Bug 1890270

Summary: External IP doesn't work if the IP address is not assigned to a node
Product: OpenShift Container Platform Reporter: Tim Rozet <trozet>
Component: NetworkingAssignee: Tim Rozet <trozet>
Networking sub component: ovn-kubernetes QA Contact: Weibin Liang <weliang>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: unspecified CC: avishnoi, bbennett, djuran
Version: 4.6   
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: External IP services had incorrect routes created for OVN-Kubernetes on nodes where the External IP was not configured. Consequence: Sending traffic to nodes destined towards an External IP would not function if the node was not physically configured with the External IP. Fix: Nodes that do not have the external IP configured on them, now get proper routes added to ensure the traffic goes to OVN where it will be DNAT'ed towards the proper service endpoint. Result: External IP functions as specified by Kubernetes.
 Story Points: ---
Clone Of:
: 1890274 (view as bug list) Environment:
Last Closed: 2021-02-24 15:27:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1890274    

Description Tim Rozet 2020-10-21 19:19:40 UTC 
Description of problem:
With external IP the address may not live on any node. In this case when the packet arrives at any master/worker node (with the destination address of the external IP) it should be routed into OVN. This is currently broken and the route that gets injected into the host is incorrect.
Comment 2 Anurag saxena 2020-11-17 15:06:59 UTC 
@weliang Can you help looking at it? Thanks
Comment 3 Weibin Liang 2020-11-20 20:59:54 UTC 
Tested and verified in 4.7.0-0.nightly-2020-11-18-203317

[root@weliang24-r2gd5-lb ~]# ip route
default via 10.0.99.254 dev eth0 proto dhcp metric 100 
10.0.96.0/22 dev eth0 proto kernel scope link src 10.0.96.54 metric 100 
10.1.1.1 via 10.0.96.192 dev eth0 
169.254.169.254 via 10.0.96.161 dev eth0 proto dhcp metric 100 
[root@weliang24-r2gd5-lb ~]# curl -k 10.1.1.1:27018
externalip-pod
[root@weliang24-r2gd5-lb ~]#
Comment 6 errata-xmlrpc 2021-02-24 15:27:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633