[release-4.8] Bug 2054225: Fix gateway routers answer ARP/NDP requests for LoadBalancer/ExternalIP services

[andreaskaris]

- What this PR does and why is it needed

Backport of #952

- Special notes for reviewers

commit 917d97ccc28cbfca9a44bd2eebe5b66f1cdd4ad9 (HEAD -> bz2054225, downstream-akaris/bz2054225)
Author: Ori Braunshtein <obraunsh@redhat.com>
Date:   Wed Oct 13 12:35:33 2021 +0300

    Neighbor solicitations and ARP requests used to hit all 3 OVN
    load-balancers in addition to the node local IP for ExternalIP.
    ARP requests or IPv6 NS would receive <node number + 1> replies.
    
    This fix stops ARP requests and IPv6 NS for ExternalIPs from entering
    the OVN dataplane. Only the node with the actual local IP will now
    answer to the NS or ARP request.
    
    Signed-off-by: Andreas Karis <ak.karis@gmail.com>
    (cherry picked from commit 91d37a667d041574f58e27b4aebbc0258a627816)
    (cherry picked from commit 1813ea577927fdfe9baa3bd07020f1a551f1d7cc)
    
    Conflicts:
            go-controller/pkg/node/gateway_shared_intf.go
    Due to absence of 2c0ec2337e590e2287c57f80975dadb79a9ad1cf in 4.8

commit 8b2409fd0990005548f168caecb513d4a66351f8
Author: Ori Braunshtein <obraunsh@redhat.com>
Date:   Thu Jul 29 16:27:55 2021 +0300

    Output address resolution requests to LOCAL port
    
    Currently address resolution requests (ARP/Neighbor solicitation) for
    LoadBalancer/External IPs are answered by all of the gateway routers in the cluster.
    By forwarding these requests to the local port, a network load balancer implementation
    like MetalLB is able to be the only one replying to them - thus enabling it
    to be the only one announcing a specific LoadBalancer service IP.
    
    Signed-off-by: Ori Braunshtein <obraunsh@redhat.com>
    (cherry picked from commit 5d546a0498dd0a55b80c05cfbcd60bf761581cc7)
    (cherry picked from commit bb4eeedfd6908de46cc996d51c24451de10f5856)
    
    Conflicts:
        go-controller/pkg/node/gateway_shared_intf.go
    Due to absence of 2c0ec2337e590e2287c57f80975dadb79a9ad1cf in 4.8

- How to verify it

- Description for the changelog

[openshift-ci]

@andreaskaris: This pull request references Bugzilla bug 2054225, which is invalid:

• expected the bug to target the "4.8.z" release, but it targets "4.9.z" instead
• expected dependent Bugzilla bug 2014003 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is POST instead
• expected dependent Bugzilla bug 1987445 to target a release in 4.9.0, 4.9.z, but it targets "4.10.0" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

[release-4.8] Bug 2054225: Fix gateway routers answer ARP/NDP requests for LoadBalancer/ExternalIP services

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[andreaskaris]

Verification instructions for QE:
verification.txt

[andreaskaris]

/bugzilla refresh

[openshift-ci]

@andreaskaris: This pull request references Bugzilla bug 2054225, which is invalid:

• expected dependent Bugzilla bug 2014003 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is POST instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[andreaskaris]

/bugzilla refresh

[openshift-ci]

@andreaskaris: This pull request references Bugzilla bug 2054225, which is invalid:

• expected dependent Bugzilla bug 2014003 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[andreaskaris]

/bugzilla refresh

[openshift-ci]

@andreaskaris: This pull request references Bugzilla bug 2054225, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.8.z) matches configured target release for branch (4.8.z)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
• dependent bug Bugzilla bug 2014003 is in the state VERIFIED, which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE))
• dependent Bugzilla bug 2014003 targets the "4.9.z" release, which is one of the valid target releases: 4.9.0, 4.9.z
• bug has dependents

Requesting review from QA contact:
/cc @anuragthehatter

Details

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[andreaskaris]

/retest

[trozet]

/lgtm
/label backport-risk-assessed

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andreaskaris, trozet

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [trozet]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[trozet]

/assign @anuragthehatter

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[asood-rh]

/label cherry-pick-approved

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci]

@andreaskaris: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/4.8-upgrade-from-stable-4.7-e2e-aws-ovn-upgrade	917d97c	link	false	/test 4.8-upgrade-from-stable-4.7-e2e-aws-ovn-upgrade

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-bot]

/retest-required

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci]

@andreaskaris: All pull requests linked via external trackers have merged:

• openshift/ovn-kubernetes#957

Bugzilla bug 2054225 has been moved to the MODIFIED state.

Details

In response to this:

[release-4.8] Bug 2054225: Fix gateway routers answer ARP/NDP requests for LoadBalancer/ExternalIP services

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.