Bug 1898616 - Whereabouts should exclude IPv6 ranges
Summary: Whereabouts should exclude IPv6 ranges
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.6
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.6.z
Assignee: Douglas Smith
QA Contact: Weibin Liang
Whiteboard: Telco
: 1913062 (view as bug list)
Depends On: 1898613
Blocks: 1898618
TreeView+ depends on / blocked
Reported: 2020-11-17 16:29 UTC by Douglas Smith
Modified: 2021-11-16 22:00 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of: 1898613
: 1898618 (view as bug list)
Last Closed: 2021-10-13 07:30:45 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift whereabouts-cni pull 37 0 None open Bug 1898616: Excluded subnet handling for ipv6 [backport 4.6] 2021-03-03 07:19:53 UTC
Red Hat Product Errata RHBA-2021:3737 0 None None None 2021-10-13 07:31:07 UTC

Description Douglas Smith 2020-11-17 16:29:28 UTC
+++ This bug was initially created as a clone of Bug #1898613 +++

Description of problem: Whereabouts doesn't exclude IPv6 ranges, see: https://github.com/dougbtv/whereabouts/issues/71

How reproducible: Always

Steps to Reproduce:

Use a range like:
  "ipam": {
   "type": "whereabouts",
   "range": "caa5::0/112",
   "exclude": ["caa5::0/113"]

Actual results: IP addresses are `caa5::1, caa5::2, etc...`

Expected results: First address should be `caa5::8000`

Additional info: Upstream PR @ https://github.com/dougbtv/whereabouts/pull/74 master PR @ https://github.com/openshift/whereabouts-cni/pull/36

--- Additional comment from Douglas Smith on 2020-11-17 16:26:28 UTC ---

This has been modified and merged into master @ https://github.com/openshift/whereabouts-cni/pull/36, thanks Weibin for taking a look.

Comment 2 Douglas Smith 2021-01-06 21:33:58 UTC
*** Bug 1913062 has been marked as a duplicate of this bug. ***

Comment 6 Weibin Liang 2021-03-22 15:23:09 UTC
https://github.com/openshift/whereabouts-cni/pull/37 merged 5 day ago

Verification fail in 4.6.0-0.nightly-2021-03-21-131139

Will re test it at the end of this week.

Comment 7 Weibin Liang 2021-03-25 15:35:53 UTC
Tested and verified in 4.7.0-0.nightly-2021-03-25-091845

Comment 8 Weibin Liang 2021-03-25 15:42:04 UTC
Test passed in 4.7.0-0.nightly-2021-03-25-091845,
but still failed in 4.6.0-0.nightly-2021-03-25-094616, first address is not `caa5::8000`

[weliang@weliang Config]$ oc describe pod | grep caa5
  Normal  AddedInterface  15s   multus             Add net1 [caa5::8001/112] from test/whereabouts-excludeipv6
  Normal  AddedInterface  14s   multus             Add net1 [caa5::8002/112] from test/whereabouts-excludeipv6
  Normal  AddedInterface  14s   multus             Add net1 [caa5::8003/112] from test/whereabouts-excludeipv6
  Normal  AddedInterface  13s   multus             Add net1 [caa5::8005/112] from test/whereabouts-excludeipv6
  Normal  AddedInterface  14s   multus             Add net1 [caa5::8004/112] from test/whereabouts-excludeipv6
[weliang@weliang Config]$

Comment 12 Eduardo Minguez 2021-06-10 10:50:17 UTC
I've deployed a fresh 4.6.31, then:

* Edited the cluster network to add an additional network:

  - name: test-network-1
    namespace: test-1
    rawCNIConfig: '{ "cniVersion": "0.3.1", "name": "test-network-1", "type": "ipvlan", "master": "ens5", "mode": "l2", "ipam": { "type": "whereabouts", "range": "caa5::0/112", "exclude": ["caa5::0/113"] } }'
    type: Raw

* Created the 'test-1' project

oc new-project test-1

* Created a hello-openshift pod as:

apiVersion: v1
kind: Pod
    k8s.v1.cni.cncf.io/networks: test-network-1
    name: hello-openshift
  name: hello-openshift
  namespace: test-1
  - image: openshift/hello-openshift
    imagePullPolicy: IfNotPresent
    name: hello-openshift
    - containerPort: 8080
      protocol: TCP
    - mountPath: /tmp
      name: tmp
  - emptyDir: {}
    name: tmp

* The describe seems to show the proper IPs:

$ oc describe pod hello-openshift 
Name:         hello-openshift
Namespace:    test-1
Priority:     0
Node:         ip-10-0-176-175.eu-west-3.compute.internal/
Start Time:   Thu, 10 Jun 2021 10:42:58 +0000
Labels:       name=hello-openshift
Annotations:  k8s.v1.cni.cncf.io/network-status:
                    "name": "",
                    "interface": "eth0",
                    "ips": [
                    "default": true,
                    "dns": {}
                    "name": "test-1/test-network-1",
                    "interface": "net1",
                    "ips": [
                    "mac": "0a:a5:48:ad:9a:88",
                    "dns": {}
              k8s.v1.cni.cncf.io/networks: test-network-1
                    "name": "",
                    "interface": "eth0",
                    "ips": [
                    "default": true,
                    "dns": {}
                    "name": "test-1/test-network-1",
                    "interface": "net1",
                    "ips": [
                    "mac": "0a:a5:48:ad:9a:88",
                    "dns": {}
              openshift.io/scc: anyuid
Status:       Running
    Container ID:   cri-o://d7116eb428e06988e814bffef6a261672881e7ebf65f726921a79c9451df7a32
    Image:          openshift/hello-openshift
    Image ID:       docker.io/openshift/hello-openshift@sha256:aaea76ff622d2f8bcb32e538e7b3cd0ef6d291953f3e7c9f556c1ba5baf47e2e
    Port:           8080/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Thu, 10 Jun 2021 10:43:00 +0000
    Ready:          True
    Restart Count:  0
    Environment:    <none>
      /tmp from tmp (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-4ktzq (ro)
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    SizeLimit:  <unset>
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-4ktzq
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                 node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
  Type    Reason          Age    From               Message
  ----    ------          ----   ----               -------
  Normal  Scheduled       5m47s  default-scheduler  Successfully assigned test-1/hello-openshift to ip-10-0-176-175.eu-west-3.compute.internal
  Normal  AddedInterface  5m46s  multus             Add eth0 []
  Normal  AddedInterface  5m46s  multus             Add net1 [caa5::8000/112] from test-1/test-network-1
  Normal  Pulled          5m46s  kubelet            Container image "openshift/hello-openshift" already present on machine
  Normal  Created         5m46s  kubelet            Created container hello-openshift
  Normal  Started         5m46s  kubelet            Started container hello-openshift

Comment 13 Douglas Smith 2021-06-29 15:20:15 UTC
That looks verified to me, thanks Edwardo!

Comment 14 Eduardo Minguez 2021-06-30 10:03:43 UTC
(In reply to Douglas Smith from comment #13)
> That looks verified to me, thanks Edwardo!


Anything else I can do to move forward the BZ? Thanks.

Comment 20 errata-xmlrpc 2021-10-13 07:30:45 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6.47 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.