Skip to content

Cilium ignores packets received on interface without default route set. #21192

Closed as not planned
Closed as not planned
Cilium ignores packets received on interface without default route set.#21192
Labels
area/datapathImpacts bpf/ or low-level forwarding details, including map management and monitor messages.kind/bugThis is a bug in the Cilium logic.kind/community-reportThis was reported by a user in the Cilium community, eg via Slack.need-more-infoMore information is required to further debug or fix the issue.needs/triageThis issue requires triaging to establish severity and next steps.staleThe stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale.
@kvaps

Description

@kvaps
kvaps
opened on Sep 2, 2022

Is there an existing issue for this?

  • I have searched the existing issues

What happened?

Cilium ignores packets received on interface without default route set.

We have configuration with MetalLB in L2 mode and cilium in kube-proxy free mode.
External packets are coming into vlan interface with no IP assigned (metallb is used to announce arp from this interface)

The graphical scheme:
image

It is exactly case 3 described in my Configuring routing for MetalLB in L2 mode article.

Problem is that cilium only routes external packets received on 192.168.1.0/24 network.
External packets for 1.2.3.4 are ignored for some reason.

Node setup:

ip link add link eth0 name eth0.100 type vlan id 100
ip link set eth0.100 up
ip route add 1.2.3.0/24 dev eth0.100 table 100
ip route add default via 1.2.3.1 table 100
ip rule add from 1.2.3.0/24 lookup 100

Cilium Version

v1.12.1

Kernel Version

5.4.0-86-generic

Kubernetes Version

v1.22.4

Sysdump

No response

Relevant log output

No response

Anything else?

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/datapathImpacts bpf/ or low-level forwarding details, including map management and monitor messages.kind/bugThis is a bug in the Cilium logic.kind/community-reportThis was reported by a user in the Cilium community, eg via Slack.need-more-infoMore information is required to further debug or fix the issue.needs/triageThis issue requires triaging to establish severity and next steps.staleThe stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions