Bug 1913011 - [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip
Summary: [OVN] Pod's external traffic not use egressrouter macvlan ip as a source ip
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.8
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.7.0
Assignee: Daniel Mellado
QA Contact: Anurag saxena
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-01-05 18:45 UTC by Weibin Liang
Modified: 2021-02-24 15:50 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-02-24 15:50:15 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift egress-router-cni pull 27 0 None open Bug 1913011: Add default route through macvlan interface 2021-02-01 18:24:32 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:50:37 UTC

Description Weibin Liang 2021-01-05 18:45:45 UTC
Description of problem:
Comparing SDN egress router testing, in OVN cluster the pod accessing external systems does not using egressrouter macvlan ip address as a source ip.
Below are steps for testing on both OVN and SDN cluster, the SDN's tcpdump show the correct macvlan's ip as outgoing source IP.


Version-Release number of selected component (if applicable):
4.7.0-0.nightly-2021-01-05-055003

How reproducible:
Always

Steps to Reproduce:

#### OVN cluster
export nodename=weliang-151-xffw2-compute-0
oc label node $nodename app=ovn-egressrouter-redirect
oc new-project test-ovn-egressrouter-redirect
oc debug node/$nodename # To find a ip which not used in the same subnet and gateway IP
# Create NAD and replace above ip and gateway 
curl -s https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/EgressRouter/ovn-egressrouter-redirect-NAD.yaml | sed s/10.200.16.0/10.0.99.157/g  | sed s/192.168.10.200/10.0.99.254/g | sed s/10.100.3.0/172.217.15.78/g | oc create -f - 
# Create egressrouter pod
oc create -f  https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/EgressRouter/ovn-egressrouter-redirect-pod.yaml 
# Create test pods
oc create -f https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/FC/fc-test-pod.yaml
# Curl ovn-egressrouter-redirect-pod's IP
oc exec test-pod-6fd76b45f5-bctwm -- curl 10.131.0.27:80
# Capture the outgoing traffic in $nodename to find out if the src ip is egressrouter macvlan0's ip
oc debug node/$nodename
tcpdump -i br-ex src host 10.0.99.157 -vvv -n



#### SDN cluster
export nodename=weliang152-94pvw-compute-0
oc label node $nodename app=egressrouter
oc new-project test-sdn-egressrouter-redirect
oc debug node/$nodename # To find a ip which not used in the samesubnet and gateway IP
# Create egressrouter pod and replace above ip and gateway 
curl -s https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/EgressRouter/egress-redirect-pod.yaml | sed s/172.31.249.212/10.0.97.48/g  | sed s/172.31.248.1/10.0.99.254/g  | sed s/216.58.217.46/172.217.15.78/g|  oc create -f - # Create test pods
# Create test pods
oc create -f https://raw.githubusercontent.com/weliang1/Openshift_Networking/master/Features/FC/fc-test-pod.yaml
# Curl egressrouter-redirect-pod's IP
oc exec test-pod-6fd76b45f5-b4ff8 -- curl 10.128.2.39:80
# Capture the outgoing traffic in $nodename to find out if the src ip is egressrouter macvlan0's ip
oc debug node/$nodename
tcpdump -i ens3 src host 10.0.97.48 -vvv -n
tcpdump: listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
16:18:55.125830 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.99.254 tell 10.0.97.48, length 28
16:18:56.184631 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.99.254 tell 10.0.97.48, length 28
16:18:57.208612 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.99.254 tell 10.0.97.48, length 28

Actual results:
tcpdump -i br-ex src host 10.0.99.157 -vvv -n

Expected results:
tcpdump -i br-ex src host 10.0.99.157 -vvv -n
show ARP request traffic use 10.0.99.157 as source IP

Additional info:
OVN cluster kubeconfig:https://mastern-jenkins-csb-openshift-qe.cloud.paas.psi.redhat.com/job/Launch%20Environment%20Flexy/129680/artifact/workdir/install-dir/auth/kubeconfig/*view*/

SDN cluster kubeconfig: https://mastern-jenkins-csb-openshift-qe.cloud.paas.psi.redhat.com/job/Launch%20Environment%20Flexy/129681/artifact/workdir/install-dir/auth/kubeconfig/*view*/

Comment 9 errata-xmlrpc 2021-02-24 15:50:15 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633


Note You need to log in before you can comment on or make changes to this bug.