Bug 1958375 - Return IPv6 traffic from the application pod is getting dropped when f5 pod is scaled to more than one.
Summary: Return IPv6 traffic from the application pod is getting dropped when f5 pod i...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.7
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.9.0
Assignee: Federico Paolinelli
QA Contact: Ross Brattain
URL:
Whiteboard: Telco
Depends On: 1959008
Blocks: 1976644
TreeView+ depends on / blocked
 
Reported: 2021-05-07 18:43 UTC by David Critch
Modified: 2021-10-18 17:31 UTC (History)
15 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-18 17:31:03 UTC
Target Upstream Version:
Embargoed:
trozet: needinfo-


Attachments (Terms of Use)
ovntrace logs (7.67 KB, application/gzip)
2021-05-13 16:07 UTC, Federico Paolinelli
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Github openshift ovn-kubernetes pull 580 0 None closed Bug 1958375: Bump OVN to 20.12.0-140.el8fdp 2021-06-21 19:21:15 UTC
Red Hat Bugzilla 1959008 1 urgent CLOSED ECMP symmetric reply traffic does not work with IPv6 2021-07-29 20:21:55 UTC
Red Hat Product Errata RHSA-2021:3759 0 None None None 2021-10-18 17:31:28 UTC

Comment 1 Federico Paolinelli 2021-05-13 16:07:02 UTC
Created attachment 1782819 [details]
ovntrace logs

Comment 14 Ross Brattain 2021-07-19 19:14:27 UTC
Verified 4.9.0-0.nightly-2021-07-18-155939 is ovn2.13-20.12.0-140.el8fdp.x86_64

Comment 15 Ross Brattain 2021-07-21 06:11:51 UTC
Verified that the OVN rpm is the correct version, need to do more testing.  

We are updating OVN from 20.12.0-25 to 20.12.0-140, there are quite a few fixes since 20.12.0-25.  

ECMP and IPv6 changes:

* Wed Jun 09 2021  - 20.12.0-140
- ovn-northd: Fix IPv6 ECMP symmetric reply flows (#1959008)
--
* Thu May 20 2021  - 20.12.0-121
- ovn-nbctl: do not report an error for duplicated ecmp routes with --may-exist
--
* Thu Feb 11 2021  - 20.12.0-54
- ovn-nbctl: do not allow duplicated ECMP routes
--
* Thu Jan 28 2021  - 20.12.0-40
- ovn-nbctl: add ecmp/ecmp-symmetric-reply to lr-route-list command
--
* Wed Jan 13 2021  - 20.12.0-30
- bfd: introduce IPv6 support

Comment 16 Ross Brattain 2021-07-28 05:38:14 UTC
I see priority=300 routes, and ping6 seems to be working.  Verifying.


1490: cookie=0x577bf7f4, duration=324.468s, table=18, n_packets=0, n_bytes=0, idle_age=324, priority=300,ct_state=+rpl+trk,ct_label=0x200000000000000000000/0xffff00000000000000000000,ipv6,metadata=0x6,ipv6_src=fd01:0:0:1::50b actions=dec_ttl(),load:0x1->NXM_NX_REG10[0],mod_dl_src:52:54:00:43:e6:ed,load:0x66->NXM_NX_XXREG1[0..63],load:0xfd2e6f445dd80000->NXM_NX_XXREG1[64..127],load:0x2->NXM_NX_REG15[],resubmit(,19)
1491: cookie=0xe0398964, duration=324.408s, table=18, n_packets=0, n_bytes=0, idle_age=324, priority=300,ct_state=+rpl+trk,ct_label=0x200000000000000000000/0xffff00000000000000000000,ipv6,metadata=0x6,ipv6_src=fd01:0:0:1::16 actions=dec_ttl(),load:0x1->NXM_NX_REG10[0],mod_dl_src:52:54:00:43:e6:ed,load:0x66->NXM_NX_XXREG1[0..63],load:0xfd2e6f445dd80000->NXM_NX_XXREG1[64..127],load:0x2->NXM_NX_REG15[],resubmit(,19)
1492: cookie=0x25d34ccd, duration=324.383s, table=18, n_packets=0, n_bytes=0, idle_age=324, priority=300,ct_state=+rpl+trk,ct_label=0x200000000000000000000/0xffff00000000000000000000,ipv6,metadata=0x6,ipv6_src=fd01:0:0:1::17 actions=dec_ttl(),load:0x1->NXM_NX_REG10[0],mod_dl_src:52:54:00:43:e6:ed,load:0x66->NXM_NX_XXREG1[0..63],load:0xfd2e6f445dd80000->NXM_NX_XXREG1[64..127],load:0x2->NXM_NX_REG15[],resubmit(,19)
1493: cookie=0xf9e4cb29, duration=324.363s, table=18, n_packets=0, n_bytes=0, idle_age=324, priority=300,ct_state=+rpl+trk,ct_label=0x200000000000000000000/0xffff00000000000000000000,ipv6,metadata=0x6,ipv6_src=fd01:0:0:1::50a actions=dec_ttl(),load:0x1->NXM_NX_REG10[0],mod_dl_src:52:54:00:43:e6:ed,load:0x66->NXM_NX_XXREG1[0..63],load:0xfd2e6f445dd80000->NXM_NX_XXREG1[64..127],load:0x2->NXM_NX_REG15[],resubmit(,19)
1494: cookie=0x8c14ed0a, duration=324.319s, table=18, n_packets=0, n_bytes=0, idle_age=324, priority=300,ct_state=+rpl+trk,ct_label=0x200000000000000000000/0xffff00000000000000000000,ipv6,metadata=0x6,ipv6_src=fd01:0:0:1::50c actions=dec_ttl(),load:0x1->NXM_NX_REG10[0],mod_dl_src:52:54:00:43:e6:ed,load:0x66->NXM_NX_XXREG1[0..63],load:0xfd2e6f445dd80000->NXM_NX_XXREG1[64..127],load:0x2->NXM_NX_REG15[],resubmit(,19)


sh-4.4# ovn-nbctl --format=table  --columns=ip_prefix,nexthop,options,policy    find    Logical_Router_Static_Route | grep fd01
"fd01:0:0:1::17"  "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:1::50b" "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:1::50c" "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01::/48"       "fd98::1"                 {}                            []
"fd01:0:0:3::492" "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01::/48"       "fd98::1"                 {}                            []
"fd01:0:0:2::15d" "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:2::15c" "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:3::491" "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:3::493" "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:2::15c" "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:1::/64" "fd98::4"                 {}                            src-ip
"fd01:0:0:3::491" "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:3::492" "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01::/48"       "fd98::1"                 {}                            []
"fd01:0:0:1::16"  "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:1::50b" "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:1::50a" "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:2::/64" "fd98::2"                 {}                            src-ip
"fd01:0:0:1::50a" "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:3::493" "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:1::17"  "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:1::50c" "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:2::15d" "fd2e:6f44:5dd8::ab"      {ecmp_symmetric_reply="true"} src-ip
"fd01:0:0:3::/64" "fd98::3"                 {}                            src-ip
"fd01:0:0:1::16"  "fd2e:6f44:5dd8::ba"      {ecmp_symmetric_reply="true"} src-ip

Comment 19 errata-xmlrpc 2021-10-18 17:31:03 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759


Note You need to log in before you can comment on or make changes to this bug.