Description of problem:

VM or Pod utilizing the OVN localnet network is unable to access its own host IP or the ingress service when both are hosted on the same node. However, the VM/Pod can successfully ping other compute nodes and communicate with external networks.
 

Observed Results:
VM/Pod => VM/Pod's Host: Not working
VM/Pod => Ingress (same host): Not working
VM/Pod => Other Hosts: Works
VM/Pod => Ingress (different host): Works
External => VM/Pod: Works
VM/Pod => External Networks: Works

While the issue involves the inability to access the host from the VM, our goal is to access the ingress of the hosting cluster.

Version-Release number of selected component (if applicable):

4.16
 

How reproducible:
100%
 

Steps to Reproduce:

1. Create nncp object with localnet:
apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
metadata:
  annotations:
    description: localnet1 network is mapped to the br-ex bridge (OVN)
  name: localnet1-nncp
spec:
  desiredState:
    ovn:
      bridge-mappings:
        - bridge: br-ex
          localnet: localnet1
          state: present
  nodeSelector:
    node-role.kubernetes.io/worker: ''
 

2. Create NetworkAttachmentDefinition object

apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  name: localnet1-network
spec:
  config: |
    {
            "cniVersion": "0.3.1", 
            "name": "localnet1", 
            "type": "ovn-k8s-cni-overlay", 
            "topology": "localnet", 
            "netAttachDefName": "vmexamples/localnet1-network" 
    }
 

3. Create a VM or Pod using the OVN localnet network.

Attach NAD while creating vm as interface/ Issue can be reproduced with simple pod as well.
apiVersion: v1
kind: Pod
metadata:
  name: test-pod-debug
  annotations:
    k8s.v1.cni.cncf.io/networks: |-
      [
        {
          "name": "localnet1-network",
          "mac": "XX:XX:XX:XX:88:05",
          "ips": ["XX.XX.XX.11/24"]
        }
      ]
  labels:
    app: test-pod
spec:
  containers:
  - name: test-pod
    image: docker.io/library/alpine:latest
    command: ["/bin/sleep", "10000"]
 

~~~

4. Attempt to access the host IP or ingress service located on the same host node.

Hypervisor (hosting Pod) IP: XX.XX.XX.70
Hypervisor (Another worker in cluster) IP: XX.XX.XX.71

Ping to own host fails

 # ping XX.XX.XX.70
PING XX.XX.XX.70 (XX.XX.XX.70): 56 data bytes
^C
— XX.XX.XX.70 ping statistics —
8 packets transmitted, 0 packets received, 100% packet loss 
 

Ping to other worker in environment works

/ # ping XX.XX.XX.71 -c 1
PING XX.XX.XX.71 (XX.XX.XX.71): 56 data bytes
64 bytes from XX.XX.XX.71: seq=0 ttl=42 time=0.199 ms
 

Actual results:

VM/Pod using OVN localnet network unable to access its own host IP/Ingress

Expected results:

VM/Pod using OVN localnet network should be able to access Ingress

Additional info:

Affected Platforms:

Is it an internal RedHat testing failure.