Bug 1963846
Summary: | Problem in trying to connect through the service to a member that is the same as the caller. | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Michał Dulko <mdulko> |
Component: | Networking | Assignee: | Michał Dulko <mdulko> |
Networking sub component: | kuryr | QA Contact: | Itzik Brown <itbrown> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | high | ||
Priority: | medium | CC: | bbennett, itbrown, ltomasbo, mdulko, mpatercz, openshift-bugzilla-robot |
Version: | 4.6 | Keywords: | Triaged |
Target Milestone: | --- | ||
Target Release: | 4.6.z | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause: For hairpin traffic (traffic originating in a member of a Service, redirected by the load balancer to the same member) OVN changes the source-IP of the packets to IP of the LB. This affects OSPs with ovn-octavia-provider.
Consequence: If Network Policy is applied it may happen that such traffic will be unnecessarily blocked.
Fix: Kuryr, when handling a Network Policy will also open traffic from IPs of all the Services in the NP's namespace.
Result: Hairpin traffic will be allowed in OSP deployments using ovn-octavia-provider.
|
Story Points: | --- |
Clone Of: | 1959766 | Environment: | |
Last Closed: | 2021-06-08 13:54:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1959766 | ||
Bug Blocks: |
Comment 5
Itzik Brown
2021-06-02 10:55:05 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6.32 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:2157 |