cilium: DSR mode is broken

Is there an existing issue for this?

  • I have searched the existing issues

What happened?

This commit breaks DSR mode: https://github.com/cilium/cilium/commit/0ef5d1e831ffc38ceec577d0ca020c15345faa6e

Example:

kind: Pod
apiVersion: v1
metadata:
  name: net-test
  namespace: default
  labels:
    app: net-test
spec:
  nodeName: k8s-1
  containers:
  - name: main
    image: ealen/echo-server
---
kind: Service
apiVersion: v1
metadata:
  name: net-test
  namespace: default
spec:
  type: ClusterIP
  selector:
    app: net-test
  externalIPs:
  - X.X.X.X
  ports:
    - port: 11117
      targetPort: 80

X.X.X.X - external ip which belongs to k8s-1 node

curl http://X.X.X.X:11117 will hang

Cilium Version

latest git

Kernel Version

5.15.0

Kubernetes Version

1.21.5

Sysdump

No response

Relevant log output

No response

Anything else?

No response

Code of Conduct

  • I agree to follow this project’s Code of Conduct

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 21 (21 by maintainers)

Most upvoted comments

Will make some tests tomorrow and will get back with results.

+1
kvaster on Jan 25, 2022

All IPs are on the same node - they are all local. And about bisect - yes. I found this by bisecting. I will trace packets using pwru and will get back.

+1
kvaster on Dec 10, 2021
Read more comments on GitHub
← cilium: Don't require host reachable service for ebpf masquerading
cilium: During deployment upgrade with high max surge, some pods are stuck in ContainerCreating state →