Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The pod network is not accessible because no routes have been created #8751

Open
Luoganggang opened this issue Apr 24, 2024 · 1 comment
Open

The pod network is not accessible because no routes have been created #8751

Luoganggang opened this issue Apr 24, 2024 · 1 comment
Labels
kind/support

Comments

@Luoganggang
Copy link

Expected Behavior

The pods on this node can accessible via pod ip.

Current Behavior

Node A and Node B are in different subnets. In Calico's BGP mode, the BGP peer status is "up" or "established." No network policies have been set, and the network between nodes is functioning normally, but the pod network cannot be pinged and no routes have been created.

Steps to Reproduce (for bugs)

1.Node A and Node B are in different subnets.
2.Create a pod on Node A.
3.On Node B, unable to ping the IP address of the pod created on Node A.
4.

Context

calicoctl node checksystem Checking kernel version... 3.10.0-1160.92.1.el7.x86_64 OK Checking kernel modules... ipt_rpfilter OK xt_conntrack OK xt_icmp6 OK xt_bpf OK ipt_REJECT OK ip_tables OK ipt_ipvs OK ipt_set OK xt_icmp OK xt_u32 OK ip_set OK ip6_tables OK nf_conntrack_netlink OK xt_addrtype OK xt_mark OK xt_multiport OK xt_set OK vfio-pci OK xt_rpfilter OK System meets minimum system requirements to run Calico!

calicoctl node status 
Calico process is running.

IPv4 BGP status
+--------------+-------------------+-------+------------+--------------------------------+
| PEER ADDRESS |     PEER TYPE     | STATE |   SINCE    |              INFO              |
+--------------+-------------------+-------+------------+--------------------------------+
| $A   | node-to-node mesh | up | 2024-04-23 | Established                       |

calicoctl.sh get ipPool -o yaml
apiVersion: projectcalico.org/v3
items:
- apiVersion: projectcalico.org/v3
  kind: IPPool
  metadata:
    creationTimestamp: "2022-11-22T08:04:58Z"
    name: default-pool
    resourceVersion: "2052"
    uid: fa590d17-57ea-4dbb-abf4-bfb940dc2f9b
  spec:
    blockSize: 24
    cidr: 10.6.184.0/21
    ipipMode: Never
    natOutgoing: true
    nodeSelector: all()
    vxlanMode: Never
kind: IPPoolList
metadata:
  resourceVersion: "204518366"


calicoctl.sh get bgpConfiguration -o yaml
apiVersion: projectcalico.org/v3
items:
- apiVersion: projectcalico.org/v3
  kind: BGPConfiguration
  metadata:
    creationTimestamp: "2022-11-22T08:04:59Z"
    name: default
    resourceVersion: "2055"
    uid: 57c24147-5b7d-4224-a1cb-e3665288066f
  spec:
    asNumber: 64512
    listenPort: 179
    logSeverityScreen: Info
    nodeToNodeMeshEnabled: true
kind: BGPConfigurationList
metadata:
  resourceVersion: "204528789"

Your Environment

  • Calico version::v3.20.3
  • Orchestrator version (e.g. kubernetes, mesos, rkt):kubernetesv1.22.8
  • Operating System and version:CentOS Linux release 7.9.2009 (Core)
  • Link to your project (optional):
@coutinhop
Copy link
Contributor

At a first glance, it looks like it may be a route issue, since you're using no encapsulation (both IPIP and VXLAN set to never in you IP pool), the routes needed to reach pods on a node in a different network are most probably not in place. Any specific reason not to use encapsulation? I ask this because merely enabling IPIP may make it just work. Otherwise, you'd need to provide more information related to your setup (output of ip route on the nodes, maybe routes from birdcl on them too, etc).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/support
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@coutinhop @Luoganggang