Bug 2083593

Summary: OVN-Kubernetes: egress router pod (redirect mode), access from pod on different worker-node (redirect) doesn't work
Product: OpenShift Container Platform Reporter: OpenShift BugZilla Robot <openshift-bugzilla-robot>
Component: NetworkingAssignee: Andreas Karis <akaris>
Networking sub component: ovn-kubernetes QA Contact: Weibin Liang <weliang>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: ableisch, cfields, danw, ffernand, mmahmoud, weliang
Version: 4.9   
Target Milestone: ---   
Target Release: 4.10.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-23 13:25:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2075475    
Bug Blocks: 2085463    

Comment 5 Weibin Liang 2022-05-17 18:31:48 UTC 
Tested and verified in 4.10.15

[weliang@weliang Test]$ oc get pod -o wide
NAME                                            READY   STATUS    RESTARTS   AGE     IP             NODE                                      NOMINATED NODE   READINESS GATES
dell-per740-14rhtsengpek2redhatcom-debug        1/1     Running   0          5m13s   10.73.116.62   dell-per740-14.rhts.eng.pek2.redhat.com   <none>           <none>
egress-router-cni-deployment-848f45d98b-fj2tt   1/1     Running   0          6m21s   10.128.2.25    dell-per740-14.rhts.eng.pek2.redhat.com   <none>           <none>
test-pod-86879d8c8c-mtr4m                       1/1     Running   0          4m35s   10.128.2.27    dell-per740-14.rhts.eng.pek2.redhat.com   <none>           <none>
test-pod-86879d8c8c-pbthj                       1/1     Running   0          4m35s   10.128.2.28    dell-per740-14.rhts.eng.pek2.redhat.com   <none>           <none>
test-pod-86879d8c8c-q7n9c                       1/1     Running   0          4m35s   10.131.0.23    dell-per740-35.rhts.eng.pek2.redhat.com   <none>           <none>
test-pod-86879d8c8c-qd2kz                       1/1     Running   0          4m35s   10.131.0.22    dell-per740-35.rhts.eng.pek2.redhat.com   <none>           <none>
test-pod-86879d8c8c-skxdp                       1/1     Running   0          4m35s   10.131.0.24    dell-per740-35.rhts.eng.pek2.redhat.com   <none>           <none>
test-pod-86879d8c8c-ttbt7                       1/1     Running   0          4m35s   10.128.2.26    dell-per740-14.rhts.eng.pek2.redhat.com   <none>           <none>
[weliang@weliang Test]$ oc rsh test-pod-86879d8c8c-pbthj
~ $ curl 10.128.2.25:8080
curl: (7) Failed to connect to 10.128.2.25 port 8080: Connection refused
~ $ curl 10.128.2.25
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
~ $ exit
[weliang@weliang Test]$ oc rsh test-pod-86879d8c8c-q7n9c
~ $ curl 10.128.2.25
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
~ $ curl 172.30.225.236:80
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
~ $ exit
[weliang@weliang Test]$ oc rsh test-pod-86879d8c8c-skxdp
~ $ curl 10.128.2.25
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
~ $ curl 172.30.225.236:80
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
~ $
Comment 7 errata-xmlrpc 2022-05-23 13:25:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.10.15 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2258