Bug 2066302 - Ingress Operator is not closing TCP connections.
Summary: Ingress Operator is not closing TCP connections.
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.7
Hardware: x86_64
OS: Unspecified
Target Milestone: ---
: 4.8.z
Assignee: Andrew McDermott
QA Contact: Shudi Li
Depends On: 2064586
TreeView+ depends on / blocked
Reported: 2022-03-21 13:01 UTC by OpenShift BugZilla Robot
Modified: 2022-08-04 22:35 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Ingress Operator performs health checks against the ingress canary route. Once the health check is done Ingress Operator doesn't close the TCP Connection to the load balancer (LB) because keepalives are enabled on the connection. While performing the next health check a new connection is established to the LB instead of using the existing connection. Consequence: This causes the number connection to build upon the LB, overtime exhausting the number of connections on the LB. Fix: Disable keepalives when connecting to the canary route. Result: A new connection is made and closed each time the canary probe is run. With keepalives disabled there is no longer an accumulation of ESTABLISHED connections.
Clone Of:
Last Closed: 2022-04-11 20:04:56 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-ingress-operator pull 726 0 None open [release-4.8] Bug 2066302: Disable keepalive for canary probe 2022-03-22 10:05:55 UTC
Red Hat Product Errata RHSA-2022:1154 0 None None None 2022-04-11 20:05:06 UTC

Comment 7 errata-xmlrpc 2022-04-11 20:04:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.8.36 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.