In BZ#1800746, we fixed a race where both bootstrap and cluster provisioning infrastructure are online at the same time, but we used the wrong port for DHCPv6. RFC8415 says: Clients listen for DHCP messages on UDP port 546. Servers and relay agents listen for DHCP messages on UDP port 547. We need to add 547/udp to block any incoming requests.
[root@titan44 ~]# oc version Client Version: 4.5.0-202005291417-9933eb9 from the bootstrap during installation: [root@titan44 ~]# virsh list --all Id Name State ----------------------------------------------------- ...output omitted... 19 ocp-edge-cluster-0-rz8rb-bootstrap running ...output omitted... [core@localhost ~]$ sudo iptables -t raw -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination DHCP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 DHCP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:547 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DHCP (2 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 MAC 52:54:00:80:5B:65 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 MAC 52:54:00:3E:52:A3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 MAC 52:54:00:4F:6B:83 DROP all -- 0.0.0.0/0 0.0.0.0/0 [core@localhost ~]$
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409