Bug 1957039 - Physical VIP for pod -> Svc -> Host is incorrectly set to an IP of for Local GW
Summary: Physical VIP for pod -> Svc -> Host is incorrectly set to an IP of 169.254.16...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.8
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.8.0
Assignee: Andrew Stoycos
QA Contact: Anurag saxena
Depends On:
TreeView+ depends on / blocked
Reported: 2021-05-04 21:51 UTC by Andrew Stoycos
Modified: 2021-07-27 23:06 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2021-07-27 23:06:17 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift ovn-kubernetes pull 531 0 None open Bug 1957039: Fix pod -> svc -> host LGW flow 2021-05-10 18:31:47 UTC
Red Hat Product Errata RHSA-2021:2438 0 None None None 2021-07-27 23:06:39 UTC

Description Andrew Stoycos 2021-05-04 21:51:53 UTC
Description of problem: 

In Local GW when a nodeport svc is backed by a host networked pod the incorrect backed IP is used in the gateway_router LB 

_uuid               : c3617307-f109-4d2e-9c2d-704166ffd970
external_ids        : {TCP_lb_gateway_router=GR_ovn-worker}
health_check        : []
ip_port_mappings    : {}
name                : ""
options             : {}
protocol            : tcp
selection_fields    : []
vips                : {""="", ""=""}

Specifically when the traffic from a pod on the same node sends traffic to the SVC it should DNAT to not the "special" masquerade IP  

Version-Release number of selected component (if applicable):

This is a problem in Master and 4.8 that was most likely introduced during the switch to shared GW as the default topology, so it is not yet clear weather the bug affects versions prior to 4.8

How reproducible:

Comment 5 errata-xmlrpc 2021-07-27 23:06:17 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.