Uploaded image for project: 'OpenShift Specialist Platform Team'
  1. OpenShift Specialist Platform Team
  2. SPLAT-1409

[vSphere] ipsec communication is broken after nodes reboot

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Critical Critical
    • None
    • 4.14, 4.15.0, 4.16.0
    • False
    • None
    • False
    • Sprint 248

      The OCP cluster is running with IPsec for east west traffic, it works until cluster is rebooted. After reboot is complete pod to pod traffic is completely broken. 

      We checked all the IPsec config, It is as similar as before cluster reboot, didn't notice any changes to xfrm states and policies.

      When we reboot the cluster by setting esp-tx-csum-hw-offload to 'off' on all nodes, then cluster is restored.

      Cluster Profile: 1_UPI on vSphere 8.0& FIPS ON & OVN IPSEC & Static Network & Bonding & HW19 & Secureboot (IPSEC E-W only)

      For more information refer to discussions below:
      https://redhat-internal.slack.com/archives/C04L7QWC9CZ/p1705663798680819
      https://redhat-internal.slack.com/archives/C05NV4G1W9Y/p1705604505159779
      https://issues.redhat.com/browse/OCPBUGS-25312

              Unassigned Unassigned
              pepalani@redhat.com Periyasamy Palanisamy
              Jaime Caamaño Ruiz
              Huiran Wang Huiran Wang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: