kubeovn / kube-ovn

A Bridge between SDN and Cloud Native (Project under CNCF)
https://kubeovn.github.io/docs/stable/en/
Apache License 2.0
1.96k stars 443 forks source link

pod EIP can’t work under defualt VPC #2051

Closed Dai-Yi closed 10 months ago

Dai-Yi commented 1 year ago

Expected Behavior

EIP can ping, curl EIP which bound to Pod running nginx could get response

Actual Behavior

EIP can‘t ping, curl EIP which bound to Pod running nginx get hint: “No route to host” or “Timeout”

Steps to Reproduce the Problem

1.apply configmap

apiVersion: v1
kind: ConfigMap
metadata:
  name: ovn-external-gw-config
  namespace: kube-system
data:
  enable-external-gw: "true"
  type: "centrailized"
  external-gw-nodes: "eb62167"
  external-gw-nic: "ens35"
  external-gw-addr: "10.1.61.112/24"
  nic-ip: "10.1.61.100/24"
  nic-mac: "16:52:f3:13:6a:25"

2.Confirm the Configuration Take Effect

# kubectl ko nbctl show
switch f087444c-34c7-40ca-a6e4-a290b4798dbf (ovn-external)
    port ln-ovn-external
        type: localnet
        addresses: ["unknown"]
    port ovn-external-ovn-cluster
        type: router
        router-port: ovn-cluster-ovn-external
router 4a6d2185-ed98-4a8c-b15f-773bd346780a (ovn-cluster)
    port ovn-cluster-ovn-external
        mac: "16:52:f3:13:6a:25"
        networks: ["10.1.61.100/24"]
        gateway chassis: [d17fc2cb-6d47-4ad3-b10d-c14dbe450cea]
# kubectl ko vsctl eb62167 show
1310e607-d9d2-49c0-963f-b84b433875d3
    Bridge br-external
        Port br-external
            Interface br-external
                type: internal
        Port ens35
            Interface ens35
        Port patch-ln-ovn-external-to-br-int
            Interface patch-ln-ovn-external-to-br-int
                type: patch
                options: {peer=patch-br-int-to-ln-ovn-external}

3.Config EIP on Pod

apiVersion: v1
kind: Pod
metadata:
  name: pod-gw-eip
  annotations:
    ovn.kubernetes.io/eip: 10.1.61.200
spec:
  containers:
  - name: eip-pod
    image: nginx
    ports:
    -  name: nginx-port
       containerPort: 80

Additional Info

希望老哥帮忙看看怎么回事

bobz965 commented 1 year ago

同样地,目前master分支,在集群内部的node上ping eip 是ok的,但是telnet 和 curl 端口应该是有问题的,集群外部ping 和 curl应该都是ok的吧?

Dai-Yi commented 1 year ago

同样地,目前master分支,在集群内部的node上ping eip 是ok的,但是telnet 和 curl 端口应该是有问题的,集群外部ping 和 curl应该都是ok的吧?

集群内集群外ping EIP都ping不通,我感觉配置EIP的configmap和Pod的annotations是不是没配对

bobz965 commented 1 year ago

同样地,目前master分支,在集群内部的node上ping eip 是ok的,但是telnet 和 curl 端口应该是有问题的,集群外部ping 和 curl应该都是ok的吧?

集群内集群外ping EIP都ping不通,我感觉配置EIP的configmap和Pod的annotations是不是没配对

external-gw-addr: "10.1.61.112/24" 这个不是真实的物理网关吧?

Dai-Yi commented 1 year ago

同样地,目前master分支,在集群内部的node上ping eip 是ok的,但是telnet 和 curl 端口应该是有问题的,集群外部ping 和 curl应该都是ok的吧?

集群内集群外ping EIP都ping不通,我感觉配置EIP的configmap和Pod的annotations是不是没配对

external-gw-addr: "10.1.61.112/24" 这个不是真实的物理网关吧?

10.1.61.112这是节点上承担网关作用的那个网卡ens35的ip地址,请问我的物理网关地址是以下显示的第一个(10.1.62.1)吗?

route -n

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.1.62.1 0.0.0.0 UG 0 0 0 ens32 10.1.35.0 0.0.0.0 255.255.255.0 U 101 0 0 ens36 10.1.61.0 0.0.0.0 255.255.255.0 U 100 0 0 ens35 10.1.62.0 0.0.0.0 255.255.255.0 U 0 0 0 ens32 10.16.0.0 100.64.0.1 255.255.0.0 UG 0 0 0 ovn0 100.64.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ovn0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 ens32 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 我把configmap中的external-gw-addr项改为10.1.62.1后仍然ping不通EIP

bobz965 commented 1 year ago

同样地,目前master分支,在集群内部的node上ping eip 是ok的,但是telnet 和 curl 端口应该是有问题的,集群外部ping 和 curl应该都是ok的吧?

集群内集群外ping EIP都ping不通,我感觉配置EIP的configmap和Pod的annotations是不是没配对

external-gw-addr: "10.1.61.112/24" 这个不是真实的物理网关吧?

10.1.61.112这是节点上承担网关作用的那个网卡ens35的ip地址,请问我的物理网关地址是以下显示的第一个(10.1.62.1)吗?

route -n

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.1.62.1 0.0.0.0 UG 0 0 0 ens32 10.1.35.0 0.0.0.0 255.255.255.0 U 101 0 0 ens36 10.1.61.0 0.0.0.0 255.255.255.0 U 100 0 0 ens35 10.1.62.0 0.0.0.0 255.255.255.0 U 0 0 0 ens32 10.16.0.0 100.64.0.1 255.255.0.0 UG 0 0 0 ovn0 100.64.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ovn0 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 ens32 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 我把configmap中的external-gw-addr项改为10.1.62.1后仍然ping不通EIP

我只用过物理交换机的真实网关的场景,感觉真实物理网关是没问题的。

github-actions[bot] commented 11 months ago

Issues go stale after 60d of inactivity. Please comment or re-open the issue if you are still interested in getting this issue fixed.