Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Great, but I didn’t deploy successfully #1581

Open
GounGG opened this issue Dec 18, 2024 · 1 comment
Open

Great, but I didn’t deploy successfully #1581

GounGG opened this issue Dec 18, 2024 · 1 comment
Assignees
@lou-lan

Comments

@GounGG
Copy link

GounGG commented Dec 18, 2024
edited
Loading

Describe the version
egressgateway 0.6.0
Kubernetes 1.22
Kernel 3.10.0-1160.83.1.el7.x86_64

Describe the bug
After the network packet reaches the egress gateway node, the tcp packet can only be captured on the egress.vxlan network card, but cannot be captured on the intranet network card of the gateway.
It feels like the iptable net rules are not matching.

$ iptables -t nat -L EGRESSGATEWAY-SNAT-EIP
Chain EGRESSGATEWAY-SNAT-EIP (1 references)
target     prot opt source               destination         
SNAT       all  --  anywhere             anywhere             /* egw:V9Ba0h-LO-2cnVcY */ /* snat policy default-test */ match-set egress-src-v4-738bb014438bdbfe7 src ! match-set egress-cluster-cidr-ipv4 dst ctdir ORIGINAL to:10.197.76.25

# ipset
Name: egress-src-v4-738bb014438bdbfe7
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 440
References: 1
Number of entries: 1
Members:
10.244.3.17

Screenshots and log

$ tcpdump -i egress.vxlan host 8.8.8.8
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on egress.vxlan, link-type EN10MB (Ethernet), capture size 262144 bytes
17:54:02.606377 IP 10.244.3.17 > dns.google: ICMP echo request, id 1202, seq 62, length 64
17:54:03.606468 IP 10.244.3.17 > dns.google: ICMP echo request, id 1202, seq 63, length 64
17:54:04.606554 IP 10.244.3.17 > dns.google: ICMP echo request, id 1202, seq 64, length 64

# lan network device
$ tcpdump -i bond0 host 8.8.8.8 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

value.yaml

feature:
  tunnelIpv4Subnet: "192.200.0.0/16"
  tunnelDetectMethod: "interface=bond0"
  gatewayFailover:
    enable: true
  datapathMode: "iptables"

controller:
  replicas: 2
@lou-lan
Copy link
Collaborator

lou-lan commented Dec 18, 2024
edited
Loading

Hi, please provide the fellow infomation.

helm get values YOU_RELEASE_NAME -n NAMESPACE
kubectl get egresspolicy YOU_POLICY -o yaml
kubectl get egressgateway YOU_GATEWEEAY -o yaml
kubectl get node -o wide --show-labels
kubectl get pods -o wide | grep YOU_TEST_POD

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lou-lan lou-lan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lou-lan @GounGG