Uploaded image for project: 'OpenShift Specialist Platform Team'
  1. OpenShift Specialist Platform Team
  2. SPLAT-1409

[vSphere] ipsec communication is broken after nodes reboot

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Critical Critical
    • None
    • 4.14, 4.15.0, 4.16.0
    • False
    • None
    • False
    • Sprint 248

      The OCP cluster is running with IPsec for east west traffic, it works until cluster is rebooted. After reboot is complete pod to pod traffic is completely broken. 

      We checked all the IPsec config, It is as similar as before cluster reboot, didn't notice any changes to xfrm states and policies.

      When we reboot the cluster by setting esp-tx-csum-hw-offload to 'off' on all nodes, then cluster is restored.

      Cluster Profile: 1_UPI on vSphere 8.0& FIPS ON & OVN IPSEC & Static Network & Bonding & HW19 & Secureboot (IPSEC E-W only)

      For more information refer to discussions below:
      https://redhat-internal.slack.com/archives/C04L7QWC9CZ/p1705663798680819
      https://redhat-internal.slack.com/archives/C05NV4G1W9Y/p1705604505159779
      https://issues.redhat.com/browse/OCPBUGS-25312

            Unassigned Unassigned
            pepalani@redhat.com Periyasamy Palanichamy
            Jaime Caamaño Ruiz
            Huiran Wang Huiran Wang
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: