Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1854244

Summary: Ingress/Egress OVN hybrid-overlay integration with F5 BIG-IP doesn't work after upgrading from 4.4.7 to 4.5.0-rc.5
Product: OpenShift Container Platform Reporter: Ben Bennett <bbennett>
Component: NetworkingAssignee: Ben Bennett <bbennett>
Networking sub component: ovn-kubernetes QA Contact: Yurii Prokulevych <yprokule>
Status: CLOSED ERRATA Docs Contact:
Severity: urgent    
Priority: urgent CC: achernet, anusaxen, bbennett, ealcaniz, fsimonce, kholtz, ricarril, syangsao, yprokule
Version: 4.5Keywords: TestBlocker
Target Milestone: ---   
Target Release: 4.5.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1854192 Environment:
Last Closed: 2020-08-10 13:50:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1854192    
Bug Blocks:    

Comment 1 Ricardo Carrillo Cruz 2020-07-09 14:27:46 UTC 
I was pointed about https://github.com/openshift/cluster-network-operator/pull/697 .
This prevents from doing upgrades, as the hybrid overlay is not executed.

Need to monitor the PR, per Dan Williams this will only land for 4.5.1 .
Comment 2 Ricardo Carrillo Cruz 2020-07-15 17:00:08 UTC 
Fix landed on 4.5.2 and performed an upgrade to make sure it works:

[ricky@localhost openshift-installer]$ oc get clusterversion
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.4.13    True        True          46m     Working towards 4.5.2: 87% complete
[ricky@localhost openshift-installer]$ oc get clusterversion
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.5.2     True        False         7m54s   Cluster version is 4.5.2
[ricky@localhost openshift-installer]$ oc -n openshift-ovn-kubernetes rsh -c ovnkube-node ovnkube-node-d8zqc ovs-ofctl dump-flows br-ext  | head -n10
 cookie=0x0, duration=16.513s, table=0, n_packets=0, n_bytes=0, priority=100,arp,in_port=ext,arp_tpa=10.130.0.3,arp_op=1 actions=move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:0a:58:0a:82:00:03,load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0xa580a820003->NXM_NX_ARP_SHA[],load:0xa820003->NXM_OF_ARP_SPA[],IN_PORT,resubmit(,1)
 cookie=0x0, duration=1466.149s, table=0, n_packets=0, n_bytes=0, priority=100,ip,in_port="ext-vxlan",dl_dst=0a:58:0a:82:00:03,nw_dst=10.130.0.0/23 actions=resubmit(,10)
 cookie=0x0, duration=1466.149s, table=0, n_packets=0, n_bytes=0, priority=10,arp,in_port="ext-vxlan",arp_tpa=10.130.0.0/23,arp_op=1 actions=resubmit(,2)
 cookie=0x0, duration=1466.149s, table=0, n_packets=2, n_bytes=240, priority=0 actions=drop
 cookie=0x0, duration=1466.149s, table=1, n_packets=0, n_bytes=0, priority=0 actions=drop
 cookie=0x0, duration=16.513s, table=2, n_packets=0, n_bytes=0, priority=100,arp,in_port="ext-vxlan",arp_tpa=10.130.0.0/23,arp_op=1 actions=move:NXM_NX_TUN_IPV4_SRC[]->NXM_NX_TUN_IPV4_DST[],load:0x1001->NXM_NX_TUN_ID[0..31],move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],mod_dl_src:0a:58:0a:82:00:03,load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],load:0xa580a820003->NXM_NX_ARP_SHA[],move:NXM_OF_ARP_TPA[]->NXM_NX_REG0[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],move:NXM_NX_REG0[]->NXM_OF_ARP_SPA[],IN_PORT
 cookie=0x0, duration=1466.149s, table=2, n_packets=0, n_bytes=0, priority=0 actions=drop
 cookie=0xa820008, duration=1465.979s, table=10, n_packets=0, n_bytes=0, priority=100,ip,nw_dst=10.130.0.8 actions=mod_dl_src:0a:58:0a:82:00:03,mod_dl_dst:ea:58:76:82:00:09,output:ext
 cookie=0xa820004, duration=1465.979s, table=10, n_packets=0, n_bytes=0, priority=100,ip,nw_dst=10.130.0.4 actions=mod_dl_src:0a:58:0a:82:00:03,mod_dl_dst:ea:58:76:82:00:05,output:ext
 cookie=0xa820006, duration=1465.706s, table=10, n_packets=0, n_bytes=0, priority=100,ip,nw_dst=10.130.0.6 actions=mod_dl_src:0a:58:0a:82:00:03,mod_dl_dst:ea:58:76:82:00:07,output:ext
Comment 7 Ricardo Carrillo Cruz 2020-07-17 14:53:07 UTC 
I'd say it's fixed.

The bug description was about br-ext not having any flows after upgrade, which was caused by a broken daemonset script that didn't run hybrid overlay options.
I verified the flows are there after upgrade now (fix is on 4.5.2), but I think Yurii wanted to do more testing on F5 to verify the traffic was going out.
Comment 11 Ricardo Carrillo Cruz 2020-08-03 11:49:59 UTC 
Unassigning as I'm on long vacation.
Comment 13 errata-xmlrpc 2020-08-10 13:50:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.5.5 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3188
Comment 14 Red Hat Bugzilla 2023-09-14 06:03:31 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days