Bug 1497767

Summary: [3.6] Conntrack table entry is not removed when UDP service is added after single pod was removed and added back
Product: OpenShift Container Platform Reporter: Dan Winship <danw>
Component: NetworkingAssignee: Dan Winship <danw>
Status: CLOSED ERRATA QA Contact: Meng Bo <bmeng>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 3.6.0CC: aos-bugs, bbennett, bmeng, byount, danw, eparis, rhowe, xtian
Target Milestone: ---   
Target Release: 3.6.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Conntrack entries for UDP traffic were not cleared when an endpoint was added for a service that previously had no endpoints. Consequence: The system could end up incorrectly caching a rule that would cause traffic to that service to be dropped rather than being sent to the new endpoint. Fix: The relevant conntrack entries are now deleted at the right time. Result: UDP services work correctly when endpoints are added and removed.
 Story Points: ---
Clone Of: 1487438 Environment:
Last Closed: 2017-10-25 13:08:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1487438    
Bug Blocks:    

Comment 1 Dan Winship 2017-10-02 17:04:58 UTC 
https://github.com/openshift/ose/pull/880
Comment 7 Meng Bo 2017-10-13 06:11:24 UTC 
Tested on ocp build v3.6.173.0.49

The conntrack entry about the udp connection will be deleted immediately once the service endpoint gets deleted.
Comment 9 errata-xmlrpc 2017-10-25 13:08:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3049