Network Policy Retry create failed: error: unexpectedly found multiple equivalent ACLs

Solution Verified - Updated -

Issue

Master-OVN pod is firing multiple errors in logs about failing to create Network Policies for different namespaces. Due to finding multiple equivalent ACLs.

The following warning appears in ovn-kube-master pod logs

I0721 13:45:34.493941       1 policy_retry.go:65] Network Policy Retry create failed for surya/default-deny, will try again later: failed to create default port groups and acls for policy: surya/default-deny, error: unexpectedly found multiple equivalent ACLs: [{UUID:e00a3879-2ab3-4944-939f-90cf61c11d8f Action:allow Direction:to-lport ExternalIDs:map[default-deny-policy-type:Ingress] Label:0 Log:false Match:outport == @a16323395479447859119_ingressDefaultDeny && (arp || nd) Meter:0xc00112af30 Name:0xc00112af40 Options:map[] Priority:1001 Severity:0xc00112af50} {UUID:972c1aad-2f5f-4394-8d28-23e0b997e2ee Action:allow Direction:to-lport ExternalIDs:map[default-deny-policy-type:Ingress] Label:0 Log:false Match:outport == @a16323395479447859119_ingressDefaultDeny && arp Meter:0xc00112aea0 Name:0xc00112aeb0 Options:map[] Priority:1001 Severity:0xc00112aec0}]

Environment

OpenShift Container Platform 4.10.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content