Bug 1958375

Summary:

Return IPv6 traffic from the application pod is getting dropped when f5 pod is scaled to more than one.

Product:

OpenShift Container Platform

Reporter:

David Critch <dcritch>

Component:

Networking

Assignee:

Federico Paolinelli <fpaoline>

Networking sub component:

ovn-kubernetes

QA Contact:

Ross Brattain <rbrattai>

Status:

CLOSED ERRATA

Docs Contact:

Severity:

high

Priority:

high

CC:

aconstan, anbhat, dporter, fpaoline, kholtz, mark.d.gray, mcornea, mfiedler, openshift-bugs-escalate, pibanezr, rkhan, r.kondapaneni, trozet, vpickard, zzhao

Version:

4.7

Flags:

trozet: needinfo-

Target Milestone:

---

Target Release:

4.9.0

Hardware:

Unspecified

OS:

Unspecified

Whiteboard:

Telco

Fixed In Version:

Doc Type:

No Doc Update

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2021-10-18 17:31:03 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Bug Depends On:

1959008

Bug Blocks:

1976644

Attachments:

Description	Flags
ovntrace logs	none

Comment 1 Federico Paolinelli 2021-05-13 16:07:02 UTC

Created attachment 1782819 [details]
ovntrace logs

Comment 14 Ross Brattain 2021-07-19 19:14:27 UTC

Verified 4.9.0-0.nightly-2021-07-18-155939 is ovn2.13-20.12.0-140.el8fdp.x86_64

Comment 15 Ross Brattain 2021-07-21 06:11:51 UTC

Verified that the OVN rpm is the correct version, need to do more testing.  

We are updating OVN from 20.12.0-25 to 20.12.0-140, there are quite a few fixes since 20.12.0-25.  

ECMP and IPv6 changes:

* Wed Jun 09 2021  - 20.12.0-140
- ovn-northd: Fix IPv6 ECMP symmetric reply flows (#1959008)
--
* Thu May 20 2021  - 20.12.0-121
- ovn-nbctl: do not report an error for duplicated ecmp routes with --may-exist
--
* Thu Feb 11 2021  - 20.12.0-54
- ovn-nbctl: do not allow duplicated ECMP routes
--
* Thu Jan 28 2021  - 20.12.0-40
- ovn-nbctl: add ecmp/ecmp-symmetric-reply to lr-route-list command
--
* Wed Jan 13 2021  - 20.12.0-30
- bfd: introduce IPv6 support

Comment 16 Ross Brattain 2021-07-28 05:38:14 UTC

I see priority=300 routes, and ping6 seems to be working.  Verifying.


1490: cookie=0x577bf7f4, duration=324.468s, table=18, n_packets=0, n_bytes=0, idle_age=324, priority=300,ct_state=+rpl+trk,ct_label=0x200000000000000000000/0xffff00000000000000000000,ipv6,metadata=0x6,ipv6_src=fd01:0:0:1::50b actions=dec_ttl(),load:0x1->NXM_NX_REG10[0],mod_dl_src:52:54:00:43:e6:ed,load:0x66->NXM_NX_XXREG1[0..63],load:0xfd2e6f445dd80000->NXM_NX_XXREG1[64..127],load:0x2->NXM_NX_REG15[],resubmit(,19)
1491: cookie=0xe0398964, duration=324.408s, table=18, n_packets=0, n_bytes=0, idle_age=324, priority=300,ct_state=+rpl+trk,ct_label=0x200000000000000000000/0xffff00000000000000000000,ipv6,metadata=0x6,ipv6_src=fd01:0:0:1::16 actions=dec_ttl(),load:0x1->NXM_NX_REG10[0],mod_dl_src:52:54:00:43:e6:ed,load:0x66->NXM_NX_XXREG1[0..63],load:0xfd2e6f445dd80000->NXM_NX_XXREG1[64..127],load:0x2->NXM_NX_REG15[],resubmit(,19)
1492: cookie=0x25d34ccd, duration=324.383s, table=18, n_packets=0, n_bytes=0, idle_age=324, priority=300,ct_state=+rpl+trk,ct_label=0x200000000000000000000/0xffff00000000000000000000,ipv6,metadata=0x6,ipv6_src=fd01:0:0:1::17 actions=dec_ttl(),load:0x1->NXM_NX_REG10[0],mod_dl_src:52:54:00:43:e6:ed,load:0x66->NXM_NX_XXREG1[0..63],load:0xfd2e6f445dd80000->NXM_NX_XXREG1[64..127],load:0x2->NXM_NX_REG15[],resubmit(,19)
1493: cookie=0xf9e4cb29, duration=324.363s, table=18, n_packets=0, n_bytes=0, idle_age=324, priority=300,ct_state=+rpl+trk,ct_label=0x200000000000000000000/0xffff00000000000000000000,ipv6,metadata=0x6,ipv6_src=fd01:0:0:1::50a actions=dec_ttl(),load:0x1->NXM_NX_REG10[0],mod_dl_src:52:54:00:43:e6:ed,load:0x66->NXM_NX_XXREG1[0..63],load:0xfd2e6f445dd80000->NXM_NX_XXREG1[64..127],load:0x2->NXM_NX_REG15[],resubmit(,19)
1494: cookie=0x8c14ed0a, duration=324.319s, table=18, n_packets=0, n_bytes=0, idle_age=324, priority=300,ct_state=+rpl+trk,ct_label=0x200000000000000000000/0xffff00000000000000000000,ipv6,metadata=0x6,ipv6_src=fd01:0:0:1::50c actions=dec_ttl(),load:0x1->NXM_NX_REG10[0],mod_dl_src:52:54:00:43:e6:ed,load:0x66->NXM_NX_XXREG1[0..63],load:0xfd2e6f445dd80000->NXM_NX_XXREG1[64..127],load:0x2->NXM_NX_REG15[],resubmit(,19)


sh-4.4# ovn-nbctl --format=table  --columns=ip_prefix,nexthop,options,policy    find    Logical_Router_Static_Route | grep fd01
"fd01:0:0:1::17"  "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:1::50b" "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:1::50c" "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01::/48"       "fd98::1"                 {}                            []
"fd01:0:0:3::492" "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01::/48"       "fd98::1"                 {}                            []
"fd01:0:0:2::15d" "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:2::15c" "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:3::491" "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:3::493" "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:2::15c" "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:1::/64" "fd98::4"                 {}                            src-ip
"fd01:0:0:3::491" "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:3::492" "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01::/48"       "fd98::1"                 {}                            []
"fd01:0:0:1::16"  "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:1::50b" "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:1::50a" "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:2::/64" "fd98::2"                 {}                            src-ip
"fd01:0:0:1::50a" "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:3::493" "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:1::17"  "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:1::50c" "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:2::15d" "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:3::/64" "fd98::3"                 {}                            src-ip
"fd01:0:0:1::16"  "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip

Comment 19 errata-xmlrpc 2021-10-18 17:31:03 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759