-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
enable-nat46x64-gateway breaks network connectivity over tun interfaces #32457
Labels
feature/lb-only
Impacts cilium running in lb-only datapath mode
info-completed
The GH issue has received a reply from the author
kind/bug
This is a bug in the Cilium logic.
kind/community-report
This was reported by a user in the Cilium community, eg via Slack.
needs/triage
This issue requires triaging to establish severity and next steps.
sig/datapath
Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Comments
farcaller
added
kind/bug
This is a bug in the Cilium logic.
kind/community-report
This was reported by a user in the Cilium community, eg via Slack.
needs/triage
This issue requires triaging to establish severity and next steps.
labels
May 10, 2024
farcaller
changed the title
enable-nat46x64-gateway breaks network connectivity over tap interfaces
enable-nat46x64-gateway breaks network connectivity over tun interfaces
May 10, 2024
@farcaller are you able to capture a pwru of traffic that is being dropped? |
squeed
added
the
need-more-info
More information is required to further debug or fix the issue.
label
May 14, 2024
Is this enough?
Here's how the same ping looks with the option disabled:
|
github-actions
bot
added
info-completed
The GH issue has received a reply from the author
and removed
need-more-info
More information is required to further debug or fix the issue.
labels
May 14, 2024
squeed
added
sig/datapath
Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
feature/lb-only
Impacts cilium running in lb-only datapath mode
labels
May 16, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
feature/lb-only
Impacts cilium running in lb-only datapath mode
info-completed
The GH issue has received a reply from the author
kind/bug
This is a bug in the Cilium logic.
kind/community-report
This was reported by a user in the Cilium community, eg via Slack.
needs/triage
This issue requires triaging to establish severity and next steps.
sig/datapath
Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Is there an existing issue for this?
What happened?
When I enable
enable-nat46x64-gateway
, tcp and icmp traffic over nodes with cilium stops immediately upon the agents applying the new configuration. If it's disabled, the traffic resumes. This was tested with tailscale providingtailscale0
interface by trying to ping the node using the ip address of the tailscale0 interface and trying to access the apiserver that normally listens on that interface. Tailscale ssh works, because it doesn't materialize as physical packets on the interface.The functionality on physical links (e.g. eth0) is not affected. The functionality of accessing the services from the node itself is not affected (but I suppose that doesn't really go through the same flow anyway).
Cilium Version
1.15.4 9b3f9a8
Kernel Version
6.6.28
Kubernetes Version
v1.29.3+k3s1
Regression
No response
Sysdump
cilium-sysdump-20240510-105545.zip
Relevant log output
No response
Anything else?
No response
Cilium Users Document
Code of Conduct
The text was updated successfully, but these errors were encountered: