Bug 1570396 - [3.7] openshift-sdn partially deletes openflow rules leading to "no route to host" for service
Summary: [3.7] openshift-sdn partially deletes openflow rules leading to "no route to ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.7.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 3.7.z
Assignee: Dan Winship
QA Contact: Meng Bo
URL:
Whiteboard:
Depends On: 1538220
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-22 14:47 UTC by Dan Winship
Modified: 2018-05-18 03:55 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Incorrect management of OVS flows Consequence: If two nodes rebooted and swapped IP addresses when they came back up, then other nodes might become unable to send traffic to pods on one or both of those nodes. Fix: The code that manages OVS flows is now more careful to make the correct changes in cases of node IP reassignment. Result: Pod-to-pod traffic should continue to work correctly even after nodes swap IP addresses.
Clone Of: 1570394
Environment:
Last Closed: 2018-05-18 03:54:45 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Github ose/pull/1217 0 None None None 2020-05-22 14:05:36 UTC
Red Hat Product Errata RHBA-2018:1576 0 None None None 2018-05-18 03:55:08 UTC

Comment 1 Dan Winship 2018-04-22 14:53:12 UTC 
https://github.com/openshift/ose/pull/1217
Comment 3 Hongan Li 2018-05-11 06:49:54 UTC 
Verified in atomic-openshift-3.7.46-1.git.0.e81594b.el7 and random cookies has been added for nodes in ovs flow.


OFPST_FLOW reply (OF1.3) (xid=0x2):
 cookie=0xa1d89d17, duration=83932.589s, table=10, n_packets=24326, n_bytes=23255513, priority=100,tun_src=172.16.120.136 actions=goto_table:30
 cookie=0xe581c7d4, duration=83932.501s, table=10, n_packets=119867, n_bytes=35108396, priority=100,tun_src=172.16.120.102 actions=goto_table:30
 cookie=0x2a7ca44e, duration=83932.464s, table=10, n_packets=37997, n_bytes=41078771, priority=100,tun_src=172.16.120.108 actions=goto_table:30
 cookie=0xa1d89d17, duration=83932.562s, table=50, n_packets=4676, n_bytes=196392, priority=100,arp,arp_tpa=10.128.0.0/23 actions=move:NXM_NX_REG0[]->NXM_NX_TUN_ID[0..31],set_field:172.16.120.136->tun_dst,output:1
 cookie=0xe581c7d4, duration=83932.492s, table=50, n_packets=11587, n_bytes=486654, priority=100,arp,arp_tpa=10.129.0.0/23 actions=move:NXM_NX_REG0[]->NXM_NX_TUN_ID[0..31],set_field:172.16.120.102->tun_dst,output:1
 cookie=0x2a7ca44e, duration=83932.453s, table=50, n_packets=5642, n_bytes=236964, priority=100,arp,arp_tpa=10.131.0.0/23 actions=move:NXM_NX_REG0[]->NXM_NX_TUN_ID[0..31],set_field:172.16.120.108->tun_dst,output:1
 cookie=0xa1d89d17, duration=83932.536s, table=90, n_packets=18181, n_bytes=41911917, priority=100,ip,nw_dst=10.128.0.0/23 actions=move:NXM_NX_REG0[]->NXM_NX_TUN_ID[0..31],set_field:172.16.120.136->tun_dst,output:1
 cookie=0xe581c7d4, duration=83932.482s, table=90, n_packets=104534, n_bytes=7913749, priority=100,ip,nw_dst=10.129.0.0/23 actions=move:NXM_NX_REG0[]->NXM_NX_TUN_ID[0..31],set_field:172.16.120.102->tun_dst,output:1
 cookie=0x2a7ca44e, duration=83932.445s, table=90, n_packets=34297, n_bytes=91840610, priority=100,ip,nw_dst=10.131.0.0/23 actions=move:NXM_NX_REG0[]->NXM_NX_TUN_ID[0..31],set_field:172.16.120.108->tun_dst,output:1

OS: Red Hat Enterprise Linux Server release 7.5 (Maipo)
kernel: Linux host-172-16-120-76 3.10.0-862.2.3.el7.x86_64 #1 SMP Mon Apr 30 12:37:51 EDT 2018 x86_64 x86_64 x86_64 GNU/Linux
Comment 6 errata-xmlrpc 2018-05-18 03:54:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1576
Note You need to log in before you can comment on or make changes to this bug.