Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1996736

Summary: Large number of 501 lr-policies in INCI2 env
Product: OpenShift Container Platform Reporter: Jose Castillo Lema <jlema>
Component: NetworkingAssignee: Surya Seetharaman <surya>
Networking sub component: ovn-kubernetes QA Contact: Yurii Prokulevych <yprokule>
Status: CLOSED ERRATA Docs Contact:
Severity: low    
Priority: high CC: anusaxen, astoycos, dblack, jlema, smalleni, surya, trozet, yprokule
Version: 4.7   
Target Milestone: ---   
Target Release: 4.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-10 16:05:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jose Castillo Lema 2021-08-23 14:37:53 UTC 
Description of problem:
Creating 18 application pods/worker with in a 120 node environment results in 2135 lr policies of type 501 out of a total of 2613 policies:

[kni@e16-h18-b03-fc640 kubeburner]$ oc exec -n openshift-ovn-kubernetes -it $POD -- ovn-nbctl lr-policy-list ovn_cluster_router | wc -l
Defaulting container name to northd.
Use 'oc describe pod/ovnkube-master-82fjr -n openshift-ovn-kubernetes' to see all of the containers in this pod.
2613

[kni@e16-h18-b03-fc640 kubeburner]$ oc exec -n openshift-ovn-kubernetes -it $POD -- ovn-nbctl lr-policy-list ovn_cluster_router | grep 501 | wc -l
Defaulting container name to northd.
Use 'oc describe pod/ovnkube-master-82fjr -n openshift-ovn-kubernetes' to see all of the containers in this pod.
2135

Version-Release number of selected component (if applicable):
 - OCP 4.7.11
 - local gateway

How reproducible:
100%

Steps to Reproduce:
1. Create several serving (lb) pods with proper ICNI2 annotations (40 in our scenario)
2. Create 18 app pods/worker
Comment 1 Sai Sindhur Malleni 2021-09-13 13:56:03 UTC 
Surya,

You had a patch to address this right?
Comment 2 Surya Seetharaman 2021-09-14 06:31:51 UTC 
yes let me rebase that PR now and we can get it in.
Comment 3 Surya Seetharaman 2021-10-28 18:14:45 UTC 
Moving this to post because the fix is merged upstream and downstream fix is https://github.com/openshift/ovn-kubernetes/pull/796.
Comment 4 Surya Seetharaman 2021-12-01 17:57:34 UTC 
Downstream merge got in. Moving this to modified state.
Comment 13 Surya Seetharaman 2022-02-01 17:22:59 UTC 
Hey Yurii,

Yes that looks good. Thanks for verifying this. Moving bz to VERIFIED.
Comment 16 errata-xmlrpc 2022-03-10 16:05:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056