Juniper Openstack

Openshift: [4.0.1.0-31.el7] Service not reachable when configured on Isolated namespace

  1. Series trunk
  2. Bug #1718334
Bug #1718334 reported by chhandak
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R4.0
Fix Committed
Critical
Dinesh Bakiaraj
Juniper Openstack r4.0.1.0 "r4.0.1.0"
Trunk
Fix Committed
Critical
Dinesh Bakiaraj
Juniper Openstack r4.1.0.0-fcs "r4.1"

Bug Description

When Service is configured on Isolated namespace wget query from a pod to service is failing. This is the Sanity failure reason.
There is only one compute in the cluster. Both test pod and service backend launched on same compute.
In agent container droopstats count is increasing and flow is getting deleted immediately. As per sandesh trace output dest_vn_match is unknown . Can you please have a look?

Setup:

Master: 10.87.121.34(root/c0ntrail123)
Slave: 10.87.121.35(root/c0ntrail123)

[root@5b7s18 ~]# oc describe svc ctest-nginx-svc-97603987 -n ctest-namespace-22181220
Name: ctest-nginx-svc-97603987
Namespace: ctest-namespace-22181220
Labels: <none>
Annotations: <none>
Selector: app=http_test
Type: ClusterIP
IP: 10.108.73.65
External IPs: 10.87.117.247
Port: <unset> 80/TCP
Endpoints: 10.47.255.251:80,10.47.255.252:80
Session Affinity: None
Events: <none>

2017-09-19 13:17:21.034 FlowTrace: operation = ADD info= [ gen_id = 7 flow_index = 464724 nh_id = 27 source_ip = 10.47.255.250 source_port = 51882 destination_ip = 10.108.73.65 destination_port = 80 protocol = 6 vrf = 2 allow = 1 mirror_l= [ [ ] ] mirror_vrf = 65535 reverse_index = 150988 implicit_deny = 0 short_flow = 1 source_vn_list= [ [ (*_iter103) = default-domain:default:ctest-namespace-22181220-vn, ] ] dest_vn_list= [ [ (*_iter104) = __UNKNOWN__, ] ] source_vn_match = default-domain:default:ctest-namespace-22181220-vn dest_vn_match = __UNKNOWN__ source_sg_id_l= [ [ (*_iter105) = 8000017, (*_iter105) = 8000018, ] ] dest_sg_id_l= [ [ ] ] vrf_assign = l3_flow = 1 smac = 02:54:b1:52:1c:9d dmac = 00:00:5e:00:01:00 drop_reason = UNKNOWN table_id = 1 short_flow_reason = Short flow No Destination route rpf_nh = 27 src_ip_nh = 27 ] file = controller/src/vnsw/agent/pkt/flow_mgmt.cc line = 565
2017-09-19 13:17:21.101 FlowTrace: operation = DEL info= [ gen_id = 7 flow_index = 150988 nh_id = 27 source_ip = 10.108.73.65 source_port = 80 destination_ip = 10.47.255.250 destination_port = 51882 protocol = 6 vrf = 2 allow = 1 mirror_l= [ [ ] ] mirror_vrf = 65535 implicit_deny = 0 short_flow = 1 source_vn_list= [ [ (*_iter103) = __UNKNOWN__, ] ] dest_vn_list= [ [ (*_iter104) = default-domain:default:ctest-namespace-22181220-vn, ] ] source_vn_match = __UNKNOWN__ dest_vn_match = default-domain:default:ctest-namespace-22181220-vn source_sg_id_l= [ [ ] ] dest_sg_id_l= [ [ (*_iter106) = 8000017, (*_iter106) = 8000018, ] ] vrf_assign = l3_flow = 1 smac = 00:00:5e:00:01:00 dmac = 02:54:b1:52:1c:9d drop_reason = UNKNOWN table_id = 1 short_flow_reason = Short flow No Destination route rpf_nh = 4294967295 src_ip_nh = 4294967295 ] file = controller/src/vnsw/agent/pkt/flow_mgmt.cc line = 565
2017-09-19 13:17:21.101 FlowTrace: operation = DEL info= [ gen_id = 7 flow_index = 464724 nh_id = 27 source_ip = 10.47.255.250 source_port = 51882 destination_ip = 10.108.73.65 destination_port = 80 protocol = 6 vrf = 2 allow = 1 mirror_l= [ [ ] ] mirror_vrf = 65535 implicit_deny = 0 short_flow = 1 source_vn_list= [ [ (*_iter103) = default-domain:default:ctest-namespace-22181220-vn, ] ] dest_vn_list= [ [ (*_iter104) = __UNKNOWN__, ] ] source_vn_match = default-domain:default:ctest-namespace-22181220-vn dest_vn_match = __UNKNOWN__ source_sg_id_l= [ [ (*_iter105) = 8000017, (*_iter105) = 8000018, ] ] dest_sg_id_l= [ [ ] ] vrf_assign = l3_flow = 1 smac = 02:54:b1:52:1c:9d dmac = 00:00:5e:00:01:00 drop_reason = UNKNOWN table_id = 1 short_flow_reason = Short flow No Destination route rpf_nh = 27 src_ip_nh = 27 ] file = controller/src/vnsw/agent/pkt/flow_mgmt.cc line = 565

chhandak (chhandak)
summary: - Openshift: Service not reachable when configured on Isolated namespace
+ Openshift: [4.0.1.0-31.el7] Service not reachable when configured on
+ Isolated namespace
tags: added: blocker sanityblocker
Changed in juniperopenstack:
importance: Undecided → Critical
assignee: nobody → Sachchidanand Vaidya (vaidyasd)
milestone: none → r4.0.1.0
information type: Proprietary → Public
Rudra Rugge (rrugge)
tags: added: sanity
removed: sanityblocker
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/35795
Submitter: Dinesh Bakiaraj (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R4.0

Review in progress for https://review.opencontrail.org/35796
Submitter: Dinesh Bakiaraj (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/35796
Committed: http://github.com/Juniper/contrail-controller/commit/e487ad333b01bddb86ac38be21c37f85e999f4e7
Submitter: Zuul (<email address hidden>)
Branch: R4.0

commit e487ad333b01bddb86ac38be21c37f85e999f4e7
Author: dineshb-jnpr <email address hidden>
Date: Wed Sep 20 18:05:18 2017 -0700

Fix breakage of isolated pods to svc reachability.

This code change is to fix breakage by a prior commit that
resulted in isolated pods not getting a floating ip from
pod ipam of cluster network. This resulted in these pods
not being able to reach svc's in k8s cluster.

Change-Id: I2351a7cee375b0c428f3dd3df8d880698034fb5e
Closes-Bug: #1718334

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/35795
Committed: http://github.com/Juniper/contrail-controller/commit/8f9d9c445296069e728a12cbdcb3674db8ccbe65
Submitter: Zuul (<email address hidden>)
Branch: master

commit 8f9d9c445296069e728a12cbdcb3674db8ccbe65
Author: dineshb-jnpr <email address hidden>
Date: Wed Sep 20 18:05:18 2017 -0700

Fix breakage of isolated pods to svc reachability.

This code change is to fix breakage by a prior commit that
resulted in isolated pods not getting a floating ip from
pod ipam of cluster network. This resulted in these pods
not being able to reach svc's in k8s cluster.

Change-Id: I2351a7cee375b0c428f3dd3df8d880698034fb5e
Closes-Bug: #1718334

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.