1949607 – cannot allocate multiple egressIPs per namespace

Bug 1949607 - cannot allocate multiple egressIPs per namespace

Summary: cannot allocate multiple egressIPs per namespace

Keywords:
Status:	CLOSED DUPLICATE of bug 1948999
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	4.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	4.8.0
Assignee:	Jacob Tanenbaum
QA Contact:	zhaozhanqi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-04-14 16:16 UTC by Jacob Tanenbaum
Modified:	2021-04-14 18:32 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-04-14 18:32:40 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Jacob Tanenbaum 2021-04-14 16:16:35 UTC

Description of problem:

when https://github.com/openshift/sdn/pull/277 merged assigning multiple egressIPs to a namespace is supposed to loadbalance between the egressIPs 

when trying to patch a namespace with multiple egressIPs the cluster fails to allocate any



Version-Release number of selected component (if applicable):
4.8

How reproducible:
always 


Steps to Reproduce:
1. create a new netnamespace 
   $ oc create new-project test

2. add egressCIDRs to two different nodes 
   $ oc patch hostsubnet   ip-10-0-145-191.us-east-2.compute.internal --type=merge -p '{"egressCIDRs":["10.131.129.0/24"]}'
   $ oc patch hostsubnet ip-10-0-162-33.us-east-2.compute.internal --type=merge -p '{"egressCIDRs":["10.131.128.0/24"]}'
   $ oc get hostsubnets
   NAME                                         HOST                                         HOST IP        SUBNET          EGRESS CIDRS          EGRESS IPS
   ip-10-0-142-125.us-east-2.compute.internal   ip-10-0-142-125.us-east-2.compute.internal   10.0.142.125   10.128.2.0/23                         
   ip-10-0-145-191.us-east-2.compute.internal   ip-10-0-145-191.us-east-2.compute.internal   10.0.145.191   10.128.0.0/23   ["10.131.129.0/24"]   
   ip-10-0-162-33.us-east-2.compute.internal    ip-10-0-162-33.us-east-2.compute.internal    10.0.162.33    10.130.0.0/23   ["10.131.128.0/24"]   
   ip-10-0-164-127.us-east-2.compute.internal   ip-10-0-164-127.us-east-2.compute.internal   10.0.164.127   10.129.2.0/23                         
   ip-10-0-199-225.us-east-2.compute.internal   ip-10-0-199-225.us-east-2.compute.internal   10.0.199.225   10.131.0.0/23                         
   ip-10-0-202-52.us-east-2.compute.internal    ip-10-0-202-52.us-east-2.compute.internal    10.0.202.52    10.129.0.0/23                         


3. assign egressIPs from those two ranges to the new namespace 
  $ oc patch netnamespace test --type=merge -p '{"egressIPs": ["10.131.128.50", "10.131.129.50"]}'
  netnamespace.network.openshift.io/test patched


Actual results:

the egressIPs are not allocated even through the netnamespace reports that it is using them.

  $ oc get netnamespace
  NAME                                               NETID      EGRESS IPS
  ...
  test                                               5746827    ["10.131.128.50","10.131.129.50"]
  $ oc get hostsubnets
  NAME                                         HOST                                         HOST IP        SUBNET          EGRESS CIDRS          EGRESS IPS   
  ...                  
  ip-10-0-145-191.us-east-2.compute.internal   ip-10-0-145-191.us-east-2.compute.internal   10.0.145.191   10.128.0.0/23   ["10.131.129.0/24"]   
  ip-10-0-162-33.us-east-2.compute.internal    ip-10-0-162-33.us-east-2.compute.internal    10.0.162.33    10.130.0.0/23   ["10.131.128.0/24"]   

and the egressIP ovs groups and flows are not created by the sdn pods 

Expected results:

  $ oc get hostsubnets
  NAME                                         HOST                                         HOST IP        SUBNET          EGRESS CIDRS          EGRESS IPS
  ...
  ip-10-0-145-191.us-east-2.compute.internal   ip-10-0-145-191.us-east-2.compute.internal   10.0.145.191   10.128.0.0/23   ["10.131.129.0/24"]   ["10.131.129.50"]
  ip-10-0-162-33.us-east-2.compute.internal    ip-10-0-162-33.us-east-2.compute.internal    10.0.162.33    10.130.0.0/23   ["10.131.128.0/24"]   ["10.131.128.50"]

  and the correct ovs is generated by the sdn pods 

  in an sdn pod hosting the egressIP
  sh-5.0# ovs-ofctl -O OpenFlow13 dump-groups br0
  OFPST_GROUP_DESC reply (OF1.3) (xid=0x2):
   group_id=5746827,type=select,bucket=actions=set_field:1e:60:aa:48:96:42->eth_dst,set_field:0x157b08a->pkt_mark,output:tun0

  in an sdn pod not hosting the egressIP
  # ovs-ofctl -O OpenFlow13 dump-groups br0                                       
  OFPST_GROUP_DESC reply (OF1.3) (xid=0x2):
     group_id=5746827,type=select,bucket=actions=ct(commit),move:NXM_NX_REG0[]->NXM_NX_TUN_ID[0..31],set_field:10.0.162.33->tun_dst,output:vxlan0,bucket=actions=ct(commit),move:NXM_NX_REG0[]->NXM_NX_TUN_ID[0..31],set_field:10.0.145.191->tun_dst,output:vxlan0






Additional info:

Comment 2 Jacob Tanenbaum 2021-04-14 18:32:40 UTC


*** This bug has been marked as a duplicate of bug 1948999 ***

Note You need to log in before you can comment on or make changes to this bug.