lou-lan
lou-lan
@bayooow please try this link https://slack.cncf.io/
Please use `v0.6.7`, and try again, this vesion have been fix some bugs. Please show the fellow output in you cluster: Run on k8s master: ```shell kubectl get node -o...
Could you check again whether the traffic matches the following rules on `worker1`? For example, in your case with wget google.com, the reply should first go to `worker1`. ``` -A...
@huizsh It looks like E`GRESSGATEWAY-REPLY-ROUTING` didn’t match any traffic. Should we first check whether the request to google.com actually receives any response? The IP 74.125.68.104 is the DNS resolution result...
@huizsh iptables -t raw -nvL cali-PREROUTING ```diff -A cali-PREROUTING -m comment --comment "cali:uvipz_NmQPrGYnTB" -m mark --mark 0x80000/0x80000 -m rpfilter --validmark --invert -j DROP # my cluster +A cali-PREROUTING -m comment...
@huizsh https://github.com/projectcalico/calico/blob/v3.29.1/felix/rules/static.go#L1387 The code logic in version `3.29.1` and version `latest` also includes mask and mark **condition**. However, it seems your cluster doesn’t have this conditional filtering. Please run the...
Although this rule looks strange, it doesn’t seem to be causing the issue, because the traffic counter is 0. Please check again on worker1 with: ``` sysctl -a | grep...
@huizsh rp_filter is right, please check `sysctl -a | grep net.ipv4.ip_forward`
Some traffic is being lost between `egress.vxlan` and iptables, and the root cause is still unclear. I’ll try to reproduce it using v1.29.12+rke2r1. Which OS version are you using?
> [@lou-lan](https://github.com/lou-lan) are you able to reproduce this? Not reproduced. ``` node@node1:~$ cat /etc/rancher/rke2/config.yaml cni: calico cluster-cidr: 10.42.0.0/16 service-cidr: 10.43.0.0/16 node-port-range: 30000-32767 ```