Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1609112

Summary: [EehJwaEa] Should clean the un-used egressIP when it was not being taken for a while
Product: OpenShift Container Platform Reporter: Meng Bo <bmeng>
Component: NetworkingAssignee: Dan Winship <danw>
Status: CLOSED ERRATA QA Contact: Meng Bo <bmeng>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.11.0CC: aos-bugs, cdc, danw
Target Milestone: ---   
Target Release: 3.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-11 07:22:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Meng Bo 2018-07-27 03:16:12 UTC 
Description of problem:
When a netnamespace uses a egressIP which is in the egressCIDRs range defined on the node. It will add the egressIP to the hostsubnet array. But it will never be removed. This will make the array have a lot of values which are not being used.

Version-Release number of selected component (if applicable):
v3.10.0-0.9.0

How reproducible:
always

Steps to Reproduce:
1. Setup ocp cluster with multitenant or networkpolicy plugin

2. Set the egressCIDRs range to any of the node
# oc patch hostsubnet node1 -p '{"egressCIDRs":["10.66.140.0/23"]}'

3. Create a project via user

4. Update the netnamespace's egressIP via loop
# for i in `seq 1 20` ; do oc patch netnamespace u1p1 -p "{\"egressIPs\":[\"10.66.140.$i\"]}" ; done

5. Check the egressIPs value on the hostsubnet after a few minutes


Actual results:
It will a large list of egressIPs which are not being used.

[root@ocp311-master ~]# oc get hostsubnet
NAME                        HOST                        HOST IP        SUBNET          EGRESS IPS
ocp311-master.bmeng.local   ocp311-master.bmeng.local   10.66.140.72   10.128.0.0/25   []
ocp311-node.bmeng.local     ocp311-node.bmeng.local     10.66.140.77   10.128.1.0/25   [10.66.140.20, 10.66.140.101, 10.66.140.200, 10.66.140.2, 10.66.140.5, 10.66.140.8, 10.66.140.9, 10.66.140.16, 10.66.140.18, 10.66.140.19, 10.66.140.100, 10.66.140.23, 10.66.140.1, 10.66.141.255, 10.66.140.4, 10.66.140.7, 10.66.140.11, 10.66.140.12, 10.66.140.77, 10.66.140.3, 10.66.140.6, 10.66.140.10, 10.66.140.13, 10.66.140.14, 10.66.140.15, 10.66.140.17]



Expected results:
Should clear the un-used egressIPs right after the egressIP being unset or in a fixed period.


Additional info:
Comment 1 Dan Winship 2018-07-31 14:43:43 UTC 
(In reply to Meng Bo from comment #0)
> Version-Release number of selected component (if applicable):
> v3.10.0-0.9.0

3.10 doesn't have EgressCIDR support...
Comment 2 Meng Bo 2018-08-01 02:29:14 UTC 
(In reply to Dan Winship from comment #1)
> (In reply to Meng Bo from comment #0)
> > Version-Release number of selected component (if applicable):
> > v3.10.0-0.9.0
> 
> 3.10 doesn't have EgressCIDR support...

Oh, sorry, it is a typo, should be 3.11.0-0.9.0
Comment 3 Dan Winship 2018-08-01 14:22:01 UTC 
https://github.com/openshift/origin/pull/20500
Comment 4 Meng Bo 2018-08-20 09:11:57 UTC 
PR has been merged in v3.11.0-0.15.0, move to ON_QA
Comment 5 Meng Bo 2018-08-21 11:14:48 UTC 
Tested on v3.11.0-0.17.0

The egressIP on node will be cleaned when the value is updated on the netnamespace.
But when clear the array from the netnamespace, it will still leave the last used IP in the hostsubnet.

[root@ocp311-master ~]# oc get hostsubnet
NAME                        HOST                        HOST IP        SUBNET          EGRESS IPS
ocp311-master.bmeng.local   ocp311-master.bmeng.local   10.66.140.72   10.128.0.0/25   []
ocp311-node.bmeng.local     ocp311-node.bmeng.local     10.66.140.77   10.128.1.0/25   [10.66.140.200]
[root@ocp311-master ~]# oc patch netnamespace bmengpp -p '{"egressIPs":["10.66.140.201"]}'
netnamespace.network.openshift.io/bmengpp patched
[root@ocp311-master ~]# oc get hostsubnet
NAME                        HOST                        HOST IP        SUBNET          EGRESS IPS
ocp311-master.bmeng.local   ocp311-master.bmeng.local   10.66.140.72   10.128.0.0/25   []
ocp311-node.bmeng.local     ocp311-node.bmeng.local     10.66.140.77   10.128.1.0/25   [10.66.140.201]
[root@ocp311-master ~]# oc patch netnamespace bmengpp -p '{"egressIPs":[]}'
netnamespace.network.openshift.io/bmengpp patched
[root@ocp311-master ~]# oc get hostsubnet
NAME                        HOST                        HOST IP        SUBNET          EGRESS IPS
ocp311-master.bmeng.local   ocp311-master.bmeng.local   10.66.140.72   10.128.0.0/25   []
ocp311-node.bmeng.local     ocp311-node.bmeng.local     10.66.140.77   10.128.1.0/25   [10.66.140.201]
Comment 6 Dan Winship 2018-08-21 17:16:54 UTC 
https://github.com/openshift/origin/pull/20718
Comment 8 Meng Bo 2018-09-12 08:40:23 UTC 
Tested on v3.11.0-0.32.0

Issue has been fixed.
Comment 10 errata-xmlrpc 2018-10-11 07:22:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2652