Bug 1275953 - Pod in default/unisolated project cannot access service in other projects
Summary: Pod in default/unisolated project cannot access service in other projects
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OKD
Classification: Red Hat
Component: Networking
Version: 3.x
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Dan Winship
QA Contact: Meng Bo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-10-28 07:52 UTC by Meng Bo
Modified: 2015-11-30 07:57 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-23 21:13:54 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Meng Bo 2015-10-28 07:52:09 UTC 
Description of problem:
Create pods in default project, and create some other service/pods in user projects. Cannot access the services which point to the pod in same namespace from the pod in default project.

Version-Release number of selected component (if applicable):
openshift v1.0.6-997-gff3b522

How reproducible:
always

Steps to Reproduce:
1. Setup multi-node env
2. Create pod in default project

3. Create service with pod in user's project
$ oc login -u user1 -predhat
$ oc new-project u1p1 
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/networking/list_for_pods.json -n u1p1

4. Try to access the service in u1p1 from the pod in default project


Actual results:
Cannot access the service in other project from default project.

$ oc get svc -n u1p1
NAME           CLUSTER_IP       EXTERNAL_IP   PORT(S)     SELECTOR         AGE
test-service   172.30.213.88    <none>        27017/TCP   name=test-pods   26m
# oc rsh docker-registry-1-snqx6      # in default namespace
 curl --connect-timeout 1 172.30.213.88:27017
 curl: (28) Connection timed out after 1000 milliseconds

Expected results:
Should be able to access the service in other project from the pod in default project.

Additional info:
openflow on the node:

# ovs-ofctl dump-flows br0 -O openflow13
OFPST_FLOW reply (OF1.3) (xid=0x2):
 cookie=0x0, duration=70.531s, table=0, n_packets=47, n_bytes=3678, actions=learn(table=8,hard_timeout=900,priority=200,NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:NXM_NX_TUN_IPV4_SRC[]->NXM_NX_TUN_IPV4_DST[],output:NXM_OF_IN_PORT[]),goto_table:1
 cookie=0x0, duration=70.523s, table=1, n_packets=14, n_bytes=1116, actions=goto_table:3
 cookie=0x0, duration=70.524s, table=1, n_packets=20, n_bytes=1668, in_port=3 actions=goto_table:5
 cookie=0x0, duration=70.528s, table=1, n_packets=0, n_bytes=0, in_port=1 actions=goto_table:2
 cookie=0x0, duration=70.526s, table=1, n_packets=8, n_bytes=648, in_port=2 actions=goto_table:5
 cookie=0x0, duration=70.530s, table=1, n_packets=4, n_bytes=168, arp actions=goto_table:8
 cookie=0x0, duration=70.518s, table=2, n_packets=0, n_bytes=0, tun_id=0 actions=goto_table:5
 cookie=0x0, duration=70.520s, table=2, n_packets=0, n_bytes=0, priority=200,ip,nw_dst=10.1.2.1 actions=output:2
 cookie=0x0, duration=70.516s, table=2, n_packets=0, n_bytes=0, priority=100,ip,nw_dst=10.1.2.0/24 actions=move:NXM_NX_TUN_ID[0..31]->NXM_NX_REG0[],goto_table:6
 cookie=0x0, duration=70.521s, table=2, n_packets=0, n_bytes=0, arp actions=goto_table:8
 cookie=0x0, duration=40.783s, table=3, n_packets=0, n_bytes=0, priority=100,ip,in_port=5,nw_src=10.1.2.3 actions=load:0xc->NXM_NX_REG0[],goto_table:4
 cookie=0x0, duration=63.497s, table=3, n_packets=0, n_bytes=0, priority=100,ip,in_port=4,nw_src=10.1.2.2 actions=load:0->NXM_NX_REG0[],goto_table:4
 cookie=0x0, duration=70.513s, table=4, n_packets=0, n_bytes=0, priority=0 actions=goto_table:5
 cookie=0x0, duration=42.041s, table=4, n_packets=0, n_bytes=0, priority=200,tcp,reg0=0xc,nw_dst=172.30.213.88,tp_dst=27017 actions=output:2
 cookie=0x0, duration=67.150s, table=4, n_packets=0, n_bytes=0, priority=200,tcp,nw_dst=172.30.153.143,tp_dst=5000 actions=output:2
 cookie=0x0, duration=67.147s, table=4, n_packets=0, n_bytes=0, priority=200,tcp,nw_dst=172.30.0.1,tp_dst=443 actions=output:2
 cookie=0x0, duration=70.514s, table=4, n_packets=0, n_bytes=0, priority=100,ip,nw_dst=172.30.0.0/16 actions=drop
 cookie=0x0, duration=70.511s, table=5, n_packets=0, n_bytes=0, priority=200,ip,nw_dst=10.1.2.1 actions=output:2
 cookie=0x0, duration=70.507s, table=5, n_packets=0, n_bytes=0, priority=100,ip,nw_dst=10.1.0.0/16 actions=goto_table:7
 cookie=0x0, duration=70.506s, table=5, n_packets=0, n_bytes=0, priority=0,ip actions=output:2
 cookie=0x0, duration=70.509s, table=5, n_packets=0, n_bytes=0, priority=150,ip,nw_dst=10.1.2.0/24 actions=goto_table:6
 cookie=0x0, duration=70.504s, table=6, n_packets=0, n_bytes=0, priority=200,ip,reg0=0 actions=goto_table:8
 cookie=0x0, duration=63.496s, table=6, n_packets=0, n_bytes=0, priority=150,ip,nw_dst=10.1.2.2 actions=output:4
 cookie=0x0, duration=40.782s, table=6, n_packets=0, n_bytes=0, priority=100,ip,reg0=0xc,nw_dst=10.1.2.3 actions=output:5
 cookie=0x0, duration=40.978s, table=8, n_packets=0, n_bytes=0, hard_timeout=900, priority=200,dl_dst=02:42:0a:01:02:03 actions=load:0->NXM_NX_TUN_IPV4_DST[],output:5
 cookie=0x0, duration=63.703s, table=8, n_packets=0, n_bytes=0, hard_timeout=900, priority=200,dl_dst=02:42:0a:01:02:02 actions=load:0->NXM_NX_TUN_IPV4_DST[],output:4
 cookie=0x0, duration=70.528s, table=8, n_packets=0, n_bytes=0, hard_timeout=900, priority=200,dl_dst=62:29:7d:dc:ec:15 actions=load:0->NXM_NX_TUN_IPV4_DST[],output:3
 cookie=0x0, duration=70.482s, table=8, n_packets=0, n_bytes=0, hard_timeout=900, priority=200,dl_dst=9e:a7:3f:d5:8e:07 actions=load:0->NXM_NX_TUN_IPV4_DST[],output:2
 cookie=0x0, duration=70.502s, table=8, n_packets=4, n_bytes=168, priority=0,arp actions=FLOOD
Comment 1 Dan Winship 2015-10-28 16:00:35 UTC 
https://github.com/openshift/openshift-sdn/pull/200
Comment 2 Meng Bo 2015-10-30 03:08:14 UTC 
Checked on openshift v1.0.7-32-gd17e473, issue has been fixed. Close the bug.
Note You need to log in before you can comment on or make changes to this bug.