Bug 1998951 - Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and IPv4 addresses
Summary: Keepalived conf ingress peer on in Dual stack cluster contains both IPv6 and ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Machine Config Operator
Version: 4.7
Hardware: All
OS: All
low
urgent
Target Milestone: ---
: 4.10.0
Assignee: Yossi Boaron
QA Contact: Yoav Porag
URL:
Whiteboard:
Depends On:
Blocks: 2025691
TreeView+ depends on / blocked
 
Reported: 2021-08-30 06:00 UTC by Rei
Modified: 2022-03-10 16:06 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-03-10 16:05:54 UTC
Target Upstream Version:
Embargoed:
vvoronko: needinfo-


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift baremetal-runtimecfg pull 154 0 None open Bug 1998951: retrieve only single type addresses for Keepalived ingress 2021-09-19 14:08:37 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:06:11 UTC

Description Rei 2021-08-30 06:00:15 UTC
Description of problem:
vrrp_instance ingress include both IPv4 and IPv6 as unicast peers in case of dual stack deployment:
/etc/keepalived/keepalived.conf
...
vrrp_instance ocp-edge-cluster-0_INGRESS {
    state BACKUP
    interface br-ex
    virtual_router_id 110
    priority 20
    advert_int 1
    
    unicast_src_ip 192.168.123.127
    unicast_peer {
        192.168.123.113
        fd2e:6f44:5dd8::7e
        
        fd2e:6f44:5dd8::6d
        192.168.123.67
        fd2e:6f44:5dd8::87
        192.168.123.83
        fd2e:6f44:5dd8::3e
        192.168.123.79
        fd2e:6f44:5dd8::5f
        192.168.123.100
        fd2e:6f44:5dd8::44
        
    }

...

Version-Release number of selected component (if applicable):
 oc version
Client Version: 4.7.0-0.nightly-2021-08-29-003324
Server Version: 4.7.0-0.nightly-2021-08-29-003324
Kubernetes Version: v1.20.0+9689d22


How reproducible:
Deploy dual stack cluster
enter to one of the node
view /etc/keepalived/keepalived.conf

Steps to Reproduce:
Deploy dual stack cluster
enter to one of the node
view /etc/keepalived/keepalived.conf

Actual results:
...
vrrp_instance ocp-edge-cluster-0_INGRESS {
    state BACKUP
    interface br-ex
    virtual_router_id 110
    priority 20
    advert_int 1
    
    unicast_src_ip 192.168.123.127
    unicast_peer {
        192.168.123.113
        fd2e:6f44:5dd8::7e
        
        fd2e:6f44:5dd8::6d
        192.168.123.67
        fd2e:6f44:5dd8::87
        192.168.123.83
        fd2e:6f44:5dd8::3e
        192.168.123.79
        fd2e:6f44:5dd8::5f
        192.168.123.100
        fd2e:6f44:5dd8::44
        
    }

...

Expected results:
...
vrrp_instance ocp-edge-cluster-0_INGRESS {
    state BACKUP
    interface br-ex
    virtual_router_id 110
    priority 20
    advert_int 1
    
    unicast_src_ip 192.168.123.127
    unicast_peer {
        192.168.123.113
        192.168.123.67
        192.168.123.83
        192.168.123.79
        192.168.123.100

    }

...

Additional info:

Comment 1 Ben Nemec 2021-08-31 19:57:49 UTC
What breaks as a result of this? Is the VIP not working correctly in some way? I have a vague memory of keepalived complaining when the peer list includes addresses in a different family from the VIP, but if so that should be included in the report. As it stands there's nothing to indicate that this behavior is problematic.

Comment 2 Rei 2021-09-01 05:09:44 UTC
Hi @bnemec 
It's seem like this cause to this bug https://bugzilla.redhat.com/show_bug.cgi?id=1988102 to appear. Why we should create 2 connection to peer? one IPv4 and other IPv6 that transfer the same data?

Comment 3 Ben Nemec 2021-09-08 20:46:02 UTC
Why do you think this configuration is related to that bug? https://bugzilla.redhat.com/show_bug.cgi?id=1988102 is not specific to dual stack, so I don't see any way the behavior described in this bug would have anything to do with it.

In my testing, this does not cause any functional issues in a dual stack cluster. I've run a deployment and the only problem I can see is some warning messages in the keepalived logs, but the VIPs work as expected anyway and the cluster deploys and is fully functional. I agree this would be nice to fix, but as far as I can tell it's a purely cosmetic issue.

Comment 4 Rei 2021-09-14 04:53:56 UTC
@bnemec You're right, https://bugzilla.redhat.com/show_bug.cgi?id=2003655 is the reason for the original bug

Comment 5 Ben Nemec 2021-09-20 19:38:47 UTC
Why did you leave a needinfo on me?

Comment 12 errata-xmlrpc 2022-03-10 16:05:54 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056


Note You need to log in before you can comment on or make changes to this bug.