Closed manosnoam closed 3 years ago
@sridhargaddam opened issue #1081 with Libreswan specific details in it + tcpdump.
Regarding the subctl connection issue, the current behavior is:
Pinger/Healthcheck only pings the HealthcheckIP (which belongs to Pod CIDR whose connection is fine)
subctl connection code currently marks a connection as connected if at least one of the sub-connections in a connection is active state.
This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.
On non-globalnet env, Libreswan had connection failure, so nginx service on one cluster, could not be reached from another cluster: https://qe-jenkins-csb-skynet.cloud.paas.psi.redhat.com/job/debug_job/940/Test-Report/
The problem: The connection failure was not displayed with
subctl show
command, but it should have been displayed, at least as warning.What happened:
Subctl shows no error:
But Submariner Gateway pod does show a connection problem in whack:
Also Libreswan shows that the connection is marked as "prospective erouted":
Environment: OCP cluster A (AWS):
Client Version: 4.6.9 Server Version: 4.6.9 Kubernetes Version: v1.19.0+7070803
OCP cluster B (OSP): Client Version: 4.6.9 Server Version: 4.4.7 Kubernetes Version: v1.17.1+f5fb168
Submariner: subctl version: v0.8.0-25-g7efa84b
Showing information for cluster "default-cl2": COMPONENT REPOSITORY VERSION
submariner
submariner-operator registry.redhat.io/rhacm2-tech-preview/submariner-rhe v0.8.0