Comments (4)
This patch makes it working in my setup with hostLegacyRouting=true
execpt connectivity from pods to external net:
diff --git a/bpf/bpf_lxc.c b/bpf/bpf_lxc.c
index 5034120554..5b26d84b01 100644
--- a/bpf/bpf_lxc.c
+++ b/bpf/bpf_lxc.c
@@ -1250,7 +1250,7 @@ skip_vtep:
return ret;
}
#endif /* TUNNEL_MODE || ENABLE_HIGH_SCALE_IPCACHE */
- if (is_defined(ENABLE_HOST_ROUTING)) {
+ if (!is_defined(ENABLE_HOST_ROUTING)) {
int oif = 0;
ret = fib_redirect_v4(ctx, ETH_HLEN, ip4, false, false, ext_err, &oif);
from cilium.
@borkmann maybe you could help to investigate this?
from cilium.
Oh, after three days of debugging I found that ovn0
device has missing bpf program:
now I added it to cilium-config:
devices: "en+ ovn0"
and everything statred working 🎉
# tc filter show dev ovn0 egress
filter protocol all pref 1 bpf chain 0
filter protocol all pref 1 bpf chain 0 handle 0x1 cil_to_netdev-ovn0 direct-action not_in_hw id 114214 tag 63638179020264a5 jited
Is there any way to say "use autodetected device plus another one" in cilium?
Also there is a potencial race condition, because kube-ovn requires cilium to working and starts , and cilium requires ovn0
interface to add bpf program on it.
from cilium.
Closed in favor #32721
from cilium.
Related Issues (20)
- bpf_lxc: support LB for nodeports in the per-packet LB (wildcard lookup)
- ClusterIP Service routes traffic to incorrect destination pod after upgrading EKS masters to 1.29 HOT 2
- CiliumNetworkPolicy ingress.fromCIDR doesnt work with IPv6 HOT 2
- CFP: Cilium dedicated ingress for some endpoints and shared for others
- CFP: E2E tests for delegated IPAM HOT 1
- Consolidate SPI usage HOT 2
- Cilium native hostport: an empty hostIP or a `0.0.0.0` hostIP behaves differently than CNI portmap HOT 1
- CI: Conformance EKS - controller daemon-validate-config is failing - Config differs
- CES fast and standard queues - Improvements HOT 3
- Egress policy works for RFC1918 gateway, not non-RFC1918
- cilium-cni is not friendly enough to support ntp HOT 1
- Gateway API: model source can't be empty HOT 1
- hive: Add new metric to expose degraded hive modules HOT 1
- Ingress not serving https HOT 1
- Pod to pod communication not being refresh in UDP connections.
- NAT LRU Eviction due to Full Capacity
- Incorrect priority ordering between redirect and allow policies HOT 1
- Bare Metal Cilium l2 Advertisement not sending ARPS HOT 6
- Cilium ICMP health probes failing for certain worker nodes
- CFP: BGP Route Learning
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cilium.