TCP connection drops with LB mode: DSR ON when trying to reach ingress endpoint from outside the cluster #32437
Closed
2 of 3 tasks
Labels
area/loadbalancing
Impacts load-balancing and Kubernetes service implementations
feature/dsr
Relates to Cilium's Direct-Server-Return feature for KPR.
info-completed
The GH issue has received a reply from the author
kind/bug
This is a bug in the Cilium logic.
kind/community-report
This was reported by a user in the Cilium community, eg via Slack.
needs/triage
This issue requires triaging to establish severity and next steps.
Is there an existing issue for this?
What happened?
Components:
v1.6.1
)Cilium installed with
kubeProxyReplacement = true
.Also we have installed some pods with configured Ingress (HTTPS disable).
When we’re trying to initialize TCP connection from Client VM to Ingress with DSR ON - it breaks the connection. Our guess it’s because we receive a response from some Node and not from our ingress endpoint (Grafana LB).
Command used:
curl -k http://grafana.e2.powercom.dev
Control Plane IP:
10.50.1.193
Talos-node-01 IP:
10.50.1.194
Talos-node-02 IP:
10.50.1.195
Talos-node-03 IP:
10.50.1.196
Grafana LB IP:
10.50.1.209
We use Cilium L2 LB CRD
CiliumL2AnnouncementPolicy.txt
CiliumLoadBalancerIPPool.txt
Screenshot and dumpfile of tcpdump
tcpdump_dsr_on.zip
Important: Nginx Ingress Controller is on Talos-node-01, so the response is from 10.50.1.194
Cilium Version
Client: 1.15.4 9b3f9a8 2024-04-11T17:25:42-04:00 go version go1.21.9 linux/amd64
Daemon: 1.15.4 9b3f9a8 2024-04-11T17:25:42-04:00 go version go1.21.9 linux/amd64
Cilium Helm chart: 1.15.4
Kernel Version
Linux EEOPE2_talos-01 6.1.69-talos #1 SMP PREEMPT_DYNAMIC Thu Dec 21 15:48:53 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Linux EEOPE2_talos-02 6.1.69-talos #1 SMP PREEMPT_DYNAMIC Thu Dec 21 15:48:53 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Linux EEOPE2_talos-03 6.1.69-talos #1 SMP PREEMPT_DYNAMIC Thu Dec 21 15:48:53 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Kubernetes Version
Client Version: v1.29.4
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.29.0
Regression
No response
Sysdump
cilium-sysdump-20240508-152222.zip
Relevant log output
No response
Anything else?
This archive includes additional
cilium-config
andcilium-pod-config
files.cilium-configs.zip
Cilium Users Document
Code of Conduct
The text was updated successfully, but these errors were encountered: