-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
large pod packets is not encapsulated in ip-in-ip packets and are silently dropped #8953
Comments
Could you share the routing table on each of the source nodes (host2 / host3)? That is what I would expect would determine whether a packet goes over the tunnel or not. |
what is the MTU set on the IPIP tunnel on each of the hosts? What is the MTU on the eth0?
should show the MTU. Calico will attempt to auto-detect the MTU of your "eth0" device at startup and applyt eh correct value to the tunnel. |
All cali and tunnel interfaces have MTU of 1440 on all hosts the ip route for the host that cannot connect is:
the ip route for the host that can connect:
|
I have several pods running on a host, lets say host1, listening on https ports.
I can connect to all those pods from a host, lets say host3, using openssl s_client -connect podIP:port with no issues.
However, from another host, lets say host2, i cannot.
Looking at the tcpdump output when connecting from host2, i can see that the return traffic from the pods is not encapsulated in IP-in-IP traffic per below:
the above clearly shows that the packet with 2394 length is not encapsulated in IP-in-IP and is silently dropped, yet the following packet which is 1006 in length is, as seen by the following tcpdump IP-in-IP packets.
the tcpdump from host3 shows that the large packets are encapsulated with no problem.
Expected Behavior
the large packets from the pod should be encapsulated in IP-in-IP regardless.
Current Behavior
since this is ssl connection, the handshake is not completed when connecting from host2.
Possible Solution
no idea
Steps to Reproduce (for bugs)
Context
trying to connect to a pod from host2 using openssl
Your Environment
Client Version: v3.24.3
Git commit: d833a9e
Cluster Version: v3.24.3
Cluster Type: k8s,bgp,kubeadm,kdd
kubadm version
Client Version: v1.25.0
Server Version: v1.25.3
The text was updated successfully, but these errors were encountered: