+++ This bug was initially created as a clone of Bug #1985514 +++
+++ This bug was initially created as a clone of Bug #1985512 +++
Description of problem:
In a v6 only ovn-k cluster, the management interface IP is not added to the address set used for classifying host network traffic. This causes the allow-from-router network policy to not work correctly on platforms where the endpoint publishing strategy is "HostNetwork"
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Create a single stack v6 cluster on vsphere or a platform where the endpoint publishing strategy is HostNetwork
2.Create allow from ingress network policy
3.try external access to service in the cluster that is v6
service is not reliably accessible since the v6 management IP is not added to the address set for classifying host network traffic
External access to a service in a single stack v6 cluster works reliably.
Testing pass by following steps in https://bugzilla.redhat.com/show_bug.cgi?id=1985512#c3
https://github.com/openshift/ovn-kubernetes/pull/625/ is merged, move this bug to verified
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: OpenShift Container Platform 4.7.23 security update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.