Skip to content

Bug 1987445: Fix gateway routers answer ARP/NDP requests for LoadBalancer/ExternalIP services#793

Merged
openshift-merge-robot merged 3 commits intoopenshift:masterfrom
oribon:bug-1987445
Oct 13, 2021
Merged

Bug 1987445: Fix gateway routers answer ARP/NDP requests for LoadBalancer/ExternalIP services#793
openshift-merge-robot merged 3 commits intoopenshift:masterfrom
oribon:bug-1987445

Conversation

@oribon
Copy link
Copy Markdown
Contributor

@oribon oribon commented Oct 13, 2021

cherry-picking from ovn-kubernetes/ovn-kubernetes#2540 minus the e2e tests (dropped them because of conflicts that depend on other commits)

- What this PR does and why is it needed

- Special notes for reviewers

- How to verify it

- Description for the changelog

@oribon
Output address resolution requests to LOCAL port
5d546a0 
Currently address resolution requests (ARP/Neighbor solicitation) for
LoadBalancer/External IPs are answered by all of the gateway routers in the cluster.
By forwarding these requests to the local port, a network load balancer implementation
like MetalLB is able to be the only one replying to them - thus enabling it
to be the only one announcing a specific LoadBalancer service IP.

Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Oct 13, 2021

@oribon: This pull request references Bugzilla bug 1987445, which is invalid:

  • expected the bug to target the "4.10.0" release, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

Bug 1987445: Fix gateway routers answer ARP/NDP requests for LoadBalancer/ExternalIP services

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci Bot added bugzilla/severity-unspecified Referenced Bugzilla bug's severity is unspecified for the PR. bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Oct 13, 2021
@oribon
Copy link
Copy Markdown
Contributor Author

oribon commented Oct 13, 2021

/bugzilla refresh

@openshift-ci openshift-ci Bot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Oct 13, 2021
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Oct 13, 2021

@oribon: This pull request references Bugzilla bug 1987445, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.10.0) matches configured target release for branch (4.10.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @anuragthehatter

Details

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci Bot removed the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Oct 13, 2021
oribon and others added 2 commits October 13, 2021 13:00
@oribon
Neighbor solicitations and ARP requests used to hit all 3 OVN
91d37a6 
load-balancers in addition to the node local IP for ExternalIP.
ARP requests or IPv6 NS would receive <node number + 1> replies.

This fix stops ARP requests and IPv6 NS for ExternalIPs from entering
the OVN dataplane. Only the node with the actual local IP will now
answer to the NS or ARP request.

Signed-off-by: Andreas Karis <ak.karis@gmail.com>
@andreaskaris @oribon
Shared GW: Remove code duplication in updateServiceFlowCache
a9a784d 
Flow generation for LB and ExternalIP flow is essentially the same,
so avoid code duplication with method createLbAndExternalSvcFlows

Signed-off-by: Andreas Karis <ak.karis@gmail.com>
@oribon
Copy link
Copy Markdown
Contributor Author

oribon commented Oct 13, 2021

/retest

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Oct 13, 2021
edited
Loading

@oribon: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-vsphere-windows a9a784d link false /test e2e-vsphere-windows
ci/prow/e2e-azure-ovn a9a784d link false /test e2e-azure-ovn
ci/prow/okd-e2e-gcp-ovn a9a784d link false /test okd-e2e-gcp-ovn

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@dcbw
Copy link
Copy Markdown
Contributor

dcbw commented Oct 13, 2021

/approve
/lgtm

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Oct 13, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dcbw, oribon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added lgtm Indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Oct 13, 2021
@openshift-merge-robot openshift-merge-robot merged commit d5e0e75 into openshift:master Oct 13, 2021
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Oct 13, 2021

@oribon: All pull requests linked via external trackers have merged:

Bugzilla bug 1987445 has been moved to the MODIFIED state.

Details

In response to this:

Bug 1987445: Fix gateway routers answer ARP/NDP requests for LoadBalancer/ExternalIP services

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@fedepaol
Copy link
Copy Markdown
Member

fedepaol commented Oct 14, 2021

/cherry-pick release-4.9

@openshift-cherrypick-robot
Copy link
Copy Markdown

openshift-cherrypick-robot commented Oct 14, 2021

@fedepaol: #793 failed to apply on top of branch "release-4.9":

Applying: Output address resolution requests to LOCAL port
Using index info to reconstruct a base tree...
M	go-controller/pkg/node/gateway_shared_intf.go
Falling back to patching base and 3-way merge...
Auto-merging go-controller/pkg/node/gateway_shared_intf.go
Applying: Neighbor solicitations and ARP requests used to hit all 3 OVN load-balancers in addition to the node local IP for ExternalIP. ARP requests or IPv6 NS would receive <node number + 1> replies.
Using index info to reconstruct a base tree...
M	go-controller/pkg/node/gateway_shared_intf.go
Falling back to patching base and 3-way merge...
Auto-merging go-controller/pkg/node/gateway_shared_intf.go
CONFLICT (content): Merge conflict in go-controller/pkg/node/gateway_shared_intf.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0002 Neighbor solicitations and ARP requests used to hit all 3 OVN load-balancers in addition to the node local IP for ExternalIP. ARP requests or IPv6 NS would receive <node number + 1> replies.
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
Details

In response to this:

/cherry-pick release-4.9

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@Reamer
Copy link
Copy Markdown
Contributor

Reamer commented Dec 7, 2021

Are there plans to backport this to other versions?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danwinship danwinship Awaiting requested review from danwinship

@rcarrillocruz rcarrillocruz Awaiting requested review from rcarrillocruz

@anuragthehatter anuragthehatter Awaiting requested review from anuragthehatter

Assignees

@dcbw dcbw

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-unspecified Referenced Bugzilla bug's severity is unspecified for the PR. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@oribon @dcbw @fedepaol @openshift-cherrypick-robot @Reamer @openshift-merge-robot @andreaskaris