Uploaded image for project: 'OpenShift SDN'
  1. OpenShift SDN
  2. SDN-5055

Impact: Multicast packets got 100% loss

XMLWordPrintable

    • Icon: Spike Spike
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • None
    • None
    • False
    • None
    • False
    • ---
    • 0
    • 0

      We're asking the following questions to evaluate whether or not OCPBUGS-34778 warrants changing update recommendations from either the previous X.Y or X.Y.Z. The ultimate goal is to avoid recommending an update which introduces new risk or reduces cluster functionality in any way. In the absence of a declared update risk (the status quo), there is some risk that the existing fleet updates into the at-risk releases. Depending on the bug and estimated risk, leaving the update risk undeclared may be acceptable.

      Sample answers are provided to give more context and the ImpactStatementRequested label has been added to OCPBUGS-34778. When responding, please move this ticket to Code Review. The expectation is that the assignee answers these questions.

      Which 4.y.z to 4.y'.z' updates increase vulnerability?

      Customers upgrading to 4.16 until OCPBUGS-35835 lands.

      Which types of clusters?

      OVN clusters using multicast communication, which is enabled on a a given namespace with the annotation k8s.ovn.org/multicast-enabled=true.  There is no known in-cluster PromQL for multi-cast enablement or namespace annotations (there is kube_namespace_labels , but that's for labels, not annotations).  "Is the cluster OVN?" might be the closest we can get in PromQL.

      Cluster assessment

      To find whether there is an annotated namespace you can run the following - if the output is empty, there is no such namespace so the cluster would not be affected (unless such namespace is created after update). Otherwise, the output is the list of namespaces with multicast communication enabled:

      oc get namespaces -o json | jq '.items[].metadata | select(.annotations["k8s.ovn.org/multicast-enabled"] == "true") | .name'

      What is the impact? Is it serious enough to warrant removing update recommendations?

      Multicast communication is broken if a multicast receiver and a multicast client run on the same node. It works if they are on different nodes.

      How involved is remediation?

      Clusters must update to a release that includes the OCPBUGS-35835 fix.

      Is this a regression?

      Yes.

              rravaiol@redhat.com Riccardo Ravaioli
              afri@afri.cz Petr Muller
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: