[release-4.9] Bug 2044503: ovs-configuration: use lower than NM default ethernet route metric #2928

andreaskaris · 2022-01-24T17:49:39Z

Setting the default NM route metric for ovs-if-br-ex is problematic
in the presence of other Ethernet ports. In that case, ovs-if-br-ex
as well as the Ethernet ports will have the same route metric, and
the winner is undefined. Lower ovs-if-br-ex route metric to 49 to
avoid ambiguous situations.

Conflicts:
templates/common/_base/files/configure-ovs-network.yaml

Signed-off-by: Andreas Karis ak.karis@gmail.com
(cherry picked from commit e6a673d)

What I did

Cause:
When more than one ethernet interface has the default route on startup, then NMs default behavior will assign metrics 100, 101, 102..
and so forth to the Ethernet interfaces to avoid ambiguity. NM will make sure that interfaces of the same type will not
have the same metric: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/managing-the-default-gateway-setting_configuring-and-managing-networking

When ovs-configure.sh OVNKubernetes is run, it sets a metric of 100 to OVS port ovs-if-br-ex (which normally would have metric 800).
The port is no longer an Ethernet type port and the remaining Ethernet interfaces will receive new metrics, assigned in ascending order, starting with 100. This will lead to 2 default routes having metric 100, one of the Ethernet interfaces, and ovs-if-br-ex. It is no longer guaranteed that br-ex will be used as the default interface.

Consequence:
Cluster traffic will not function on clusters with multiple default route ethernet interfaces, such as OpenStack clusters with additional networks.

Fix:
Enforce that the metric configured on the OVN-Kubernetes interface (br-ex and ovs-if-br-ex) is set to 49.

Result:
The default route via br-ex should always be the one with the highest priority (= lowest metric).

How to verify it

After deployment, routes via br-ex should have metric 49, e.g.:

# ip r
default via 192.168.20.1 dev br-ex proto dhcp metric 49 
default via 192.168.21.1 dev eth1 proto dhcp metric 100 
169.254.169.254 via 192.168.20.2 dev br-ex proto dhcp metric 49
169.254.169.254 via 192.168.21.2 dev eth1 proto dhcp metric 100 
192.168.20.0/24 dev br-ex proto kernel scope link src 192.168.20.80 metric 49
192.168.21.0/24 dev eth1 proto kernel scope link src 192.168.21.167 metric 100

Description for the changelog

Setting the default NM route metric for ovs-if-br-ex is problematic
in the presence of other Ethernet ports. In that case, ovs-if-br-ex
as well as the Ethernet ports will have the same route metric, and
the winner is undefined. Lower ovs-if-br-ex route metric to 49 to
avoid ambiguous situations.

Setting the default NM route metric for ovs-if-br-ex is problematic in the presence of other Ethernet ports. In that case, ovs-if-br-ex as well as the Ethernet ports will have the same route metric, and the winner is undefined. Lower ovs-if-br-ex route metric to 49 to avoid ambiguous situations. Conflicts: templates/common/_base/files/configure-ovs-network.yaml Signed-off-by: Andreas Karis <ak.karis@gmail.com> (cherry picked from commit e6a673d)

openshift-ci · 2022-01-24T17:49:44Z

@andreaskaris: This pull request references Bugzilla bug 2044503, which is invalid:

expected dependent Bugzilla bug 2035326 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

[release-4.9] Bug 2044503: ovs-configuration: use lower than NM default ethernet route metric

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

kikisdeliveryservice · 2022-01-24T17:56:16Z

PTAL
/assign @cybertron @trozet

openshift-ci · 2022-01-24T17:57:10Z

@andreaskaris: This pull request references Bugzilla bug 2044503, which is invalid:

expected dependent Bugzilla bug 2035326 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

[release-4.9] Bug 2044503: ovs-configuration: use lower than NM default ethernet route metric

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci · 2022-01-24T17:59:09Z

@andreaskaris: This pull request references Bugzilla bug 2044503, which is invalid:

expected dependent Bugzilla bug 2035326 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

[release-4.9] Bug 2044503: ovs-configuration: use lower than NM default ethernet route metric

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci · 2022-01-24T17:59:18Z

@andreaskaris: This pull request references Bugzilla bug 2044503, which is invalid:

expected dependent Bugzilla bug 2035326 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

[release-4.9] Bug 2044503: ovs-configuration: use lower than NM default ethernet route metric

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci · 2022-01-24T17:59:42Z

@andreaskaris: This pull request references Bugzilla bug 2044503, which is invalid:

expected dependent Bugzilla bug 2035326 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

[release-4.9] Bug 2044503: ovs-configuration: use lower than NM default ethernet route metric

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci · 2022-01-24T18:05:12Z

@andreaskaris: This pull request references Bugzilla bug 2044503, which is invalid:

expected dependent Bugzilla bug 2035326 to be in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE), but it is ON_QA instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

[release-4.9] Bug 2044503: ovs-configuration: use lower than NM default ethernet route metric

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

cybertron · 2022-01-24T20:08:29Z

/label backport-risk-assessed

Seems like a reasonable change to backport. Holding off on lgtm to give Tim a chance to weigh in if he wants, and we have to wait for the original bug to be verified anyway.

openshift-ci · 2022-01-24T21:47:32Z

@andreaskaris: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-ovn-step-registry	`3711b7c`	link	false	`/test e2e-ovn-step-registry`
ci/prow/e2e-aws-workers-rhel8	`3711b7c`	link	false	`/test e2e-aws-workers-rhel8`
ci/prow/okd-e2e-aws	`3711b7c`	link	false	`/test okd-e2e-aws`
ci/prow/okd-e2e-gcp-op	`3711b7c`	link	false	`/test okd-e2e-gcp-op`
ci/prow/e2e-aws-workers-rhel7	`3711b7c`	link	false	`/test e2e-aws-workers-rhel7`
ci/prow/e2e-aws-upgrade-single-node	`3711b7c`	link	false	`/test e2e-aws-upgrade-single-node`
ci/prow/e2e-aws-disruptive	`3711b7c`	link	false	`/test e2e-aws-disruptive`
ci/prow/okd-e2e-upgrade	`3711b7c`	link	false	`/test okd-e2e-upgrade`
ci/prow/e2e-vsphere-upgrade	`3711b7c`	link	false	`/test e2e-vsphere-upgrade`

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

andreaskaris · 2022-01-25T11:46:04Z

/bugzilla refresh

openshift-ci · 2022-01-25T11:46:11Z

@andreaskaris: This pull request references Bugzilla bug 2044503, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target release (4.9.z) matches configured target release for branch (4.9.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
dependent bug Bugzilla bug 2035326 is in the state VERIFIED, which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE))
dependent Bugzilla bug 2035326 targets the "4.10.0" release, which is one of the valid target releases: 4.10.0
bug has dependents

Requesting review from QA contact:
/cc @anuragthehatter

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

flavio-fernandes

/lgtm

trozet · 2022-01-25T16:14:54Z

/lgtm
/assign @kikisdeliveryservice

kikisdeliveryservice · 2022-01-25T18:06:51Z

Thanks all, this seems good to go

/approve

openshift-ci · 2022-01-25T18:08:27Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andreaskaris, flavio-fernandes, kikisdeliveryservice, trozet

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [kikisdeliveryservice]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-bot · 2022-01-26T02:51:56Z

/retest-required