-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
4.22
-
None
-
None
-
False
-
-
3
-
None
-
None
-
None
-
None
-
None
-
WINC - Sprint 284
-
1
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
Windows hosts cannot route traffic to pods on remote overlay network subnets, causing ClusterIP services backed by remote pods to fail. While HNS RemoteSubnetRoute policies are created correctly, the Windows routing table does not route overlay traffic through the overlay interface, breaking connectivity to services with remote endpoints. Traffic intended for remote pod IPs is incorrectly routed through the physical network interface instead of the overlay network interface, causing connection failures.
Version-Release number of selected component (if applicable):
4.21.0-0
How reproducible:
Always
Steps to Reproduce:
1. Set up cluster with Windows node oc get nodes -l kubernetes.io/os=windows -o wide 2. Use existing image-registry or deploy test service oc get svc -n openshift-image-registry image-registry oc get endpoints -n openshift-image-registry image-registry # Verify endpoints are on different subnets than Windows node 3. Test connectivity from Windows node: # SSH to Windows node # Test ClusterIP connection Test-NetConnection -ComputerName 172.30.x.x -Port 5000 # Observe failure with traffic going through physical interface 4. Verify routing behavior: route print | Select-String "10.128" # Shows: 10.128.0.0/14 → On-link via ifIndex 24 (overlay interface) # Test which route is actually used Find-NetRoute -RemoteIPAddress 10.128.2.19 # Shows: Uses 0.0.0.0/0 default route → ifIndex 8 (physical interface)
Actual results:
When a Windows host process connects to a ClusterIP service with remote endpoints: 1. kube-proxy creates HNS LoadBalancer policy correctly 2. kube-proxy NATs ClusterIP to backend pod IP (e.g., 10.128.2.19) 3. HNS RemoteSubnetRoute policies exist for remote subnets 4. Windows routing table ignores overlay routes 5. Traffic routes through physical interface (vEthernet (Ethernet)) 6. Connection fails
Expected results:
When a Windows host process (e.g., containerd) connects to a ClusterIP service: 1. kube-proxy NATs ClusterIP to backend pod IP 2. Traffic should route through overlay interface (vEthernet (VIPEndpoint)) 3. HNS RemoteSubnetRoute policies should VXLAN-encapsulate traffic 4. Connection succeeds to remote pod
Additional info:
Related Code:
[ovn-kubernetes/go-controller/hybrid-overlay/pkg/controller/ho_node_windows.go:216]
[ovn-kubernetes/go-controller/hybrid-overlay/pkg/controller/overlay_windows.go:164-178]
Log Files analysed: - C:\var\log\hybrid-overlay\hybrid-overlay.log - C:\var\log\kube-proxy\kube-proxy.log
- is blocked by
-
-
- New
-
- is cloned by
-
-
- New
-