Bug 1547008

Summary: Egress traffic stops working
Product: OpenShift Container Platform Reporter: Borja Aranda <farandac>
Component: NetworkingAssignee: Ben Bennett <bbennett>
Status: CLOSED DUPLICATE QA Contact: Meng Bo <bmeng>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.7.0CC: aos-bugs, danw, dzhukous
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-20 14:43:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Borja Aranda 2018-02-20 10:46:27 UTC 
Description of problem:
Egress traffic fails when trying to add flow [1], leading to errors [2] and [3]. When this exit 1 happens egress traffic stops working for new connections.

[1] Executing: ovs-ofctl -O OpenFlow13 add-flow br0 table=100, priority=100, reg0=6173904, ip, actions=set_field:->eth_dst,set_field:0xc0a800d2->pkt_mark,goto_table:101

[2] I0220 09:42:06.906779   79756 ovs.go:143] Error executing ovs-ofctl: ovs-ofctl: : invalid Ethernet address

[3] E0220 09:42:06.906800   79756 egressip.go:229] Error updating Namespace egress rules: exit status 1

This is probably caused in this addFlow:

https://github.com/openshift/origin/blob/release-3.7/pkg/network/node/ovscontroller.go#L708

otx.AddFlow("table=100, priority=100, reg0=%d, ip, actions=set_field:%s->eth_dst,set_field:%s->pkt_mark,goto_table:101", vnid, oc.tunMAC, egressHex)

And fails because oc.tunMAC is empty.

This issue seems to be addressed in the PR https://github.com/openshift/origin/pull/18049 with the inclusion of ensureTunMAC()

Additional request:
Can this be backported to a 3.7 errata? Egress is GA in 3.7


Version-Release number of selected component (if applicable):
3.7

Actual results:
Egress traffic stops working for new connections.

Expected results:
Egress traffic doesn't stop working because ensureTunMAC set the proper variables.