This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2024-05-21T19:30:14.6972027Z I0521 19:30:14.678005 26393 obj_retry.go:432] Stop channel got triggered: will stop retrying failed objects of type *v1.Node | |
2024-05-21T19:30:14.6972926Z I0521 19:30:14.678044 26393 watch.go:183] Stopping fake watcher. | |
2024-05-21T19:30:14.6973869Z I0521 19:30:14.678154 26393 reflector.go:295] Stopping reflector *v1.Service (0s) from k8s.io/client-go/informers/factory.go:159 | |
2024-05-21T19:30:14.6974905Z E0521 19:30:14.678081 26393 shared_informer.go:314] unable to sync caches for node-tracker-controller | |
2024-05-21T19:30:14.6975814Z I0521 19:30:14.678264 26393 services_controller.go:181] Shutting down controller ovn-lb-controller | |
2024-05-21T19:30:14.6976828Z E0521 19:30:14.678303 26393 ovn.go:458] Error running OVN Kubernetes Services controller: error syncing node tracker handler | |
2024-05-21T19:30:14.6977620Z I0521 19:30:14.678291 26393 watch.go:183] Stopping fake watcher. | |
2024-05-21T19:30:14.6978160Z I0521 19:30:14.678320 26393 watch.go:183] Stopping fake watcher. | |
2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@ovn-worker2 ~]# ovs-dpctl dump-flows | |
recirc_id(0x48),in_port(2),ct_state(+new-est-rel-rpl-inv+trk),ct_mark(0/0x1),eth(src=66:49:b8:4b:12:3e,dst=0a:58:0a:f4:01:05),eth_type(0x0800),ipv4(src=10.244.1.2,dst=10.244.1.5,frag=no), packets:0, bytes:0, used:never, actions:ct(commit,zone=19,mark=0/0x1,nat(src)),6 | |
recirc_id(0),in_port(3),skb_mark(0),eth(dst=02:42:ac:12:00:03),eth_type(0x0800),ipv4(proto=6,frag=no),tcp(dst=8192/0xe000), packets:797, bytes:70414, used:0.004s, flags:SP., actions:ct(zone=64000,nat),recirc(0x27) | |
recirc_id(0),in_port(3),eth(dst=02:42:ac:12:00:03),eth_type(0x0800),ipv4(proto=17,frag=no),udp(dst=6081), packets:1, bytes:132, used:0.753s, actions:4 | |
recirc_id(0x46),tunnel(tun_id=0xff0003,src=172.18.0.2,dst=172.18.0.3,geneve({}{}),flags(-df+csum+key)),in_port(5),ct_state(+new-est-rel-rpl-inv+trk),ct_mark(0/0x1),eth(src=0a:58:0a:f4:01:01,dst=00:00:00:00:00:00/01:00:00:00:00:00),eth_type(0x0800),ipv4(src=10.244.0.0/255.255.255.0,frag=no), packets:0, bytes:0, used:never, actions:ct(commit,zone= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: client | |
labels: | |
pod-name: client | |
role: webserver | |
#app: spk-coredns | |
spec: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@ovn-control-plane ~]# ovs-appctl ofproto/trace --ct-next trk,rpl --ct-next trk,rpl br-int in_port=3,tun_id=16711683,tun_metadata0=262147,dl_src=0a:58:2b:22:eb:86,dl_dst=0a:58:92:3f:71:e5,tcp6,tp_src=8080,tp_dst=43434,ipv6_dst=fd00:10:244:1::7,ipv6_src=fc00:f853:ccd:e793::4,nw_ttl=254 | ovn-detrace | |
Flow: tcp6,tun_id=0xff0003,in_port=3,vlan_tci=0x0000,dl_src=0a:58:2b:22:eb:86,dl_dst=0a:58:92:3f:71:e5,ipv6_src=fc00:f853:ccd:e793::4,ipv6_dst=fd00:10:244:1::7,ipv6_label=0x00000,nw_tos=0,nw_ecn=0,nw_ttl=254,nw_frag=no,tp_src=8080,tp_dst=43434,tcp_flags=0 | |
bridge("br-int") | |
---------------- | |
0. in_port=3, priority 100 | |
move:NXM_NX_TUN_ID[0..23]->OXM_OF_METADATA[0..23] | |
-> OXM_OF_METADATA[0..23] is now 0xff0003 | |
move:NXM_NX_TUN_METADATA0[16..30]->NXM_NX_REG14[0..14] | |
-> NXM_NX_REG14[0..14] is now 0x4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[root@ovn-control-plane ~]# ovn-trace --ct trk,rpl --ct trk,rpl transit_switch 'inport == "tstor-ovn-worker" && eth.src ==0a:58:2b:22:eb:86 && eth.dst==0a:58:92:3f:71:e5 && ip6 && ip.ttl==64 && ip6.src==fc00:f853:ccd:e793::4 && ip6.dst==fd00:10:244:1::7 && tcp && tcp.src == 8080 && tcp.dst ==43434' | |
2024-04-17T17:08:05Z|00001|ovntrace|WARN|ct.new && !ct.rel && ip6 && ip6.dst == ^NODEIP_IPv6_0 && tcp && tcp.dst == 30926: parsing expression failed (Syntax error at `NODEIP_IPv6_0' expecting constant.) | |
2024-04-17T17:08:05Z|00002|ovntrace|WARN|ct.new && ip6.dst == ^NODEIP_IPv6_0 && tcp.dst == 30926: parsing expression failed (Syntax error at `NODEIP_IPv6_0' expecting constant.) | |
2024-04-17T17:08:05Z|00003|ovntrace|WARN|reg0[2] == 1 && ip6.dst == ^NODEIP_IPv6_0 && tcp.dst == 30926: parsing expression failed (Syntax error at `NODEIP_IPv6_0' expecting constant.) | |
2024-04-17T17:08:05Z|00004|ovntrace|WARN|ip && ip6.dst == ^NODEIP_IPv6_0: parsing expression failed (Syntax error at `NODEIP_IPv6_0' expecting constant.) | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### ebpf | |
#include <linux/bpf.h> | |
#include <linux/if_ether.h> | |
#include <linux/ip.h> | |
#include <linux/in.h> | |
#include <linux/tcp.h> | |
struct data_t { | |
__u32 src_ip; | |
__u32 dst_ip; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[trozet@fedora 250-nodetracker]$ cat must-gather.local.3877710284032856534/inspect.local.4295100335563262757/namespaces/openshift-ovn-kubernetes/pods/ovnkube-node-5ksf5/ovnkube-controller/ovnkube-controller/logs/current.log | grep -E 'Starting controller|router changed, syncing services| Node tracker sync took|Full service sync requested' | |
2024-01-16T02:33:18.213324326Z I0116 02:33:18.213311 3961 services_controller.go:163] Starting controller ovn-lb-controller | |
2024-01-16T02:33:18.213864591Z I0116 02:33:18.213856 3961 node_tracker.go:185] Node ip-10-0-236-9.us-west-2.compute.internal switch + router changed, syncing services | |
2024-01-16T02:33:18.214366306Z I0116 02:33:18.214357 3961 services_controller.go:513] Full service sync requested | |
2024-01-16T02:33:18.238191487Z I0116 02:33:18.238179 3961 node_tracker.go:185] Node ip-10-0-149-39.us-west-2.compute.internal switch + router changed, syncing services | |
2024-01-16T02:33:18.238242960Z I0116 02:33:18.238234 3961 services_controller.go:513] Full serv |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pkt received on worker node: | |
01:30:41.176263 M 00:07:35:c0:23:cd ethertype IPv6 (0x86dd), length 88: (flowlabel 0x8e949, hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::207:35ff:fec0:23cd > ff02::1: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is fd2e:6f44:5dd8:c956::18, Flags [override] | |
destination link-address option (2), length 8 (1): 00:07:35:c0:23:cd | |
datapath flow: | |
recirc_id(0xd),in_port(1),ct_state(-new-est-rel+trk),ct_mark(0),eth(src=00:07:35:c0:23:cd,dst=33:33:00:00:00:01),eth_type(0x86dd),ipv6(src=fe80::207:35ff:fec0:23cd,dst=ff02::1,proto=58,hlimit=255,frag=no),icmpv6(type=136,code=0), packets:27611, bytes:2374546, used:0.002s, actions:2,check_pkt_len(size=1414,gt(sample(sample=100.0%,actions(meter(3),userspace(pid=4294967295,controller(reason=1,dont_send=0,continuation=0,recirc_id=25194,rule_cookie=0x25862262,controller_id=0,max_len=65535))))),le(drop) | |
mac is not changing: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#### setup, client curling a service with session affinity that is backed by server and server-sdn pods | |
[trozet@fedora test]$ oc get service | |
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE | |
kubernetes ClusterIP 172.30.0.1 <none> 443/TCP 46m | |
my-service1 ClusterIP 172.30.189.139 <none> 1337/UDP,80/TCP 5m5s | |
openshift ExternalName <none> kubernetes.default.svc.cluster.local <none> 41m | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## NP with port range | |
--- | |
apiVersion: networking.k8s.io/v1 | |
kind: NetworkPolicy | |
metadata: | |
name: default-deny-egress | |
spec: | |
podSelector: | |
policyTypes: |
NewerOlder