Description of problem: Comparing SDN egress router testing, in OVN cluster the pod accessing external systems does not using egressrouter macvlan ip address as a source ip. Below are steps for testing on both OVN and SDN cluster, the SDN's tcpdump show the correct macvlan's ip as outgoing source IP. Version-Release number of selected component (if applicable): 4.7.0-0.nightly-2021-01-05-055003 How reproducible: Always Steps to Reproduce: #### OVN cluster export nodename=weliang-151-xffw2-compute-0 oc label node $nodename app=ovn-egressrouter-redirect oc new-project test-ovn-egressrouter-redirect oc debug node/$nodename # To find a ip which not used in the same subnet and gateway IP # Create NAD and replace above ip and gateway curl -s https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/EgressRouter/ovn-egressrouter-redirect-NAD.yaml | sed s/10.200.16.0/10.0.99.157/g | sed s/192.168.10.200/10.0.99.254/g | sed s/10.100.3.0/172.217.15.78/g | oc create -f - # Create egressrouter pod oc create -f https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/EgressRouter/ovn-egressrouter-redirect-pod.yaml # Create test pods oc create -f https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/FC/fc-test-pod.yaml # Curl ovn-egressrouter-redirect-pod's IP oc exec test-pod-6fd76b45f5-bctwm -- curl 10.131.0.27:80 # Capture the outgoing traffic in $nodename to find out if the src ip is egressrouter macvlan0's ip oc debug node/$nodename tcpdump -i br-ex src host 10.0.99.157 -vvv -n #### SDN cluster export nodename=weliang152-94pvw-compute-0 oc label node $nodename app=egressrouter oc new-project test-sdn-egressrouter-redirect oc debug node/$nodename # To find a ip which not used in the samesubnet and gateway IP # Create egressrouter pod and replace above ip and gateway curl -s https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/EgressRouter/egress-redirect-pod.yaml | sed s/172.31.249.212/10.0.97.48/g | sed s/172.31.248.1/10.0.99.254/g | sed s/216.58.217.46/172.217.15.78/g| oc create -f - # Create test pods # Create test pods oc create -f https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/FC/fc-test-pod.yaml # Curl egressrouter-redirect-pod's IP oc exec test-pod-6fd76b45f5-b4ff8 -- curl 10.128.2.39:80 # Capture the outgoing traffic in $nodename to find out if the src ip is egressrouter macvlan0's ip oc debug node/$nodename tcpdump -i ens3 src host 10.0.97.48 -vvv -n tcpdump: listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes 16:18:55.125830 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.99.254 tell 10.0.97.48, length 28 16:18:56.184631 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.99.254 tell 10.0.97.48, length 28 16:18:57.208612 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.99.254 tell 10.0.97.48, length 28 Actual results: tcpdump -i br-ex src host 10.0.99.157 -vvv -n Expected results: tcpdump -i br-ex src host 10.0.99.157 -vvv -n show ARP request traffic use 10.0.99.157 as source IP Additional info: OVN cluster kubeconfig:https://mastern-jenkins-csb-openshift-qe.cloud.paas.psi.redhat.com/job/Launch%20Environment%20Flexy/129680/artifact/workdir/install-dir/auth/kubeconfig/*view*/ SDN cluster kubeconfig: https://mastern-jenkins-csb-openshift-qe.cloud.paas.psi.redhat.com/job/Launch%20Environment%20Flexy/129681/artifact/workdir/install-dir/auth/kubeconfig/*view*/
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633