Skip to content

[DNM] PRE Merge testing BGP IPV6 #2747

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

[DNM] PRE Merge testing BGP IPV6 #2747

wants to merge 4 commits into from

Conversation

@tssurya
Copy link
Contributor

@tssurya tssurya commented Sep 4, 2025

πŸ“‘ Description

Fixes #

Additional Information for reviewers

βœ… Checks

  • My code requires changes to the documentation
  • if so, I have updated the documentation as required
  • My code requires tests
  • if so, I have added and/or updated the tests as required
  • All the tests have passed in the CI

How to verify it

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Sep 4, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: tssurya

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 4, 2025
@tssurya
Fix UDN service CIDR flows that had protocol prefix pinned to ip
7def155 
On breth0 we had the following flow for serviceCIDR:

https://github.com/ovn-kubernetes/ovn-kubernetes/blob/6082160282cf263efd162c0d04ca81ae3c9ecda7/go-controller/pkg/node/gateway_shared_intf.go#L427
that was pinned to `ip` and hence ipv6 singlestack environments
were not getting created correcly.

We would end up with this following error:

E0708 08:42:22.397822   12930 openflow_manager.go:133] Failed to add flows, error: exit status 1, stderr, ovs-ofctl: -:2: fd02::1: invalid IP address
, flows: map[DEFAULT:[cookie=0xdeff105, priority=205, in_port=1, dl_dst=00:35:01:a6:81:fe, udp6, udp_dst=6081, actions=output:LOCAL cookie=0xdeff105, priority=200, in_port=1, udp6, udp_dst=6081, actions=NORMAL cookie=0xdeff105, priority=200, in_port=LOCAL, udp6, udp_dst=6081, actions=output:1 cookie=0xdeff105, priority=500, in_port=2, ipv6, ipv6_dst=fd69::2, ipv6_src=fd2e:6f44:5dd8:c956::19,actions=ct(commit,zone=64001,nat(dst=fd2e:6f44:5dd8:c956::19),table=4) cookie=0xdeff105, priority=500, in_port=3, ipv6, ipv6_dst=fd69::2, ipv6_src=fd2e:6f44:5dd8:c956::19,actions=ct(commit,zone=64001,nat(dst=fd2e:6f44:5dd8:c956::19),table=4) cookie=0xdeff105, priority=500, in_port=2, ipv6, ipv6_dst=fd00:1101::1bcd:4ef3:764:ec61, ipv6_src=fd2e:6f44:5dd8:c956::19,actions=ct(commit,zone=64001,table=4) cookie=0xdeff105, priority=500, in_port=3, ipv6, ipv6_dst=fd00:1101::1bcd:4ef3:764:ec61, ipv6_src=fd2e:6f44:5dd8:c956::19,actions=ct(commit,zone=64001,table=4) cookie=0xdeff105, priority=500, in_port=2, ipv6, ipv6_dst=fd2e:6f44:5dd8:ca56::19, ipv6_src=fd2e:6f44:5dd8:c956::19,actions=ct(commit,zone=64001,table=4) cookie=0xdeff105, priority=500, in_port=3, ipv6, ipv6_dst=fd2e:6f44:5dd8:ca56::19, ipv6_src=fd2e:6f44:5dd8:c956::19,actions=ct(commit,zone=64001,table=4) cookie=0xdeff105, priority=500, in_port=LOCAL, ipv6, ipv6_dst=fd69::1,actions=ct(zone=64002,nat,table=5) cookie=0xdeff105, priority=500, in_port=LOCAL, ipv6, ipv6_dst=fd02::/112, actions=ct(commit,zone=64001,nat(src=fd69::2),table=2) cookie=0xdeff105, priority=550, in_port=LOCAL, ipv6, ipv6_src=fd69::/112, ipv6_dst=fd02::/112, actions=ct(commit,zone=64001,table=2) cookie=0xdeff105, priority=550, in_port=LOCAL, ipv6, ipv6_src=fdc4:1042:13::/56, ipv6_dst=fd02::/112, actions=ct(commit,zone=64001,table=2) cookie=0xdeff105, priority=500, in_port=2, ipv6, ipv6_src=fd02::/112, ipv6_dst=fd69::/112,actions=ct(zone=64001,nat,table=3) cookie=0xdeff105, priority=105, in_port=2, ipv6, ipv6_dst=fd02::/112,actions=drop cookie=0xdeff105, priority=500, in_port=3, ipv6, ipv6_src=fd02::/112, ipv6_dst=fd69::/112,actions=ct(zone=64001,nat,table=3) cookie=0xdeff105, priority=105, in_port=3, ipv6, ipv6_dst=fd02::/112,actions=drop cookie=0xdeff105, priority=110, table=0, in_port=1, ipv6, nw_frag=yes, actions=ct(table=0,zone=64004) cookie=0xdeff105, priority=100, table=1, ipv6, ct_state=+trk+est, ct_mark=0x1, actions=output:2 cookie=0xdeff105, priority=100, table=1, ipv6, ct_state=+trk+rel, ct_mark=0x1, actions=output:2 cookie=0xdeff105, priority=100, table=1, ipv6, ct_state=+trk+est, ct_mark=0x4, actions=output:3 cookie=0xdeff105, priority=100, table=1, ipv6, ct_state=+trk+rel, ct_mark=0x4, actions=output:3 cookie=0xdeff105, priority=100, table=1,  ip6, ct_state=+trk+est, ct_mark=0x2, actions=output:LOCAL cookie=0xdeff105, priority=100, table=1,  ip6, ct_state=+trk+rel, ct_mark=0x2, actions=output:LOCAL cookie=0xdeff105, priority=10, table=1,  dl_dst=00:35:01:a6:81:fe, actions=output:LOCAL cookie=0xdeff105, priority=100, table=2, actions=set_field:00:35:01:a6:81:fe->eth_dst,output:2 cookie=0xdeff105, priority=200, table=2, ip6, ipv6_src=fdc4:1042:13::/56, actions=set_field:00:35:01:a6:81:fe->eth_dst,output:3 cookie=0xdeff105, priority=200, table=2, ip6, pkt_mark=0x1001, actions=set_field:00:35:01:a6:81:fe->eth_dst,output:3 cookie=0xdeff105, table=3,  actions=move:NXM_OF_ETH_DST[]->NXM_OF_ETH_SRC[],set_field:00:35:01:a6:81:fe->eth_dst,output:LOCAL cookie=0xdeff105, table=4,ipv6, actions=ct(commit,zone=64002,nat(src=fd69::1),table=3) cookie=0xdeff105, table=5, ipv6, actions=ct(commit,zone=64001,nat,table=2) cookie=0xdeff105, priority=10, table=0, in_port=1,  dl_dst=00:35:01:a6:81:fe, actions=output:2,output:3,output:LOCAL cookie=0xdeff105, priority=10, table=0, in_port=3, dl_src=00:35:01:a6:81:fe, actions=output:NORMAL cookie=0xdeff105, priority=9, table=0, in_port=3, actions=drop cookie=0xdeff105, priority=10, table=0, in_port=2, dl_src=00:35:01:a6:81:fe, actions=output:NORMAL cookie=0xdeff105, priority=9, table=0, in_port=2, actions=drop cookie=0xdeff105, priority=105, in_port=2, dl_src=00:35:01:a6:81:fe, ipv6, pkt_mark=0x3f0 actions=ct(commit, zone=64000, nat(src=fd2e:6f44:5dd8:c956::19), exec(set_field:0x1->ct_mark)),output:1 cookie=0xdeff105, priority=100, in_port=2, dl_src=00:35:01:a6:81:fe, ipv6, actions=ct(commit, zone=64000, exec(set_field:0x1->ct_mark)), output:1 cookie=0xdeff105, priority=102, in_port=2, dl_src=00:35:01:a6:81:fe, ipv6, ipv6_dst=fd00:1101::1bcd:4ef3:764:ec61/128, actions=ct(commit, zone=64000, exec(set_field:0x1->ct_mark)), output:NORMAL cookie=0xdeff105, priority=102, in_port=2, dl_src=00:35:01:a6:81:fe, ipv6, ipv6_dst=fd2e:6f44:5dd8:c956::19/128, actions=ct(commit, zone=64000, exec(set_field:0x1->ct_mark)), output:NORMAL cookie=0xdeff105, priority=102, in_port=2, dl_src=00:35:01:a6:81:fe, ipv6, ipv6_dst=fd2e:6f44:5dd8:ca56::19/128, actions=ct(commit, zone=64000, exec(set_field:0x1->ct_mark)), output:NORMAL cookie=0xdeff105, priority=102, in_port=2, dl_src=00:35:01:a6:81:fe, icmp6, icmpv6_type=135, actions=ct(commit, zone=64000, exec(set_field:0x1->ct_mark)), output:NORMAL cookie=0xdeff105, priority=102, in_port=2, dl_src=00:35:01:a6:81:fe, icmp6, icmpv6_type=136, actions=ct(commit, zone=64000, exec(set_field:0x1->ct_mark)), output:NORMAL cookie=0xdeff105, priority=105, in_port=3, dl_src=00:35:01:a6:81:fe, ipv6, pkt_mark=0x3f0 actions=ct(commit, zone=64000, nat(src=fd2e:6f44:5dd8:c956::19), exec(set_field:0x4->ct_mark)),output:1 cookie=0xdeff105, priority=100, in_port=3, dl_src=00:35:01:a6:81:fe, ipv6, ipv6_src=fd69::b, actions=ct(commit, zone=64000, nat(src=fd2e:6f44:5dd8:c956::19), exec(set_field:0x4->ct_mark)), output:1 cookie=0xdeff105, priority=100, in_port=LOCAL, ipv6, actions=ct(commit, zone=64000, exec(set_field:0x2->ct_mark)), output:1 cookie=0xdeff105, priority=50, in_port=1, ipv6, actions=ct(zone=64000, nat, table=1) cookie=0xdeff105, priority=104, in_port=2, ipv6, ipv6_src=fd01::/48, actions=drop cookie=0xdeff105, priority=109, in_port=2, dl_src=00:35:01:a6:81:fe, ipv6, ipv6_src=fd01:0:0:6::/64actions=ct(commit, zone=64000, exec(set_field:0x1->ct_mark)), output:1 cookie=0xdeff105, priority=15, table=1, ipv6, ipv6_dst=fd01::/48, actions=output:2 cookie=0xdeff105, priority=16, table=1, ipv6, ipv6_dst=fd01:0:0:6::2, actions=output:LOCAL cookie=0xdeff105, priority=15, table=1, ipv6, ipv6_dst=fdc4:1042:13::/56, actions=output:3 cookie=0xdeff105, priority=16, table=1, ipv6, ipv6_dst=fdc4:1042:13:3::2, actions=output:LOCAL cookie=0xdeff105, priority=10, table=1,  dl_dst=00:35:01:a6:81:fe, actions=output:LOCAL cookie=0xdeff105, priority=14, table=1,icmp6,icmpv6_type=134 actions=FLOOD cookie=0xdeff105, priority=14, table=1,icmp6,icmpv6_type=136 actions=FLOOD cookie=0xdeff105, priority=13, table=1, in_port=1, udp6, tp_dst=3784, actions=output:2,output:LOCAL cookie=0xdeff105, priority=0, table=1, actions=output:NORMAL] NORMAL:[table=0,priority=0,actions=NORMAL

This commit fixes that but also, fixes the Unit tests
which were already dualstack aware but to take IPV6
serviceCIDR family which by default was only the IPV4
address, so the v6 service cidr rules were not getting
installed correctly.

This commit also changes a few spots to consistently use
`ipv6` protocol prefix rather than `ip6` so that
pattern matching used in unit tests works correctly w/o
the need to account for both types of matches.

Signed-off-by: Surya Seetharaman <[email protected]>
@tssurya
Consider more than 1 family serviceCIDR range for UDN service flows
936faeb 
Signed-off-by: Surya Seetharaman <[email protected]>
@tssurya
Make ip and ipv6 constants in flow code
f350f9b 
Signed-off-by: Surya Seetharaman <[email protected]>
@tssurya
Copy link
Contributor Author

tssurya commented Sep 9, 2025

/retest

@tssurya
fix stupid conflict
8628c90 
Signed-off-by: Surya Seetharaman <[email protected]>
@jechen0648
Copy link
Contributor

/verified by "pre-merge testing"

@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Sep 9, 2025
@openshift-ci-robot
Copy link
Contributor

@jechen0648: This PR has been marked as verified by "pre-merge testing".

In response to this:

/verified by "pre-merge testing"

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 9, 2025

@tssurya: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/images 8628c90 link true /test images
ci/prow/e2e-aws-ovn-edge-zones 8628c90 link true /test e2e-aws-ovn-edge-zones
ci/prow/e2e-metal-ipi-ovn-techpreview 8628c90 link false /test e2e-metal-ipi-ovn-techpreview
ci/prow/e2e-aws-ovn-hypershift-conformance-techpreview 8628c90 link false /test e2e-aws-ovn-hypershift-conformance-techpreview
ci/prow/e2e-aws-ovn-hypershift-kubevirt 8628c90 link false /test e2e-aws-ovn-hypershift-kubevirt
ci/prow/e2e-metal-ipi-ovn-dualstack-techpreview 8628c90 link false /test e2e-metal-ipi-ovn-dualstack-techpreview
ci/prow/4.20-upgrade-from-stable-4.19-e2e-gcp-ovn-rt-upgrade 8628c90 link true /test 4.20-upgrade-from-stable-4.19-e2e-gcp-ovn-rt-upgrade
ci/prow/security 8628c90 link false /test security
ci/prow/e2e-aws-ovn-serial 8628c90 link true /test e2e-aws-ovn-serial
ci/prow/e2e-aws-ovn-hypershift 8628c90 link true /test e2e-aws-ovn-hypershift
ci/prow/lint 8628c90 link true /test lint
ci/prow/e2e-aws-ovn-local-to-shared-gateway-mode-migration 8628c90 link true /test e2e-aws-ovn-local-to-shared-gateway-mode-migration
ci/prow/e2e-metal-ipi-ovn-dualstack 8628c90 link true /test e2e-metal-ipi-ovn-dualstack
ci/prow/e2e-ovn-hybrid-step-registry 8628c90 link false /test e2e-ovn-hybrid-step-registry
ci/prow/4.21-upgrade-from-stable-4.20-e2e-aws-ovn-upgrade 8628c90 link true /test 4.21-upgrade-from-stable-4.20-e2e-aws-ovn-upgrade
ci/prow/4.21-upgrade-from-stable-4.20-images 8628c90 link true /test 4.21-upgrade-from-stable-4.20-images
ci/prow/4.21-upgrade-from-stable-4.20-e2e-gcp-ovn-rt-upgrade 8628c90 link true /test 4.21-upgrade-from-stable-4.20-e2e-gcp-ovn-rt-upgrade

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 9, 2025
@openshift-merge-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jcaamano jcaamano Awaiting requested review from jcaamano

@martinkennelly martinkennelly Awaiting requested review from martinkennelly

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. verified Signifies that the PR passed pre-merge verification criteria

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tssurya @jechen0648 @openshift-ci-robot @openshift-merge-robot