[release-4.19] OCPBUGS-59530,OCPBUGS-48709: DownStream Merge Sync from 4.20 [07-17-2025]#2675
Conversation
The FDB lookup is only used for non-destined shared MAC traffic. When OVN or the host send a packet that hits a NORMAL action it will initate MAC learning and can drive up the CPU of OVS. We still need NORMAL action to account for sending to unknown ports like localnet ports, but we do not want to learn the shared MAC. Therefore create a static entry binding it to the LOCAL port. Signed-off-by: Tim Rozet <trozet@redhat.com>
Commit f978967 caused a regression in performance. As the below issue describes, the egress traffic from OVN will now use NORMAL action, which will cause an FDB lookup and then FLOOD if not found. This always ends up being the case because the reply ARP packet from the physical port is flooded to the patch port and the LOCAL port. This causes an increase in CPU and unnecessarily flooding packets. We need layer 2 packets destined to the shared gateway mac to go to both the host and OVN. This is so both can receive ARP replies, etc. However, we also need the FDB entry in OVS to get updated, for our new functionality with using the NORMAL action. To fix this, add a static FDB entry for LOCAL, then modify the layer 2 flooding flow actions from "output:patch,LOCAL" to "output:patch,NORMAL". Since the FDB entry is bound in the table to LOCAL, it is effectively forwarding the packets the same as before, but with the added bonus of FDB learning on ingress. Fixes: #5318 Signed-off-by: Tim Rozet <trozet@redhat.com>
This allows a localnet VM arp reply to go to OVN, rather than a lookup that only hits the LOCAL port in the fdb table. Signed-off-by: Tim Rozet <trozet@redhat.com>
When using Docker, push image command fails because the push_args var is interpreted as empty string, Docker reject it as invalid variable and fails with the following error: $ docker push '' localhost:5000/ovn-daemonset-fedora:latest docker: 'docker push' requires 1 argument Remove the push_args wrapping quotes. Signed-off-by: Or Mergi <ormergi@redhat.com>
Since CanServeNamespace filters out namespace events for namespaces unknown to be served by this primary network, we need to reconcile namespaces once the network is reconfigured to serve a namespace. Hence this commit reconciles those namespaces and also reconciles each network policy if it contains only peer namespace selector. Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com>
This commits exports FilterFunc from handler and uses it while reconciling network policy for UDN peer namespaces. Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com>
This commit makes network reconcilation loop to sync only namespace object and network policies sync to happen from namespace reconcilation loop. Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com>
The diff between v0.7.0 and v0.8.0 is simply a rename from ovn-org/libovsdb to ovn-kubernetes/libovsdb. Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
kind: Rm push_args variable quotes
Initial implementations erroneously assumed a CIDR for NATs logicalIP. Also, eip controller expects all OVN constructs that support EIP to have this metadata so if we cannot build this metadata then add dummy data so its cleaned up later by EIP controller. This was not caught by unit tests because the unit test also contained the assumption of only logical IP with no mask. It was not caught by upstream CI because we have no reboot tests. Signed-off-by: Martin Kennelly <mkennell@redhat.com>
The startup syncer was removing OVN constructs due to logic bugs introduced when EIP code was refactored for UDN. The are added again when eip controller syncs but this causes interruption. 1. Due to poor naming, enforcement of types and programmer error we were mixing up variables between a pod IP and an EIP IP. See: nodeName, ok := cache.egressIPIPToNodeCache[parsedLogicalIP.String()] parsedLogicalIP is a pod IP and not an EIP IP. 2. When iterating over the existing config for an EIP, we should delete config for LRPs where an EIP doesn't exist. 3. Remove LRPs when a network isnt found Signed-off-by: Martin Kennelly <mkennell@redhat.com>
…readability No func changes. Check if obj is nil post parsing IP. Improve logging of stale OVN config. Signed-off-by: Martin Kennelly <mkennell@redhat.com>
Removes config for deleted nodes/pods while controller was down and ensures ovn config is removed while preserving valid config. Signed-off-by: Martin Kennelly <mkennell@redhat.com>
Fixes FDB learning and usage of NORMAL action
chore: bump libovsdb to v0.8.0
EgressIP: fix startup syncer
Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
NO-JIRA: Update OWNERS file: Add Patryk/Martin as approvers
OCPBUGS-57179, OCPBUGS-49824: DownStream Merge [07-09-2025]
…rom-4.20-07-17-2025
openshift-ci-robot
added
jira/valid-reference
|
@jluhrsen: This pull request references Jira Issue OCPBUGS-48709, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/payload 4.19 ci blocking |
|
@jluhrsen: trigger 5 job(s) of type blocking for the ci release of OCP 4.19
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/187c88b0-6355-11f0-99cd-1bdb0a8a6dc4-0 trigger 11 job(s) of type blocking for the nightly release of OCP 4.19
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/187c88b0-6355-11f0-99cd-1bdb0a8a6dc4-1 |
|
/jira refresh |
openshift-ci-robot
added
the
jira/valid-bug
|
@jluhrsen: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/545d9a70-673a-11f0-923b-ec6d826250ec-0 |
|
looks good to me now |
tssurya
left a comment
tssurya
left a comment
There was a problem hiding this comment.
/lgtm
/label backport-risk-assessed
CI looks good
openshift-ci
bot
added
the
backport-risk-assessed
openshift-ci
bot
assigned
anuragthehatter,
asood-rh,
huiran0826,
jechen0648,
Meina-rh,
mffiedler,
qiowang721,
rbbratta,
weliang1 and
yingwang-0320
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jluhrsen, tssurya The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
openshift-merge-bot
bot
merged commit a71aaf8
into
openshift:release-4.19
|
@jluhrsen: Jira Issue OCPBUGS-59530: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-59530 has been moved to the MODIFIED state. Jira Issue OCPBUGS-48709: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-48709 has been moved to the MODIFIED state. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/bugzilla cc-qa this PR was pre-merge verified by QE, was just a bit late at adding the labels after pre-merge test passed |
openshift-ci
bot
added
the
qe-approved
|
@jluhrsen: Jira Issue OCPBUGS-59530 is in an unrecognized state (MODIFIED) and will not be moved to the MODIFIED state. Jira Issue OCPBUGS-48709 is in an unrecognized state (MODIFIED) and will not be moved to the MODIFIED state. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[ART PR BUILD NOTIFIER] Distgit: ovn-kubernetes-base |
|
[ART PR BUILD NOTIFIER] Distgit: ovn-kubernetes-microshift |
|
[ART PR BUILD NOTIFIER] Distgit: ose-ovn-kubernetes |
|
Fix included in accepted release 4.19.0-0.nightly-2025-08-05-174154 |
|
Fix included in accepted release 4.19.0-0.nightly-2025-09-02-192040 |
20 participants
📑 Description
Fixes #
Additional Information for reviewers
✅ Checks
How to verify it