Bug 2084289 - OCP 4.10.4, CNI: SDN; Whereabouts IPAM: Duplicate IP address with bond-cni
Summary: OCP 4.10.4, CNI: SDN; Whereabouts IPAM: Duplicate IP address with bond-cni
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.10
Hardware: x86_64
OS: Linux
high
high
Target Milestone: ---
: 4.10.z
Assignee: Douglas Smith
QA Contact: Weibin Liang
URL:
Whiteboard:
Depends On: 2082360
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-05-11 19:34 UTC by Douglas Smith
Modified: 2022-06-28 11:50 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Bond CNI version was at 1.0 CNI libraries but Multus CNI was not compatible with the CNI 1.0 format. Consequence: Bond CNI IPAM results were not properly populated in the network-status annotation. This caused Whereabouts IP reconciliation to erroneously clean up these addresses, as it relies on the network-status annotation to know if an IP address is in use during reconciliation. Fix: Implement net-attach-def client library fix to support CNI 1.0 IP addressing format (in pre-1.0 releases) Result: Whereabouts IPAM can be used properly with Bond CNI.
Clone Of: 2082360
Environment:
Last Closed: 2022-06-28 11:50:26 UTC
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift bond-cni pull 34 0 None open Bug 2084289: Backport IPAM fixes 2022-06-07 13:31:24 UTC
Github openshift multus-cni pull 128 0 None open Bug 2084289: Bumps net-attach-def client library (for CNI v1.0 IP compatibility) [backport 4.10] 2022-06-02 20:15:55 UTC
Red Hat Product Errata RHBA-2022:5172 0 None None None 2022-06-28 11:50:54 UTC

Comment 4 Weibin Liang 2022-06-06 15:50:05 UTC 
Follow same verified steps in https://bugzilla.redhat.com/show_bug.cgi?id=2082360#c14, verification failed in 4.10.0-0.nightly-2022-06-06-030155. There is no IP address shown there (e.g. one in the 192.0.2.0/24 range) after executing "oc describe pod singlepod | grep network-status -A35 | grep -P "network.status|192.0""

#### Test in 4.10.0-0.nightly-2022-06-06-030155
[weliang@weliang ~]$ oc describe pod singlepod | grep network-status -A35
              k8s.v1.cni.cncf.io/network-status:
                [{
                    "name": "ovn-kubernetes",
                    "interface": "eth0",
                    "ips": [
                        "10.129.2.16"
                    ],
                    "mac": "0a:58:0a:81:02:10",
                    "default": true,
                    "dns": {}
                },{
                    "name": "test/firstnet",
                    "interface": "net1",
                    "ips": [
                        "10.10.0.1"
                    ],
                    "mac": "56:53:55:b8:43:18",
                    "dns": {}
                },{
                    "name": "test/secondnet",
                    "interface": "net2",
                    "ips": [
                        "10.10.0.2"
                    ],
                    "mac": "86:59:b3:04:d0:5e",
                    "dns": {}
                },{
                    "name": "test/bond-net",
                    "interface": "bond0",
                    "mac": "56:53:55:b8:43:18",
                    "dns": {}
                }]
              k8s.v1.cni.cncf.io/networks: firstnet@net1,secondnet@net2,bond-net
              k8s.v1.cni.cncf.io/networks-status:
                [{
                    "name": "ovn-kubernetes",
[weliang@weliang ~]$ oc describe pod singlepod | grep network-status -A35 | grep -P "network.status|192.0"
              k8s.v1.cni.cncf.io/network-status:


#### Test in 4.11.0-0.nightly-2022-06-04-014713

[weliang@weliang ~]$ oc describe pod singlepod | grep network-status -A35
              k8s.v1.cni.cncf.io/network-status:
                [{
                    "name": "ovn-kubernetes",
                    "interface": "eth0",
                    "ips": [
                        "10.131.0.16"
                    ],
                    "mac": "0a:58:0a:83:00:10",
                    "default": true,
                    "dns": {}
                },{
                    "name": "test/firstnet",
                    "interface": "net1",
                    "ips": [
                        "10.10.0.1"
                    ],
                    "mac": "96:3f:2d:5f:15:70",
                    "dns": {}
                },{
                    "name": "test/secondnet",
                    "interface": "net2",
                    "ips": [
                        "10.10.0.2"
                    ],
                    "mac": "fe:c0:b2:c4:04:f7",
                    "dns": {}
                },{
                    "name": "test/bond-net",
                    "interface": "net3",
                    "ips": [
                        "192.0.2.1"
                    ],
                    "mac": "96:3f:2d:5f:15:70",
                    "dns": {}
                }]
              k8s.v1.cni.cncf.io/networks: firstnet@net1,secondnet@net2,bond-net
[weliang@weliang ~]$ oc describe pod singlepod | grep network-status -A35 | grep -P "network.status|192.0"
              k8s.v1.cni.cncf.io/network-status:
                        "192.0.2.1"
[weliang@weliang ~]$
Comment 9 Weibin Liang 2022-06-23 13:56:46 UTC 
Tested in verified in 4.10.20

$ oc describe pod singlepod | grep network-status -A35 | grep -P "network.status|192.0"
Annotations:  k8s.v1.cni.cncf.io/network-status:
                        "192.0.2.1"
$ oc get clusterversion
NAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.10.20   True        False         19m     Cluster version is 4.10.20
Comment 11 errata-xmlrpc 2022-06-28 11:50:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.10.20 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:5172
Note You need to log in before you can comment on or make changes to this bug.