Bug 2217920

Summary: [hot-plug bridged interfaces] MAC address of hot-plugged interface is not taken from KubeMacPool range
Product: Container Native Virtualization (CNV) Reporter: Yossi Segev <ysegev>
Component: NetworkingAssignee: omergi
Status: CLOSED ERRATA QA Contact: Nir Rozen <nrozen>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.14.0CC: edwardh, phoracek
Target Milestone: ---   
Target Release: 4.14.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: virt-controller-rhel9:v4.14.0-327 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-11-08 14:05:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yossi Segev 2023-06-27 13:29:28 UTC 
Description of problem:
When hot-plugging an interface to a VM, in a namespace with KubeMacPool enabled, the new interface is not alloacted a MAC address from the KMP range.


Version-Release number of selected component (if applicable):
CNV 4.14.0
kubemacpool-rhel9:v4.14.0-12


How reproducible:
Always


Steps to Reproduce:

1. Create and run a basic VM (no secondary NICs).
$ oc create ns yoss-ns
namespace/yoss-ns created
$ oc project yoss-ns
Now using project "yoss-ns" on server "https://api.net-ys-414o.rhos-psi.cnv-qe.rhood.us:6443".
$ oc apply -f vm-fedora.yaml 
virtualmachine.kubevirt.io/vm-fedora created
$ virtctl start vm-fedora
VM vm-fedora was scheduled to start

2. Create a bridge interface over one of the nodes secondary NICs using a NodeNetworkConfigurationPolicy.
$ oc apply -f nncp-linux-bridge.yaml 
oc get nncp -w
nodenetworkconfigurationpolicy.nmstate.io/hotplug-linux-bridge created
ysegev@ysegev-fedora (hotplug) $ oc get nncp -w
NAME                   STATUS   REASON
hotplug-linux-bridge            
hotplug-linux-bridge   Progressing   ConfigurationProgressing
hotplug-linux-bridge   Progressing   ConfigurationProgressing
...
hotplug-linux-bridge   Available     SuccessfullyConfigured

3. Create a NetworkattachmentDefinition for the bridge.
$ oc apply -f bridge-nad.yaml 
networkattachmentdefinition.k8s.cni.cncf.io/hp-br-nad created

4. Run the command to add the new interface to the VM:
$ virtctl addinterface vm-fedora --network-attachment-definition-name hp-br-nad --name hp2

5. Migrate the VM to completely apply the hot-plug action (using a VirtualMachineInstanceMigration resource).
$ cat << EOF | oc apply -f -
> apiVersion: kubevirt.io/v1
kind: VirtualMachineInstanceMigration
metadata:
  name: migration-job
spec:
  vmiName: vm-fedora
> EOF
virtualmachineinstancemigration.kubevirt.io/migration-job created
$ oc get vmim -w
NAME            PHASE        VMI
migration-job   Scheduling   vm-fedora
migration-job   Scheduled    vm-fedora
migration-job   PreparingTarget   vm-fedora
migration-job   TargetReady       vm-fedora
migration-job   Running           vm-fedora
migration-job   Succeeded         vm-fedora

6. Check the KubeMacPool range:
$ oc get cm -n openshift-cnv kubemacpool-mac-range-config -o jsonpath={.data} | jq
{
  "RANGE_END": "02:1f:60:ff:ff:ff",
  "RANGE_START": "02:1f:60:00:00:00"
}

7. Check the MAC address of the hot-plugged interface in the `interfaces` entry in the VMI spec.
oc get vmi vm-fedora -ojsonpath='{.status.interfaces[?(@.name=="hp2")].mac}'; echo


Actual results:
<BUG>
MAC address is not within the KubeMacPool range.
e6:b2:8c:d3:b9:e1


Expected results:
MAC address should be from within the KubeMacPool range.


Additional info:
This may be the same issue as https://issues.redhat.com/browse/CNV-28940, but I wasn't sure it's the same so I filed this BZ anyway.
Comment 4 Yossi Segev 2023-07-18 10:38:26 UTC 
Verified on
CNV 4.14.0 (bundle v4.14.0.rhel9-1214)
virt-controller-rhel9:v4.14.0-330

Verified by following the same scenario from the bug description.
Comment 6 errata-xmlrpc 2023-11-08 14:05:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Virtualization 4.14.0 Images security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6817