release-4.11] Fix Egress FW ACL rules in dualstack mode

Activity

People

Assignee:: Martin Kennelly

Reporter:: Andreas Karis

QA Contact:: Huiran Wang

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2023/02/03 11:42 AM

Updated:: 2023/02/21 6:11 PM

Resolved:: 2023/02/21 6:11 PM