OpenShift on OpenStack: Egress router not working

Solution Verified - Updated 14 Jun 2024

Environment

Egress router deployed on OpenShift 3.3 on OpenStack 8

Issue

After deploying an egress router in OpenShift running on OpenStack, the egress-router POD is not able to reach the EGRESS_DESTINATION.

Resolution

There are two solutions:

Red Hat Recommended: Whitelist both the ip address and the mac address of the macvaln interface of the egress pod, with a command similar to:

  # neutron port-update $neutron_port_uuid --allowed_address_pairs list=true type=dict mac_address=11:22:33:44:55:66,ip_address=192.168.1.111

Or, disable the security port as described here:

Unable to pass traffic through firewall appliance instance

Diagnostic Steps

rsh into the egress-router POD and try to ping or curl to the EGRESS_DESTINATION

SBR

Shift

Product(s)

Red Hat OpenShift Container Platform

Category

Customize or extend

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.