Bug 1913011

Summary: [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip
Product: OpenShift Container Platform Reporter: Weibin Liang <weliang>
Component: NetworkingAssignee: Daniel Mellado <dmellado>
Networking sub component: ovn-kubernetes QA Contact: Anurag saxena <anusaxen>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: anbhat, dmellado, zzhao
Version: 4.8Keywords: Reopened, TestBlocker, UpcomingSprint
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-24 15:50:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Weibin Liang 2021-01-05 18:45:45 UTC
Description of problem:
Comparing SDN egress router testing, in OVN cluster the pod accessing external systems does not using egressrouter macvlan ip address as a source ip.
Below are steps for testing on both OVN and SDN cluster, the SDN's tcpdump show the correct macvlan's ip as outgoing source IP.


Version-Release number of selected component (if applicable):
4.7.0-0.nightly-2021-01-05-055003

How reproducible:
Always

Steps to Reproduce:

#### OVN cluster
export nodename=weliang-151-xffw2-compute-0
oc label node $nodename app=ovn-egressrouter-redirect
oc new-project test-ovn-egressrouter-redirect
oc debug node/$nodename # To find a ip which not used in the same subnet and gateway IP
# Create NAD and replace above ip and gateway 
curl -s https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/EgressRouter/ovn-egressrouter-redirect-NAD.yaml | sed s/10.200.16.0/10.0.99.157/g  | sed s/192.168.10.200/10.0.99.254/g | sed s/10.100.3.0/172.217.15.78/g | oc create -f - 
# Create egressrouter pod
oc create -f  https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/EgressRouter/ovn-egressrouter-redirect-pod.yaml 
# Create test pods
oc create -f https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/FC/fc-test-pod.yaml
# Curl ovn-egressrouter-redirect-pod's IP
oc exec test-pod-6fd76b45f5-bctwm -- curl 10.131.0.27:80
# Capture the outgoing traffic in $nodename to find out if the src ip is egressrouter macvlan0's ip
oc debug node/$nodename
tcpdump -i br-ex src host 10.0.99.157 -vvv -n



#### SDN cluster
export nodename=weliang152-94pvw-compute-0
oc label node $nodename app=egressrouter
oc new-project test-sdn-egressrouter-redirect
oc debug node/$nodename # To find a ip which not used in the samesubnet and gateway IP
# Create egressrouter pod and replace above ip and gateway 
curl -s https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/EgressRouter/egress-redirect-pod.yaml | sed s/172.31.249.212/10.0.97.48/g  | sed s/172.31.248.1/10.0.99.254/g  | sed s/216.58.217.46/172.217.15.78/g|  oc create -f - # Create test pods
# Create test pods
oc create -f https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/FC/fc-test-pod.yaml
# Curl egressrouter-redirect-pod's IP
oc exec test-pod-6fd76b45f5-b4ff8 -- curl 10.128.2.39:80
# Capture the outgoing traffic in $nodename to find out if the src ip is egressrouter macvlan0's ip
oc debug node/$nodename
tcpdump -i ens3 src host 10.0.97.48 -vvv -n
tcpdump: listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
16:18:55.125830 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.99.254 tell 10.0.97.48, length 28
16:18:56.184631 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.99.254 tell 10.0.97.48, length 28
16:18:57.208612 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.99.254 tell 10.0.97.48, length 28

Actual results:
tcpdump -i br-ex src host 10.0.99.157 -vvv -n

Expected results:
tcpdump -i br-ex src host 10.0.99.157 -vvv -n
show ARP request traffic use 10.0.99.157 as source IP

Additional info:
OVN cluster kubeconfig:https://mastern-jenkins-csb-openshift-qe.cloud.paas.psi.redhat.com/job/Launch%20Environment%20Flexy/129680/artifact/workdir/install-dir/auth/kubeconfig/*view*/

SDN cluster kubeconfig: https://mastern-jenkins-csb-openshift-qe.cloud.paas.psi.redhat.com/job/Launch%20Environment%20Flexy/129681/artifact/workdir/install-dir/auth/kubeconfig/*view*/

Comment 9 errata-xmlrpc 2021-02-24 15:50:15 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633