New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TestWireGuard/testServiceConnectivity failing in IPv6 cluster #3437
Labels
area/transit/encryption
Issues or PRs related to transit encryption (IPSec, SSL).
area/transit/ipv6
Issues or PRs related to IPv6.
kind/bug
Categorizes issue or PR as related to a bug.
kind/failing-test
Categorizes issue or PR as related to a consistently or frequently failing test.
priority/critical-urgent
Highest priority. Must be actively worked on as someone's top priority right now.
Milestone
Comments
antoninbas
added
area/transit/encryption
Issues or PRs related to transit encryption (IPSec, SSL).
kind/bug
Categorizes issue or PR as related to a bug.
kind/failing-test
Categorizes issue or PR as related to a consistently or frequently failing test.
area/transit/ipv6
Issues or PRs related to IPv6.
labels
Mar 11, 2022
Test failure:
|
antoninbas
added
the
priority/critical-urgent
Highest priority. Must be actively worked on as someone's top priority right now.
label
Mar 18, 2022
xliuxu
added a commit
to xliuxu/antrea
that referenced
this issue
Mar 21, 2022
IPv6 routes to peer gateway should be deleted in IPv6 mode since it needs to be routed through the tunnel. Fixes antrea-io#3437 Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu
added a commit
to xliuxu/antrea
that referenced
this issue
Mar 21, 2022
IPv6 routes to peer gateway should be deleted since it needs to be routed through the tunnel. Fixes antrea-io#3437 Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu
added a commit
to xliuxu/antrea
that referenced
this issue
Mar 21, 2022
IPv6 routes to the peer gateway should be deleted if WireGuard is enabled since it needs to be routed through the tunnel. Fixes antrea-io#3437 Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu
added a commit
to xliuxu/antrea
that referenced
this issue
Mar 21, 2022
Check whether the route to peer gateway is replaced or not when adding routes and delete the route if it is no longer required. This can happen when the traffic encryption mode or traffic encapsulation mode changes. Fixes antrea-io#3437 Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu
added a commit
to xliuxu/antrea
that referenced
this issue
Mar 22, 2022
Check whether the route to peer gateway is replaced or not when adding routes and delete the route if it is no longer required. This can happen when the traffic encryption mode or traffic encapsulation mode changes. Fixes antrea-io#3437 Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu
added a commit
to xliuxu/antrea
that referenced
this issue
Mar 25, 2022
Check whether the route and neigh to peer gateway is needed and delete the route if it is no longer required. This can happen when the traffic encryption mode or traffic encapsulation mode changes. Fixes antrea-io#3437 Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu
added a commit
to xliuxu/antrea
that referenced
this issue
Mar 25, 2022
Check whether the route and neigh to peer gateway are still needed and delete the route and neigh if necessary. This can happen when the traffic encryption mode or traffic encapsulation mode changes. Fixes antrea-io#3437 Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu
added a commit
to xliuxu/antrea
that referenced
this issue
Mar 25, 2022
Check whether the route and neigh to peer gateway are still needed and delete the route and neigh if necessary. This can happen when the traffic encryption mode or traffic encapsulation mode changes. Fixes antrea-io#3437 Signed-off-by: Xu Liu <xliu2@vmware.com>
xliuxu
added a commit
to xliuxu/antrea
that referenced
this issue
Mar 25, 2022
Check whether the route and neigh to peer gateway are still needed and delete the route and neigh if necessary. This can happen when the traffic encryption mode or traffic encapsulation mode changes. Fixes antrea-io#3437 Signed-off-by: Xu Liu <xliu2@vmware.com>
tnqn
pushed a commit
that referenced
this issue
Mar 25, 2022
Check whether the route and neigh to peer gateway are still needed and delete the route and neigh if necessary. This can happen when the traffic encryption mode or traffic encapsulation mode changes. Fixes #3437 Signed-off-by: Xu Liu <xliu2@vmware.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
area/transit/encryption
Issues or PRs related to transit encryption (IPSec, SSL).
area/transit/ipv6
Issues or PRs related to IPv6.
kind/bug
Categorizes issue or PR as related to a bug.
kind/failing-test
Categorizes issue or PR as related to a consistently or frequently failing test.
priority/critical-urgent
Highest priority. Must be actively worked on as someone's top priority right now.
Describe the bug
After merging #3336, the e2e test
TestWireGuard/testServiceConnectivity
is failing for thejenkins-ipv6-only-e2e
CI job.It seems that the new IPv6 route reconciliation logic prevents correct gateway route configuration on the Node.
If we deploy Antrea without Wireguard, the gateway routes look like this:
If we deploy Antrea with Wireguard, the routes (
antrea-gw0
+antrea-wg0
) look like this:However, if we first deploy Antrea without Wireguard, then re-deploy it (apply the yaml again) with Wireguard enabled (which is what the e2e test case does), we get the following routes:
Notice how there is an "extra" route (the first one). This could explain why the test is failing.
Versions:
Antrea: top of tree
The text was updated successfully, but these errors were encountered: