1890270 – External IP doesn't work if the IP address is not assigned to a node

Bug 1890270 - External IP doesn't work if the IP address is not assigned to a node

Summary: External IP doesn't work if the IP address is not assigned to a node

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	4.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	4.7.0
Assignee:	Tim Rozet
QA Contact:	Weibin Liang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1890274
TreeView+	depends on / blocked

Reported:	2020-10-21 19:19 UTC by Tim Rozet
Modified:	2021-02-24 15:28 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: External IP services had incorrect routes created for OVN-Kubernetes on nodes where the External IP was not configured. Consequence: Sending traffic to nodes destined towards an External IP would not function if the node was not physically configured with the External IP. Fix: Nodes that do not have the external IP configured on them, now get proper routes added to ensure the traffic goes to OVN where it will be DNAT'ed towards the proper service endpoint. Result: External IP functions as specified by Kubernetes.
Clone Of:
Clones:	1890274 (view as bug list)
Environment:
Last Closed:	2021-02-24 15:27:41 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift ovn-kubernetes pull 317	None	closed	Bug 1888827: 11-13-2020 merge	2021-02-17 23:39:41 UTC
Github	ovn-org ovn-kubernetes pull 1772	None	closed	Fixes External IP with local gateway mode	2021-02-17 23:39:40 UTC
Red Hat Product Errata	RHSA-2020:5633	None	None	None	2021-02-24 15:28:13 UTC

Description Tim Rozet 2020-10-21 19:19:40 UTC

Description of problem:
With external IP the address may not live on any node. In this case when the packet arrives at any master/worker node (with the destination address of the external IP) it should be routed into OVN. This is currently broken and the route that gets injected into the host is incorrect.

Comment 2 Anurag saxena 2020-11-17 15:06:59 UTC

@weliang Can you help looking at it? Thanks

Comment 3 Weibin Liang 2020-11-20 20:59:54 UTC

Tested and verified in 4.7.0-0.nightly-2020-11-18-203317

[root@weliang24-r2gd5-lb ~]# ip route
default via 10.0.99.254 dev eth0 proto dhcp metric 100 
10.0.96.0/22 dev eth0 proto kernel scope link src 10.0.96.54 metric 100 
10.1.1.1 via 10.0.96.192 dev eth0 
169.254.169.254 via 10.0.96.161 dev eth0 proto dhcp metric 100 
[root@weliang24-r2gd5-lb ~]# curl -k 10.1.1.1:27018
externalip-pod
[root@weliang24-r2gd5-lb ~]#

Comment 6 errata-xmlrpc 2021-02-24 15:27:41 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633

Note You need to log in before you can comment on or make changes to this bug.