New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DualStack / IPv6-only: parseIP error with IPVS proxy on CentOS 7 #89520
Comments
/sig network |
/cc |
Taking one of the outputs it gives me the following addresses?
@duylong can you share more details about your environment,
Indeed that new net.Utils change looks suspicious , a quick grep in the repo gives me some suspects, maybe the service/ipallocator?
It's important to mention there were similar issues with IPVS before, interpreting IPv4 addresses as IPv6, @uablrek has some experience with this kind of issues, maybe he can see something:) /cc |
A bit tricky to trace since libnetwork/ipvs is moving around at the moment. Problem seems to be in; The "family" must be wrong. It is called from; |
@duylong Please do a |
Hi, Some informations:
cluster-cidr and service-cidr:
ipvsadm output:
|
Ref: 8d7780d |
@SataQiu The commit in the ref above should be in v1.18.0 which is the version used in this issue. So the commit does not fix the problem. |
@uablrek Maybe something wrong around here https://github.com/kubernetes/kubernetes/blob/master/vendor/github.com/docker/libnetwork/ipvs/netlink.go#L463
Now it looks like this:
However |
I do not get these faults. Has the netlink API changed? @duylong What kernel version are you using? |
d.AddressFamily is supposed to be set from the "NetlinkRouteAttr" slice;
It should definitely not be hard-coded to ipv4. |
Made a gist trying to reproduce this in my environment but didn't got this error. I may try this on some older kernel like from CentOS 7 Added exactly the same IPVS configuration here:
And when running this 'gist/program' pointing to the IPVS from the DNS (fd00:10:96::a port 53 UDP) got the expected result:
Maybe trying to run this also in some other scenarios could clarify if this is something related to Netlink API changed between Kernels, something with the used library, etc. |
After some study, I find that this issue most likely is caused by the low linux kernel version. Accroding to the code, netlink will try to get This is the
No But in new kernel version, the
Obviously, the kernel has added some attributes (IPVS_DEST_ATTR_ADDR_FAMILY, IPVS_DEST_ATTR_STATS64...). That is why kube-proxy works well on systems with a higher version of the kernel. So we can address this issue by upgrading our linux kernel. |
Here is the
|
@SataQiu Good finding. So, we can conclude that this really is kernel version dependent. It is hard to know what to do about it. We must check the family. I would propose that we make it work for ipv4 with some fallback and put a requirement on kernel version for ipv6-only/dual-stack. But the decision is others to make. /cc @andrewsykim @thockin |
/cc @m1093782566 |
The symbol in the kernel tree https://github.com/torvalds/linux/blob/7111951b8d4973bda27ff663f2cf18b663d15b48/include/uapi/linux/ip_vs.h#L404 The |
The commit that adds the symbol;torvalds/linux@6cff339 |
I did not know the minimum required for the kernel version, I was using the stable and official version of RHEL7. My kernel version is:
Currently the max version in the repository is:
According to the documentation (https://access.redhat.com/articles/3078), I should switch to RHEL8 if I want a recent kernel :-\ |
There is no minimum kernel version requirement afaik. So I think this must be fixed for ipv4-only clusters IMO. However ipv6-only and dual-stack are in "alpha" so a requirement on kernel version might be ok, but I can't say myself. |
ipv6-only is beta since 1.18 😄 |
/assign |
/remove-triage unresolved |
Thanks @rikatz just waiting on moby/ipvs#15 now |
same issue,sloved by update kernel to 5.X |
I didn't want to wait, I updated to kernel-lt in the version 4.4 . The problem is solved on my side :) |
Thanks for confirming. We'll still try to get moby/ipvs#15 in since I'm sure other folks with older kernels will run into this issue. |
/retitle parseIP error with IPVS proxy |
upgrade your system kernel to 4.xx edition |
FYI: moby/ipvs#15 just merged, need to run some validation & cut a new release (v1.0.1). |
FYI #90555 |
/retitle DualStack / IPv6-only: parseIP error with IPVS proxy on CentOS 7 |
v1.18 cherry-pick #90678 |
|
Hi, it seems that you're using v1.18.0 and this has been corrected in v1.18.3, can you please update and check? Tks |
Hi,
Since my upgrade to 1.18 version, I have errors in kube-proxy:
I have ipv4/ipv6 dualstack enable. No problem with cluster and IPVS works despite errors.
Do you have also this issue ?
kubectl version
):The text was updated successfully, but these errors were encountered: