Bug 1275953 - Pod in default/unisolated project cannot access service in other projects
Pod in default/unisolated project cannot access service in other projects
Product: OpenShift Origin
Classification: Red Hat
Component: Networking (Show other bugs)
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Dan Winship
Meng Bo
Depends On:
  Show dependency treegraph
Reported: 2015-10-28 03:52 EDT by Meng Bo
Modified: 2015-11-30 02:57 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-11-23 16:13:54 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Meng Bo 2015-10-28 03:52:09 EDT
Description of problem:
Create pods in default project, and create some other service/pods in user projects. Cannot access the services which point to the pod in same namespace from the pod in default project.

Version-Release number of selected component (if applicable):
openshift v1.0.6-997-gff3b522

How reproducible:

Steps to Reproduce:
1. Setup multi-node env
2. Create pod in default project

3. Create service with pod in user's project
$ oc login -u user1 -predhat
$ oc new-project u1p1 
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/networking/list_for_pods.json -n u1p1

4. Try to access the service in u1p1 from the pod in default project

Actual results:
Cannot access the service in other project from default project.

$ oc get svc -n u1p1
NAME           CLUSTER_IP       EXTERNAL_IP   PORT(S)     SELECTOR         AGE
test-service    <none>        27017/TCP   name=test-pods   26m
# oc rsh docker-registry-1-snqx6      # in default namespace
 curl --connect-timeout 1
 curl: (28) Connection timed out after 1000 milliseconds

Expected results:
Should be able to access the service in other project from the pod in default project.

Additional info:
openflow on the node:

# ovs-ofctl dump-flows br0 -O openflow13
OFPST_FLOW reply (OF1.3) (xid=0x2):
 cookie=0x0, duration=70.531s, table=0, n_packets=47, n_bytes=3678, actions=learn(table=8,hard_timeout=900,priority=200,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_NX_TUN_IPV4_SRC[]->NXM_NX_TUN_IPV4_DST[],output:NXM_OF_IN_PORT[]),goto_table:1
 cookie=0x0, duration=70.523s, table=1, n_packets=14, n_bytes=1116, actions=goto_table:3
 cookie=0x0, duration=70.524s, table=1, n_packets=20, n_bytes=1668, in_port=3 actions=goto_table:5
 cookie=0x0, duration=70.528s, table=1, n_packets=0, n_bytes=0, in_port=1 actions=goto_table:2
 cookie=0x0, duration=70.526s, table=1, n_packets=8, n_bytes=648, in_port=2 actions=goto_table:5
 cookie=0x0, duration=70.530s, table=1, n_packets=4, n_bytes=168, arp actions=goto_table:8
 cookie=0x0, duration=70.518s, table=2, n_packets=0, n_bytes=0, tun_id=0 actions=goto_table:5
 cookie=0x0, duration=70.520s, table=2, n_packets=0, n_bytes=0, priority=200,ip,nw_dst= actions=output:2
 cookie=0x0, duration=70.516s, table=2, n_packets=0, n_bytes=0, priority=100,ip,nw_dst= actions=move:NXM_NX_TUN_ID[0..31]->NXM_NX_REG0[],goto_table:6
 cookie=0x0, duration=70.521s, table=2, n_packets=0, n_bytes=0, arp actions=goto_table:8
 cookie=0x0, duration=40.783s, table=3, n_packets=0, n_bytes=0, priority=100,ip,in_port=5,nw_src= actions=load:0xc->NXM_NX_REG0[],goto_table:4
 cookie=0x0, duration=63.497s, table=3, n_packets=0, n_bytes=0, priority=100,ip,in_port=4,nw_src= actions=load:0->NXM_NX_REG0[],goto_table:4
 cookie=0x0, duration=70.513s, table=4, n_packets=0, n_bytes=0, priority=0 actions=goto_table:5
 cookie=0x0, duration=42.041s, table=4, n_packets=0, n_bytes=0, priority=200,tcp,reg0=0xc,nw_dst=,tp_dst=27017 actions=output:2
 cookie=0x0, duration=67.150s, table=4, n_packets=0, n_bytes=0, priority=200,tcp,nw_dst=,tp_dst=5000 actions=output:2
 cookie=0x0, duration=67.147s, table=4, n_packets=0, n_bytes=0, priority=200,tcp,nw_dst=,tp_dst=443 actions=output:2
 cookie=0x0, duration=70.514s, table=4, n_packets=0, n_bytes=0, priority=100,ip,nw_dst= actions=drop
 cookie=0x0, duration=70.511s, table=5, n_packets=0, n_bytes=0, priority=200,ip,nw_dst= actions=output:2
 cookie=0x0, duration=70.507s, table=5, n_packets=0, n_bytes=0, priority=100,ip,nw_dst= actions=goto_table:7
 cookie=0x0, duration=70.506s, table=5, n_packets=0, n_bytes=0, priority=0,ip actions=output:2
 cookie=0x0, duration=70.509s, table=5, n_packets=0, n_bytes=0, priority=150,ip,nw_dst= actions=goto_table:6
 cookie=0x0, duration=70.504s, table=6, n_packets=0, n_bytes=0, priority=200,ip,reg0=0 actions=goto_table:8
 cookie=0x0, duration=63.496s, table=6, n_packets=0, n_bytes=0, priority=150,ip,nw_dst= actions=output:4
 cookie=0x0, duration=40.782s, table=6, n_packets=0, n_bytes=0, priority=100,ip,reg0=0xc,nw_dst= actions=output:5
 cookie=0x0, duration=40.978s, table=8, n_packets=0, n_bytes=0, hard_timeout=900, priority=200,dl_dst=02:42:0a:01:02:03 actions=load:0->NXM_NX_TUN_IPV4_DST[],output:5
 cookie=0x0, duration=63.703s, table=8, n_packets=0, n_bytes=0, hard_timeout=900, priority=200,dl_dst=02:42:0a:01:02:02 actions=load:0->NXM_NX_TUN_IPV4_DST[],output:4
 cookie=0x0, duration=70.528s, table=8, n_packets=0, n_bytes=0, hard_timeout=900, priority=200,dl_dst=62:29:7d:dc:ec:15 actions=load:0->NXM_NX_TUN_IPV4_DST[],output:3
 cookie=0x0, duration=70.482s, table=8, n_packets=0, n_bytes=0, hard_timeout=900, priority=200,dl_dst=9e:a7:3f:d5:8e:07 actions=load:0->NXM_NX_TUN_IPV4_DST[],output:2
 cookie=0x0, duration=70.502s, table=8, n_packets=4, n_bytes=168, priority=0,arp actions=FLOOD
Comment 2 Meng Bo 2015-10-29 23:08:14 EDT
Checked on openshift v1.0.7-32-gd17e473, issue has been fixed. Close the bug.

Note You need to log in before you can comment on or make changes to this bug.