1949063 – [sig-network] Conntrack should be able to preserve UDP traffic when server pod cycles for a NodePort service

Bug 1949063 - [sig-network] Conntrack should be able to preserve UDP traffic when server pod cycles for a NodePort service

Summary: [sig-network] Conntrack should be able to preserve UDP traffic when server po...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	4.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	---
Target Release:	4.8.0
Assignee:	Antonio Ojea
QA Contact:	zhaozhanqi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1923231
TreeView+	depends on / blocked

Reported:	2021-04-13 11:31 UTC by Antonio Ojea
Modified:	2021-07-27 23:00 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	NodePort UDP Services traffic can be blackholed due to stale conntrack entries, caused if some of the endpoints change or if the client start to send traffic to the Service before one endpoint exists. We should flush the conntrack entries related to the Service in any of this cases, so the new traffic can reach the available endpoints.
Clone Of:	1923231
Environment:	[sig-network] Conntrack should be able to preserve UDP traffic when server pod cycles for a NodePort service
Last Closed:	2021-07-27 23:00:08 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:2438	0	None	None	None	2021-07-27 23:00:22 UTC

Comment 1 Antonio Ojea 2021-04-13 11:39:49 UTC

It will fixed by
https://github.com/openshift/sdn/pull/267

Comment 3 zhaozhanqi 2021-04-28 10:08:11 UTC

still can find failed in CI https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/release-openshift-ocp-installer-e2e-aws-ovn-4.8/1387209922613088256

Comment 4 Antonio Ojea 2021-04-28 13:29:07 UTC

(In reply to zhaozhanqi from comment #3)
> still can find failed in CI
> https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/release-openshift-
> ocp-installer-e2e-aws-ovn-4.8/1387209922613088256

This bug is openshift-sdn specific, it if fails in OVN it has to be filed as a separate bug

Comment 5 zhaozhanqi 2021-04-30 09:19:48 UTC

run this on build 4.8.0-0.nightly-2021-04-29-151418

with `./e2e.test -kubeconfig ~/kubeconfig -ginkgo.focus "Conntrack should be able to preserve UDP traffic when server pod cycles for a NodePort service" -test.count 150 -test.failfast`

failed with following error: 

http://pastebin.test.redhat.com/960227

Comment 6 zhaozhanqi 2021-04-30 14:35:47 UTC

please ignore comment 5, it's OVN cluster

try again on sdn cluster with 4.8.0-0.nightly-2021-04-29-151418

./e2e.test -kubeconfig /root/zzhao/kubeconfig -ginkgo.focus "Conntrack should be able to preserve UDP traffic when server pod cycles for a NodePort service" -test.count 150 -test.failfast


all pass.  Move to verified.

Comment 9 errata-xmlrpc 2021-07-27 23:00:08 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438

Note You need to log in before you can comment on or make changes to this bug.