Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ovn: do not send direct traffic between lports to conntrack #3131

Merged
merged 1 commit into from
Aug 14, 2023
Merged

ovn: do not send direct traffic between lports to conntrack #3131

merged 1 commit into from
Aug 14, 2023

Conversation

zhangzujian
Copy link
Member

@zhangzujian zhangzujian commented Aug 10, 2023
edited
Loading

What type of this PR

  • Bug fixes

Which issue(s) this PR fixes:

Fixes access from pod to node or outside the cluster in redhat/rocky 8.6 after merging #2987.

Now traffic via pod ip between pods will not be sent to conntrack by the following logical flows:

  table=6 (ls_in_pre_lb       ), priority=105  , match=(ip4 && ip4.dst == 10.16.0.0/16), action=(next;)
  table=6 (ls_in_pre_lb       ), priority=105  , match=(ip4 && ip4.dst == 100.64.0.0/16), action=(next;)
  table=6 (ls_in_pre_lb       ), priority=100  , match=(ip), action=(reg0[2] = 1; next;)

WHAT

🤖 Generated by Copilot at e7a3590

Remove SetLBCIDR feature from OVN interface and controller. This feature was deprecated and is no longer used to configure the load balancer service CIDR in OVN.

🤖 Generated by Copilot at e7a3590

Sing, O Muse, of the mighty OVN controller
That configures the network for the cloud of kube
And how its skilled developers, with wisdom and valor
Removed the SetLBCIDR feature, no longer of use

HOW

🤖 Generated by Copilot at e7a3590

  • Remove the deprecated feature to set the load balancer service CIDR in OVN (link, link, link, link)

@zhangzujian zhangzujian marked this pull request as ready for review August 14, 2023 02:01
@zhangzujian zhangzujian merged commit e541a57 into kubeovn:master Aug 14, 2023
64 checks passed
@zhangzujian zhangzujian deleted the fix-ovn-ct branch August 14, 2023 03:47
zhangzujian added a commit that referenced this pull request Aug 14, 2023
@zhangzujian
ovn: do not send direct traffic between lports to conntrack (#3131)
f225c66
zhangzujian added a commit to zhangzujian/kube-ovn that referenced this pull request Aug 14, 2023
@zhangzujian
ovn: do not send direct traffic between lports to conntrack (kubeovn#…
d51c23a 
…3131)
zhangzujian added a commit to zhangzujian/kube-ovn that referenced this pull request Aug 14, 2023
@zhangzujian
Revert "ovn: do not send direct traffic between lports to conntrack (k…
3f62693 
…ubeovn#3131)"

This reverts commit d51c23a.
zhangzujian added a commit to zhangzujian/kube-ovn that referenced this pull request Aug 14, 2023
@zhangzujian
ovn: do not send direct traffic between lports to conntrack (kubeovn#…
5a04d2a 
…3131)
zhangzujian added a commit to zhangzujian/kube-ovn that referenced this pull request Aug 14, 2023
@zhangzujian
Revert "ovn: do not send direct traffic between lports to conntrack (k…
68e24cf 
…ubeovn#3131)"

This reverts commit d51c23a.
zhangzujian added a commit to zhangzujian/kube-ovn that referenced this pull request Aug 14, 2023
@zhangzujian
ovn: do not send direct traffic between lports to conntrack (kubeovn#…
319bd89 
…3131)
zhangzujian added a commit to zhangzujian/kube-ovn that referenced this pull request Aug 14, 2023
@zhangzujian
ovn: do not send direct traffic between lports to conntrack (kubeovn#…
ee81096 
…3131)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oilbeater oilbeater oilbeater approved these changes

Assignees
No one assigned
Labels
bug Something isn't working need backport network policy
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zhangzujian @oilbeater