Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1540846 - [egressip] The egressIP which assigned to project will still take effect after it has been removed
[egressip] The egressIP which assigned to project will still take effect afte...
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking (Show other bugs)
3.9.0
Unspecified Unspecified
medium Severity medium
: ---
: 3.9.0
Assigned To: Dan Winship
Meng Bo
:
Depends On:
Blocks: 1542591 1542593
  Show dependency treegraph
 
Reported: 2018-02-01 01:43 EST by Meng Bo
Modified: 2018-07-10 05:05 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: No Doc Update
Doc Text:
undefined
Story Points: ---
Clone Of:
: 1542591 1542593 (view as bug list)
Environment:
Last Closed: 2018-03-28 10:24:57 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
openflow_before_egressIP_added (3.20 KB, text/plain)
2018-02-01 01:45 EST, Meng Bo 		no flags Details
openflow_after_egressIP_added (4.01 KB, text/plain)
2018-02-01 01:47 EST, Meng Bo 		no flags Details
openflow_after_egressIP_removed_from_netnamespace (4.01 KB, text/plain)
2018-02-01 01:47 EST, Meng Bo 		no flags Details
openflow_after_egressIP_removed_from_hostsubnet (3.93 KB, text/plain)
2018-02-01 01:48 EST, Meng Bo 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Origin (Github) 18393 None None None 2018-02-01 12:17 EST
Red Hat Product Errata RHBA-2018:0489 None None None 2018-03-28 10:25 EDT

  None (edit)
Description Meng Bo 2018-02-01 01:43:39 EST 
Description of problem:
After removed the assigned egressIP to netnamespace, the pods in the project will still using the egressIP to reach the outside network. 

Version-Release number of selected component (if applicable):
v3.9.0-0.34.0
openvswitch 2.7.3

How reproducible:
always

Steps to Reproduce:
1. Setup multi node env
2. Create project and have pods in it
3. Add an egressIP to the hostsubnet of any node
4. Add the above egressIP to the project's netnamespace
5. Try to access outside from the pods
6. Remove the egressIP from the netnamespace
7. Try to access outside from the pods
8. Remove the egressIP from the hostsubnet
9. Try to access outside from the pods

Actual results:
5. The pods will reach outside with the egressIP as source IP.
7. The pods will still reach outside with the egressIP as source IP.
9. The pods will lose outside connection.

Expected results:
7. The pods should use the landed node IP as the source IP.
9. The pods should be able to access outside network.

Additional info:
Related openflow rules attached.

Pod info:
$ oc get po -o wide 
NAME            READY     STATUS    RESTARTS   AGE       IP             NODE
test-rc-6ck6c   1/1       Running   0          47m       10.128.0.38    ose-node1.bmeng.local
test-rc-dpns6   1/1       Running   0          47m       10.128.2.196   ose-node2.bmeng.local

Node info:
$ oc get po -o wide 
NAME            READY     STATUS    RESTARTS   AGE       IP             NODE
test-rc-6ck6c   1/1       Running   0          47m       10.128.0.38    ose-node1.bmeng.local
test-rc-dpns6   1/1       Running   0          47m       10.128.2.196   ose-node2.bmeng.local

Project info:
# oc get netnamespace 
NAME              NETID      EGRESS IPS
bmengpp           3031874    []
default           0          []
kube-public       13569059   []
kube-system       4330111    []
openshift         721723     []
openshift-infra   8764350    []
openshift-node    13969432   []

Egress IP is 10.66.140.100 for testing.
Comment 1 Meng Bo 2018-02-01 01:45 EST 
Created attachment 1389347 [details]
openflow_before_egressIP_added
Comment 2 Meng Bo 2018-02-01 01:47 EST 
Created attachment 1389348 [details]
openflow_after_egressIP_added
Comment 3 Meng Bo 2018-02-01 01:47 EST 
Created attachment 1389349 [details]
openflow_after_egressIP_removed_from_netnamespace
Comment 4 Meng Bo 2018-02-01 01:48 EST 
Created attachment 1389350 [details]
openflow_after_egressIP_removed_from_hostsubnet
Comment 5 Dan Winship 2018-02-01 12:17:07 EST 
https://github.com/openshift/origin/pull/18393
Comment 7 Meng Bo 2018-02-22 02:55:44 EST 
Checked on OCP v3.9.0-0.47.0

The egress IP will not take effect after it was removed from netnamespace.
Comment 10 errata-xmlrpc 2018-03-28 10:24:57 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0489
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.