1972864 – New `local-with-fallback` service annotation does not preserve source IP

Bug 1972864 - New `local-with-fallback` service annotation does not preserve source IP

Summary: New `local-with-fallback` service annotation does not preserve source IP

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	4.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	4.8.0
Assignee:	Dan Winship
QA Contact:	zhaozhanqi
Docs Contact:
URL:
Whiteboard:
Depends On:	1971808
Blocks:
TreeView+	depends on / blocked

Reported:	2021-06-16 18:43 UTC by Dan Winship
Modified:	2021-07-27 23:13 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:	1971808
Environment:	[sig-network][Feature:Router] The HAProxy router should set Forwarded headers appropriately
Last Closed:	2021-07-27 23:13:09 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift sdn pull 322	0	None	closed	Bug 1972864: [4.8] fix local-with-fallback	2021-06-23 12:18:48 UTC
Red Hat Product Errata	RHSA-2021:2438	0	None	None	None	2021-07-27 23:13:28 UTC

Comment 2 zhaozhanqi 2021-06-23 05:37:40 UTC

Verified this bug on 4.8.0-0.nightly-2021-06-22-192915

$ oc rsh hello-cwlxr
/srv # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: eth0@if53: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1450 qdisc noqueue state UP 
    link/ether 0a:58:0a:81:00:2f brd ff:ff:ff:ff:ff:ff
    inet 10.129.0.47/23 brd 10.129.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::c452:c6ff:fec5:ece1/64 scope link 
       valid_lft forever preferred_lft forever
/srv # curl router-http-echo-default.apps.ci-ln-2n0pkc2-002ac.ci.azure.devcluster.openshift.com
GET / HTTP/1.1
user-agent: curl/7.52.1
accept: */*
host: router-http-echo-default.apps.ci-ln-2n0pkc2-002ac.ci.azure.devcluster.openshift.com
x-forwarded-host: router-http-echo-default.apps.ci-ln-2n0pkc2-002ac.ci.azure.devcluster.openshift.com
x-forwarded-port: 80
x-forwarded-proto: http
forwarded: for=10.129.0.47;host=router-http-echo-default.apps.ci-ln-2n0pkc2-002ac.ci.azure.devcluster.openshift.com;proto=http
x-forwarded-for: 10.129.0.47

Comment 5 errata-xmlrpc 2021-07-27 23:13:09 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438

Note You need to log in before you can comment on or make changes to this bug.