Bug 1997407 - power-of-two balancing feature set "Random" as default balancing for passthrough routes
Summary: power-of-two balancing feature set "Random" as default balancing for passthro...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.9
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.9.0
Assignee: Miciah Dashiel Butler Masters
QA Contact: Arvind iyengar
URL:
Whiteboard:
Depends On:
Blocks: 2000414
TreeView+ depends on / blocked
 
Reported: 2021-08-25 07:47 UTC by Arvind iyengar
Modified: 2022-08-04 22:35 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 2000414 (view as bug list)
Environment:
Last Closed: 2021-10-18 17:48:30 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-ingress-operator pull 650 0 None None None 2021-08-26 17:22:29 UTC
Red Hat Product Errata RHSA-2021:3759 0 None None None 2021-10-18 17:48:46 UTC

Description Arvind iyengar 2021-08-25 07:47:51 UTC
Description of problem:
power-of-two balancing feature set "Random" as default balancing for the passthrough routes instead of "source"

OpenShift release version:
release: 4.9.0-0.nightly-2021-08-24-235829

How reproducible:
Frequently

Steps to Reproduce (in detail):
1. Create a project with required pods and service resources
2. Expose a passthrough route from the project
3. Check the haproxy configuration for the passthough route


Actual results: 
Inside the proxy pod:
$ env | grep -i random 
ROUTER_LOAD_BALANCE_ALGORITHM=random

# Secure backend, pass through
backend be_tcp:q2n1d:route-passth
  balance random  <-----

  hash-type consistent
  timeout check 5000ms
  server pod:web-server-rc-hr7q2:service-secure:https:10.131.0.25:8443 10.131.0.25:8443 weight 256

Expected results:
As per the original proposal for this feature, the passthrough routes are supposed to be configured with "source" balancing to have some measure of session affinity.

Impact of the problem:
Since with the passthrough type connections, the use of cookies to manage session affinity like other connections is not possible, this connection type would need "source" balancing as default

Additional info:
This change of configuration likely appears to be a side effect of changes from https://bugzilla.redhat.com/show_bug.cgi?id=1988801

Comment 1 Arvind iyengar 2021-08-30 05:57:32 UTC
Verified in "4.9.0-0.ci.test-2021-08-30-050301-ci-ln-b97npit-latest" release version. With this payload, it is observed that the passthrough routes now defaults to the "source" algorithm with Power-of-two balancing in effect:
-----
oc get clusterversion
NAME      VERSION                                                  AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.9.0-0.ci.test-2021-08-30-050301-ci-ln-b97npit-latest   True        False         17m     Cluster version is 4.9.0-0.ci.test-2021-08-30-050301-ci-ln-b97npit-latest


# Secure backend, pass through
backend be_tcp:test1:passth-route
  balance source  <----

  hash-type consistent
  timeout check 5000ms
  server pod:web-server-rc-sbkm6:service-secure:https:10.131.0.29:8443 10.131.0.29:8443 weight 256
-----

Comment 6 errata-xmlrpc 2021-10-18 17:48:30 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759


Note You need to log in before you can comment on or make changes to this bug.