Bug 1949063
| Summary: | [sig-network] Conntrack should be able to preserve UDP traffic when server pod cycles for a NodePort service | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Antonio Ojea <aojeagar> |
| Component: | Networking | Assignee: | Antonio Ojea <aojeagar> |
| Networking sub component: | openshift-sdn | QA Contact: | zhaozhanqi <zzhao> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | medium | ||
| Priority: | high | CC: | aconstan, ccoleman, danw, jluhrsen, zzhao |
| Version: | 4.7 | Keywords: | Reopened |
| Target Milestone: | --- | ||
| Target Release: | 4.8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
NodePort UDP Services traffic can be blackholed due to stale conntrack entries, caused if some of the endpoints change or if the client start to send traffic to the Service before one endpoint exists.
We should flush the conntrack entries related to the Service in any of this cases, so the new traffic can reach the available endpoints.
|
Story Points: | --- |
| Clone Of: | 1923231 | Environment: |
[sig-network] Conntrack should be able to preserve UDP traffic when server pod cycles for a NodePort service
|
| Last Closed: | 2021-07-27 23:00:08 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1923231 | ||
|
Comment 1
Antonio Ojea
2021-04-13 11:39:49 UTC
still can find failed in CI https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/release-openshift-ocp-installer-e2e-aws-ovn-4.8/1387209922613088256 (In reply to zhaozhanqi from comment #3) > still can find failed in CI > https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/release-openshift- > ocp-installer-e2e-aws-ovn-4.8/1387209922613088256 This bug is openshift-sdn specific, it if fails in OVN it has to be filed as a separate bug run this on build 4.8.0-0.nightly-2021-04-29-151418 with `./e2e.test -kubeconfig ~/kubeconfig -ginkgo.focus "Conntrack should be able to preserve UDP traffic when server pod cycles for a NodePort service" -test.count 150 -test.failfast` failed with following error: http://pastebin.test.redhat.com/960227 please ignore comment 5, it's OVN cluster try again on sdn cluster with 4.8.0-0.nightly-2021-04-29-151418 ./e2e.test -kubeconfig /root/zzhao/kubeconfig -ginkgo.focus "Conntrack should be able to preserve UDP traffic when server pod cycles for a NodePort service" -test.count 150 -test.failfast all pass. Move to verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438 |