OCPBUGS-4370: Filter out IP addresses added by keepalived

go-controller/pkg/util/net_linux.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"net"
 	"reflect"
+	"strings"
 	"time"
 
 	"github.com/j-keck/arping"
@@ -470,6 +471,7 @@ func DeleteConntrack(ip string, port int32, protocol kapi.Protocol, ipFilterType
 }
 
 // GetNetworkInterfaceIPs returns the IP addresses for the network interface 'iface'.
+// We filter out addresses that are link local, reserved for internal use or added by keepalived.
 func GetNetworkInterfaceIPs(iface string) ([]*net.IPNet, error) {
 	link, err := netLinkOps.LinkByName(iface)
 	if err != nil {
@@ -483,7 +485,7 @@ func GetNetworkInterfaceIPs(iface string) ([]*net.IPNet, error) {
 
 	var ips []*net.IPNet
 	for _, addr := range addrs {
-		if addr.IP.IsLinkLocalUnicast() || IsAddressReservedForInternalUse(addr.IP) {
+		if addr.IP.IsLinkLocalUnicast() || IsAddressReservedForInternalUse(addr.IP) || IsAddressAddedByKeepAlived(addr) {
 			continue
 		}
 		// Ignore addresses marked as secondary or deprecated since they may
@@ -514,6 +516,13 @@ func IsAddressReservedForInternalUse(addr net.IP) bool {
 	return subnet.Contains(addr)
 }
 
+// IsAddressAddedByKeepAlived returns true if the input interface address obtained
+// through netlink has a label that ends with ":vip", which is how keepalived
+// marks the IP addresses it adds (https://github.com/openshift/machine-config-operator/pull/3683)
+func IsAddressAddedByKeepAlived(addr netlink.Addr) bool {
+	return strings.HasSuffix(addr.Label, ":vip")
+}
+
 // GetIPv6OnSubnet when given an IPv6 address with a 128 prefix for an interface,
 // looks for possible broadest subnet on-link routes and returns the same address
 // with the found subnet prefix. Otherwise it returns the provided address unchanged.