Bug 1543786
Summary: | [egressip] Incorrect openflow rule added after deleting namespace and then reusing egress IP | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Meng Bo <bmeng> | |
Component: | Networking | Assignee: | Dan Winship <danw> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Meng Bo <bmeng> | |
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | 3.9.0 | CC: | aos-bugs, bbennett, danw, wsun | |
Target Milestone: | --- | |||
Target Release: | 3.10.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: |
Cause: Due to incorrect cleanup of internal state, if you deleted a "static per-project egress IPs" from one project and then tried to reuse that IP for a different project, the OVS rules for the new project would be created incorrectly.
Consequence: The egress IP would not be used for the new project, and might start being used again for some traffic from the old project.
Fix: The internal state is now cleaned up correctly when removing an egress IP.
Result: Egress traffic works as expected.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1544454 1544455 (view as bug list) | Environment: | ||
Last Closed: | 2018-12-20 21:11:13 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1544454, 1544455 |
Description
Meng Bo
2018-02-09 10:18:09 UTC
> 8. Patch the hostsubnet of any node
(using the same egressIP as before)
Tested on OCP v3.9.0-0.47.0, issue has been fixed. Add the deleted egress IP back after deleted the netnamespace, the egress IP for other netnamespace will work fine. There is still problem when adding the deleted egressip back to node. But the issue will not occur when the first time add it back, user need to repeat the steps 5-8 again. And check the openflow, the 2nd vnid will be used for the pkt_mark. The openflow rules: The netnamespace with vnid 0xa1103e is added after the one with 0x39a7b4 But the table 100 is using the old one table=80, priority=100,reg0=0x46f52c,reg1=0x46f52c actions=output:NXM_NX_REG2[] table=80, priority=100,reg0=0x39a7b4,reg1=0x39a7b4 actions=output:NXM_NX_REG2[] table=80, priority=100,reg0=0xa1103e,reg1=0xa1103e actions=output:NXM_NX_REG2[] table=80, priority=0 actions=drop table=90, priority=100,ip,nw_dst=10.129.2.0/23 actions=move:NXM_NX_REG0[]->NXM_NX_TUN_ID[0..31],set_field:10.1.1.4->tun_dst,output:1 table=90, priority=0 actions=drop table=100, priority=100,ip,reg0=0x39a7b4 actions=set_field:4e:22:d7:60:ae:cc->eth_dst,set_field:0x39a7b4->pkt_mark,goto_table:101 table=100, priority=0 actions=goto_table:101 table=101, priority=51,tcp,nw_dst=10.1.1.3,tp_dst=53 actions=output:2 table=101, priority=51,udp,nw_dst=10.1.1.3,tp_dst=53 actions=output:2 *** Bug 1544454 has been marked as a duplicate of this bug. *** Tested on v3.10.0-0.58.0 Issue has been fixed. |