iptables-restore fails with error '"Failed to execute iptables-restore" err="exit status 2 (iptables-restore v1.8.4 (nf_tables): Port `:ffff:x.x.x.x]:yyyy' not valid\n\nError occurred at line: 645"'

Solution In Progress - Updated -

Issue

  • If a user manually crafts a Endpoint object with field subsets.addresses.ip containing a IPv4-mapped IPv6 address (example: ::ffff:10.128.0.10) and then recreates a SDN pod, the SDN pod will fail to run iptables-restore showing errors such as the following (note that the IP is ::ffff:10.128.0.10 while the error shows an address with a truncated first colon :ffff:10.128.0.10):
E0303 16:14:46.953649 140364 proxier.go:1567] "Failed to execute iptables-restore" err="exit status 2 (iptables-restore v1.8.4 (nf_tables): Port `:ffff:10.128.0.10]:8080' not valid\n\nError occurred at line: 645\nTry `iptables-restore -h' or 'iptables-restore --help' for more information.\n
  • After creating a Endpoint object with field subsets.addresses.ip containing a IPv4-mapped IPv6 address, accessing any Service in the cluster results in the error No route to host

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4.11
  • OpenShiftSDN

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content