Bug 2031012
Summary: | Services of type loadbalancer do not work if the traffic reaches the node from an interface different from br-ex | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Federico Paolinelli <fpaoline> | |
Component: | Networking | Assignee: | Federico Paolinelli <fpaoline> | |
Networking sub component: | ovn-kubernetes | QA Contact: | Arti Sood <asood> | |
Status: | CLOSED ERRATA | Docs Contact: | ||
Severity: | high | |||
Priority: | high | CC: | alolivei, andbartl, anusaxen, djuran, fbaudin, federico.pulido, gkopels, ibodunov, jlema, mzhidovi, trozet | |
Version: | 4.9 | |||
Target Milestone: | --- | |||
Target Release: | 4.10.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | If docs needed, set a value | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 2040594 (view as bug list) | Environment: | ||
Last Closed: | 2022-03-10 16:32:55 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 2040594 |
Description
Federico Paolinelli
2021-12-10 10:02:14 UTC
*** Bug 2038309 has been marked as a duplicate of this bug. *** Bz verified on dual stack cluster version 4.10.0-fc.2 by QE Networking 1. Create dual stack layer2 AddressPool 2. Create a service [gkopels@ cnf-gotests (metallb-47182-1)]$ oc get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE nginx LoadBalancer 172.30.77.129 10.46.56.131,2620:52:0:2e38::200 80:31186/TCP 44m 3. Create a backend service [gkopels@ cnf-gotests (metallb-47182-1)]$ oc get pods -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES nginx 1/1 Running 0 39m 10.131.0.143 helix13.lab.eng.tlv2.redhat.com <none> <none> 4. On same node as the backend service pod create interface dummy0 [root@helix13 core]# ip a show dummy0 162: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 link/ether 4a:ad:c2:22:e9:03 brd ff:ff:ff:ff:ff:ff inet 10.100.100.254/24 scope global dummy0 valid_lft forever preferred_lft forever inet6 2620:52:0:2e38::500/64 scope global valid_lft forever preferred_lft forever inet6 fe80::48ad:c2ff:fe22:e903/64 scope link valid_lft forever preferred_lft forever 5. Verify service and announcing node [gkopels@ test_cases]$ oc describe service nginx Name: nginx Namespace: default Labels: <none> Annotations: metallb.universe.tf/address-pool: addresspool2 Selector: app=nginx Type: LoadBalancer IP Family Policy: RequireDualStack IP Families: IPv4,IPv6 IP: 172.30.77.129 IPs: 172.30.77.129,fd02::d24d LoadBalancer Ingress: 10.46.56.131, 2620:52:0:2e38::200 Port: <unset> 80/TCP TargetPort: 80/TCP NodePort: <unset> 31186/TCP Endpoints: 10.131.0.143:80 Session Affinity: None External Traffic Policy: Local HealthCheck NodePort: 30149 Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal IPAllocated 6m15s metallb-controller Assigned IP ["10.46.56.131" "2620:52:0:2e38::200"] Normal nodeAssigned 2s (x2 over 2s) metallb-speaker announcing from node "helix13.lab.eng.tlv2.redhat.com" [gkopels@ test_cases]$ oc describe service nginx Name: nginx Namespace: default Labels: <none> Annotations: metallb.universe.tf/address-pool: addresspool2 Selector: app=nginx Type: LoadBalancer IP Family Policy: RequireDualStack IP Families: IPv4,IPv6 IP: 172.30.77.129 IPs: 172.30.77.129,fd02::d24d LoadBalancer Ingress: 10.46.56.131, 2620:52:0:2e38::200 Port: <unset> 80/TCP TargetPort: 80/TCP NodePort: <unset> 31186/TCP Endpoints: 10.131.0.143:80 Session Affinity: None External Traffic Policy: Local HealthCheck NodePort: 30149 Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal IPAllocated 6m17s metallb-controller Assigned IP ["10.46.56.131" "2620:52:0:2e38::200"] Normal nodeAssigned 4s (x2 over 4s) metallb-speaker announcing from node "helix13.lab.eng.tlv2.redhat.com" 6. Curl external IPv4 with dummy0 as source address curl --interface 10.100.100.254 10.46.56.131 7. Curl external IPv6 with dummy0 as source address curl --interface 2620:52:0:2e38::500 [2620:52:0:2e38::200] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>Test Page for the Nginx HTTP Server on Red Hat Enterprise Linux</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; Reran the test with a new IPv6 address on interface dummy0 outside of the IPv6 node IP range. [root@helix13 core]# ip a show dummy0 162: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 link/ether 4a:ad:c2:22:e9:03 brd ff:ff:ff:ff:ff:ff inet 10.100.100.254/24 scope global dummy0 valid_lft forever preferred_lft forever inet6 2620:52:0:200::500/64 scope global valid_lft forever preferred_lft forever inet6 fe80::48ad:c2ff:fe22:e903/64 scope link valid_lft forever preferred_lft forever [root@helix13 core]# curl --interface 2620:52:0:200::500 [2620:52:0:2e38::200] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>Test Page for the Nginx HTTP Server on Red Hat Enterprise Linux</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } ### AddressPool ### apiVersion: metallb.io/v1beta1 kind: AddressPool metadata: name: addresspool2 namespace: metallb-system spec: protocol: layer2 autoAssign: true addresses: - 10.46.56.131-10.46.56.132 - 2620:52:0:2e38::200-2620:52:0:2e38::400 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days |