Cilium Connectivity test using external dns lookups failing when bpf masquarade enabled in native routing mode #32559
Labels
kind/bug
This is a bug in the Cilium logic.
needs/triage
This issue requires triaging to establish severity and next steps.
sig/datapath
Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Is there an existing issue for this?
What happened?
While doing due diligence for issue #32525 I've run into a reproducible connectivity test involving external dns lookups using the same baseline native routing with bpf masquerade enabled baseline environment.
Cilium Version
cilium 1.15.5 and 1.15.4 have been tested and having reproducible connectivity test failures
cilium 1.14.10 has been tested it also has connectivity test failures
Kernel Version
Linux localhost 6.7.4-200.fc39.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Feb 5 22:21:14 UTC 2024 x86_64 GNU/Linux
Kubernetes Version
Kind cluster using:
Client Version: v1.28.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.29.2
Regression
Does not appear to be a regression, 1.14.10 also fails for me reproducible.
Sysdump
1.15.5 sysdump from first failed action for --test='client-egress-l7-named-port/pod-to-world/*'
cilium-sysdump-20240515-112214.zip
Relevant log output
Anything else?
I'm using same environment I used in #32525
failing cilium config on 1.15.4 and 1.15.5:
passing cilium config on 1.15.4 and 1.15.5:
the
bpf.legacyHostRouting
option value has no impact in 1.15.4 or 1.15.5 test results.The config that fails for 1.15.4 and 1.15.5 above works in cilium 1.14.10
Cilium Users Document
Code of Conduct
The text was updated successfully, but these errors were encountered: