Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1542591

Summary: [3.8] [egressip] The egressIP which assigned to project will still take effect after it has been removed
Product: OpenShift Container Platform Reporter: Dan Winship <danw>
Component: NetworkingAssignee: Ben Bennett <bbennett>
Status: CLOSED NOTABUG QA Contact: Meng Bo <bmeng>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.8.0CC: aos-bugs, bbennett, bmeng
Target Milestone: ---   
Target Release: 3.8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1540846 Environment:
Last Closed: 2018-02-06 16:04:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1540846    
Bug Blocks:    

Description Dan Winship 2018-02-06 15:56:46 UTC 
+++ This bug was initially created as a clone of Bug #1540846 +++

Description of problem:
After removed the assigned egressIP to netnamespace, the pods in the project will still using the egressIP to reach the outside network. 

Version-Release number of selected component (if applicable):
v3.9.0-0.34.0
openvswitch 2.7.3

How reproducible:
always

Steps to Reproduce:
1. Setup multi node env
2. Create project and have pods in it
3. Add an egressIP to the hostsubnet of any node
4. Add the above egressIP to the project's netnamespace
5. Try to access outside from the pods
6. Remove the egressIP from the netnamespace
7. Try to access outside from the pods
8. Remove the egressIP from the hostsubnet
9. Try to access outside from the pods

Actual results:
5. The pods will reach outside with the egressIP as source IP.
7. The pods will still reach outside with the egressIP as source IP.
9. The pods will lose outside connection.

Expected results:
7. The pods should use the landed node IP as the source IP.
9. The pods should be able to access outside network.

Additional info:
Related openflow rules attached.

Pod info:
$ oc get po -o wide 
NAME            READY     STATUS    RESTARTS   AGE       IP             NODE
test-rc-6ck6c   1/1       Running   0          47m       10.128.0.38    ose-node1.bmeng.local
test-rc-dpns6   1/1       Running   0          47m       10.128.2.196   ose-node2.bmeng.local

Node info:
$ oc get po -o wide 
NAME            READY     STATUS    RESTARTS   AGE       IP             NODE
test-rc-6ck6c   1/1       Running   0          47m       10.128.0.38    ose-node1.bmeng.local
test-rc-dpns6   1/1       Running   0          47m       10.128.2.196   ose-node2.bmeng.local

Project info:
# oc get netnamespace 
NAME              NETID      EGRESS IPS
bmengpp           3031874    []
default           0          []
kube-public       13569059   []
kube-system       4330111    []
openshift         721723     []
openshift-infra   8764350    []
openshift-node    13969432   []

Egress IP is 10.66.140.100 for testing.

--- Additional comment from Meng Bo on 2018-02-01 01:45 EST ---



--- Additional comment from Meng Bo on 2018-02-01 01:47 EST ---



--- Additional comment from Meng Bo on 2018-02-01 01:47 EST ---



--- Additional comment from Meng Bo on 2018-02-01 01:48 EST ---



--- Additional comment from Dan Winship on 2018-02-01 12:17:07 EST ---

https://github.com/openshift/origin/pull/18393
Comment 1 Dan Winship 2018-02-06 16:04:58 UTC 
nm, but didn't exist in 3.8