Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1935155

Summary: IGMP/MLD packets being dropped
Product: OpenShift Container Platform Reporter: Victor Pickard <vpickard>
Component: NetworkingAssignee: Dumitru Ceara <dceara>
Networking sub component: ovn-kubernetes QA Contact: Weibin Liang <weliang>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: aconstan, trozet, weliang, zzhao
Version: 4.7Flags: weliang: needinfo-
Target Milestone: ---   
Target Release: 4.8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1935180 (view as bug list) Environment:
Last Closed: 2021-07-27 22:51:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1935180    

Description Victor Pickard 2021-03-04 13:11:26 UTC 
Description of problem:

Ovn-k8s multicast allow acls should allow IGMP/MLD pkts regardless of source address.

IPv6 MLD packets are being dropped.



Version-Release number of selected component (if applicable):


How reproducible:

Always


Steps to Reproduce

There is a detailed slack conversation regarding this issue here:

https://coreos.slack.com/archives/C01G7T6SYSD/p1614799149160300

I have an ipv4 single stack cluster with ovn-kubernetes cni.
I see that after few minutes ~5, the join (igmp) request is expired.
I'm following the steps in the openshift "enable multicast" guide.

If I run

oc exec mlistener -i -t -- \
    socat UDP4-RECVFROM:30102,ip-add-membership=224.1.0.1:$POD_IP,fork EXEC:hostname

then I run

oc exec msender -i -t -- \
    /bin/bash -c "echo | socat STDIO UDP4-DATAGRAM:224.1.0.1:30102,range=$CIDR,ip-multicast-ttl=64"


It works as expected.

But if I run the send request again after ~5 min, it doesn't work. I need the "listener" to re-join the multicast group to make it work again.

Actual results:


Expected results:


Additional info:
Comment 2 Weibin Liang 2021-03-17 17:10:34 UTC 
https://github.com/ovn-org/ovn-kubernetes/pull/2088 is merged in ovn-org:master, but not in openshift:release-4.7

Testing still failed in 4.7.0-0.nightly-2021-03-17-090327
Comment 3 Victor Pickard 2021-03-17 17:16:25 UTC 
@weliang This BZ should be verified in 4.8 nightly, right?

There is another BZ, https://bugzilla.redhat.com/show_bug.cgi?id=1935180, for the backport to 4.7.z.
Comment 4 Weibin Liang 2021-03-17 18:26:55 UTC 
@vpickard Thanks for infor

Testing passed in 4.8.0-0.nightly-2021-03-17-123640.
Comment 8 errata-xmlrpc 2021-07-27 22:51:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438