michaeltison-dh
commented
11 months ago Example, node with name aks-pool0-37473129-vmss000007 (ip address 10.50.3.232) has this issue and a new pod spins up named simple-deploy-bad-06-54c454bb9f-zml99 (ip address 10.50.4.10). Once this new pod is up and I exec into it a nc -zv 8.8.8.8 80 times out and so does a netcat to any other ip address and port that this pod should be able to access (including other pods ip address and port on this same node).
Output of ip addr on the pod (simple-deploy-bad-06-54c454bb9f-zml99):
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
618: eth0@if619: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether fa:f9:73:d9:0d:69 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.50.4.10/20 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f8f9:73ff:fed9:d69/64 scope link
valid_lft forever preferred_lft foreverIt's interface index will show up on the host node as index 619.
Output of ip addr on the host node:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 60:45:bd:a7:ee:8c brd ff:ff:ff:ff:ff:ff
inet 10.50.3.232/20 metric 100 brd 10.50.15.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::6245:bdff:fea7:ee8c/64 scope link
valid_lft forever preferred_lft forever
3: enP23190s1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master eth0 state UP group default qlen 1000
link/ether 60:45:bd:a7:ee:8c brd ff:ff:ff:ff:ff:ff
altname enP23190p0s2
5: azvd2f24fe8b71@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-577dff07-3540-668a-946a-315e1b33c864
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
7: azve6e31251c0e@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-106f83d4-dc60-51ab-2789-6d790ad3e160
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
17: azvcf45bde84d4@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-15b2c858-0f80-af5c-4174-6b4de5e8f1f8
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
19: azvf977de10b6a@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-c78f7915-2b66-55e9-9e2a-88e9249b2ef7
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
25: azva2cb8c7462f@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-317fc211-0a01-d813-ec89-745ac151e5ce
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
27: azv27f56a5e537@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-c1786101-f61a-1052-2ad4-18385ddd6c00
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
29: azv1d5f562fca9@if28: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-d3defb42-3239-6f21-6165-2ab69efa9628
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
31: azv74f9fb83bad@if30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-467f3465-e83b-4a9a-ada9-f57607c4f280
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
33: azv6353dec4df5@if32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-07602167-6e04-66e8-4051-449a5a61dd4b
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
35: azvac4be32bd5f@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-132206cd-0407-95fa-1e99-d7c66fb39bb0
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
37: azv9fb20ea0598@if36: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-05fdbd50-e2c5-273a-0baa-a13241755d87
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
39: azv9d86a46ea25@if38: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-0dbcc2a7-d318-c047-3eaa-6513f5530c30
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
41: azvff04e1174a9@if40: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-9c919d15-1f9e-41c0-6967-93586e9b1cc3
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
43: azv58948d172f9@if42: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-817bdbee-c879-12ec-2b3b-b0c6692e2ae1
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
45: azv7d5c44ed6dd@if44: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-a22f4958-147c-9cef-38c4-f762391636f4
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
589: azv117298236ff@if588: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-99241f92-6494-7688-c4e2-45003baccf18
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
597: azvd6990f01670@if596: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-46fffa7c-e034-69c8-abb0-ea8dbe4f4278
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
599: azv92bc514bdc6@if598: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-951d1d93-38ff-3218-4e27-b03f8fc18086
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
605: azv5824dfa9883@if604: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netnsid 20
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
607: azv66d5063ed1a@if606: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netnsid 21
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
609: azve2fcbcbe2bc@if608: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netnsid 22
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
613: azvdc34f9c802f@if612: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netnsid 23
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
619: azv273e606af77@if618: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netnsid 24
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
193: azve23cd34bccf@if192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-c66fcbc6-7bb4-c60f-2f37-ae8a8068dc3f
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft forever
459: azv13c23158af1@if458: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether aa:aa:aa:aa:aa:aa brd ff:ff:ff:ff:ff:ff link-netns cni-29bbcf3e-77cd-dd5c-ce94-eb4100736dbf
inet6 fe80::a8aa:aaff:feaa:aaaa/64 scope link
valid_lft forever preferred_lft foreverThe name of the interface is azv273e606af77 for this pod on this node. If we review the calico-node logs on this machine we see that it seems to comes up with no issue:
2023-11-17T21:38:11.302698646Z 2023-11-17 21:38:11.302 [INFO][83] felix/ipsets.go 772: Calculating deltas to IP set family="inet" numDeltaAdds=0 numDeltaDeletes=1 numMembersInDataplane=197 setID="s:Vbl4aLpsO8Ss0UCzvsdmKAp4rZRC-V4hJGyiGg"
2023-11-17T21:38:20.943156723Z 2023-11-17 21:38:20.942 [INFO][83] felix/int_dataplane.go 1240: Linux interface state changed. ifIndex=618 ifaceName="azv273e606af772" state="down"
2023-11-17T21:38:20.943316527Z 2023-11-17 21:38:20.943 [INFO][83] felix/int_dataplane.go 1694: Received interface update msg=&intdataplane.ifaceUpdate{Name:"azv273e606af772", State:"down", Index:618}
2023-11-17T21:38:20.943559231Z 2023-11-17 21:38:20.943 [INFO][83] felix/int_dataplane.go 1276: Linux interface addrs changed. addrs=set.Set{} ifaceName="azv273e606af772"
2023-11-17T21:38:20.943649133Z 2023-11-17 21:38:20.943 [INFO][83] felix/int_dataplane.go 1240: Linux interface state changed. ifIndex=619 ifaceName="azv273e606af77" state="down"
2023-11-17T21:38:20.943804236Z 2023-11-17 21:38:20.943 [INFO][83] felix/int_dataplane.go 1712: Received interface addresses update msg=&intdataplane.ifaceAddrsUpdate{Name:"azv273e606af772", Addrs:set.Typed[string]{}}
2023-11-17T21:38:20.943819037Z 2023-11-17 21:38:20.943 [INFO][83] felix/hostip_mgr.go 84: Interface addrs changed. update=&intdataplane.ifaceAddrsUpdate{Name:"azv273e606af772", Addrs:set.Typed[string]{}}
2023-11-17T21:38:20.943979940Z 2023-11-17 21:38:20.943 [INFO][83] felix/int_dataplane.go 1694: Received interface update msg=&intdataplane.ifaceUpdate{Name:"azv273e606af77", State:"down", Index:619}
2023-11-17T21:38:20.944025641Z 2023-11-17 21:38:20.943 [INFO][83] felix/int_dataplane.go 1276: Linux interface addrs changed. addrs=set.Set{} ifaceName="azv273e606af77"
2023-11-17T21:38:20.944221145Z 2023-11-17 21:38:20.943 [INFO][83] felix/int_dataplane.go 1712: Received interface addresses update msg=&intdataplane.ifaceAddrsUpdate{Name:"azv273e606af77", Addrs:set.Typed[string]{}}
2023-11-17T21:38:20.944240445Z 2023-11-17 21:38:20.944 [INFO][83] felix/hostip_mgr.go 84: Interface addrs changed. update=&intdataplane.ifaceAddrsUpdate{Name:"azv273e606af77", Addrs:set.Typed[string]{}}
2023-11-17T21:38:20.946616793Z 2023-11-17 21:38:20.946 [INFO][83] felix/int_dataplane.go 1240: Linux interface state changed. ifIndex=619 ifaceName="azv273e606af77" state="up"
2023-11-17T21:38:20.946756396Z 2023-11-17 21:38:20.946 [INFO][83] felix/int_dataplane.go 1694: Received interface update msg=&intdataplane.ifaceUpdate{Name:"azv273e606af77", State:"up", Index:619}
2023-11-17T21:38:20.946784697Z 2023-11-17 21:38:20.946 [INFO][83] felix/endpoint_mgr.go 372: Workload interface came up, marking for reconfiguration. ifaceName="azv273e606af77"
2023-11-17T21:38:20.946918699Z 2023-11-17 21:38:20.946 [INFO][83] felix/endpoint_mgr.go 1212: Applying /proc/sys configuration to interface. ifaceName="azv273e606af77"
2023-11-17T21:38:20.947416910Z 2023-11-17 21:38:20.947 [INFO][83] felix/route_table.go 927: Syncing routes: found unexpected route; ignoring due to grace period. dest=10.50.4.10/32 ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:20.947639014Z 2023-11-17 21:38:20.947 [INFO][83] felix/route_table.go 927: Syncing routes: found unexpected route; ignoring due to grace period. dest=10.50.4.10/32 ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:20.947705115Z 2023-11-17 21:38:20.947 [INFO][83] felix/route_table.go 627: Interface in cleanup grace period, will retry after. ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:20.991566104Z 2023-11-17 21:38:20.991 [INFO][83] felix/int_dataplane.go 1240: Linux interface state changed. ifIndex=618 ifaceName="azv273e606af772" state=""
2023-11-17T21:38:20.991610805Z 2023-11-17 21:38:20.991 [INFO][83] felix/int_dataplane.go 1276: Linux interface addrs changed. addrs=<nil> ifaceName="azv273e606af772"
2023-11-17T21:38:20.991725507Z 2023-11-17 21:38:20.991 [INFO][83] felix/int_dataplane.go 1694: Received interface update msg=&intdataplane.ifaceUpdate{Name:"azv273e606af772", State:"", Index:618}
2023-11-17T21:38:20.992343220Z 2023-11-17 21:38:20.992 [INFO][83] felix/route_table.go 927: Syncing routes: found unexpected route; ignoring due to grace period. dest=10.50.4.10/32 ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:20.992582525Z 2023-11-17 21:38:20.992 [INFO][83] felix/route_table.go 927: Syncing routes: found unexpected route; ignoring due to grace period. dest=10.50.4.10/32 ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:20.992761028Z 2023-11-17 21:38:20.992 [INFO][83] felix/int_dataplane.go 1240: Linux interface state changed. ifIndex=619 ifaceName="azv273e606af77" state="down"
2023-11-17T21:38:20.992779929Z 2023-11-17 21:38:20.992 [INFO][83] felix/route_table.go 627: Interface in cleanup grace period, will retry after. ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:20.992785329Z 2023-11-17 21:38:20.992 [INFO][83] felix/int_dataplane.go 1694: Received interface update msg=&intdataplane.ifaceUpdate{Name:"azv273e606af77", State:"down", Index:619}
2023-11-17T21:38:20.993213637Z 2023-11-17 21:38:20.993 [INFO][83] felix/int_dataplane.go 1240: Linux interface state changed. ifIndex=619 ifaceName="azv273e606af77" state="up"
2023-11-17T21:38:20.993224438Z 2023-11-17 21:38:20.993 [INFO][83] felix/route_table.go 927: Syncing routes: found unexpected route; ignoring due to grace period. dest=10.50.4.10/32 ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:20.993593145Z 2023-11-17 21:38:20.993 [INFO][83] felix/route_table.go 927: Syncing routes: found unexpected route; ignoring due to grace period. dest=10.50.4.10/32 ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:20.994810670Z 2023-11-17 21:38:20.993 [INFO][83] felix/route_table.go 627: Interface in cleanup grace period, will retry after. ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:20.995115976Z 2023-11-17 21:38:20.994 [INFO][83] felix/int_dataplane.go 1694: Received interface update msg=&intdataplane.ifaceUpdate{Name:"azv273e606af77", State:"up", Index:619}
2023-11-17T21:38:20.995139676Z 2023-11-17 21:38:20.994 [INFO][83] felix/endpoint_mgr.go 372: Workload interface came up, marking for reconfiguration. ifaceName="azv273e606af77"
2023-11-17T21:38:20.995146977Z 2023-11-17 21:38:20.994 [INFO][83] felix/endpoint_mgr.go 1212: Applying /proc/sys configuration to interface. ifaceName="azv273e606af77"
2023-11-17T21:38:20.995802990Z 2023-11-17 21:38:20.995 [INFO][83] felix/route_table.go 927: Syncing routes: found unexpected route; ignoring due to grace period. dest=10.50.4.10/32 ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:20.996151297Z 2023-11-17 21:38:20.995 [INFO][83] felix/route_table.go 927: Syncing routes: found unexpected route; ignoring due to grace period. dest=10.50.4.10/32 ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:20.996309200Z 2023-11-17 21:38:20.996 [INFO][83] felix/route_table.go 627: Interface in cleanup grace period, will retry after. ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:20.996324500Z 2023-11-17 21:38:20.996 [INFO][83] felix/int_dataplane.go 1712: Received interface addresses update msg=&intdataplane.ifaceAddrsUpdate{Name:"azv273e606af772", Addrs:set.Set[string](nil)}
2023-11-17T21:38:20.996471403Z 2023-11-17 21:38:20.996 [INFO][83] felix/hostip_mgr.go 84: Interface addrs changed. update=&intdataplane.ifaceAddrsUpdate{Name:"azv273e606af772", Addrs:set.Set[string](nil)}
2023-11-17T21:38:20.996847111Z 2023-11-17 21:38:20.996 [INFO][83] felix/route_table.go 927: Syncing routes: found unexpected route; ignoring due to grace period. dest=10.50.4.10/32 ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:20.997005914Z 2023-11-17 21:38:20.996 [INFO][83] felix/route_table.go 927: Syncing routes: found unexpected route; ignoring due to grace period. dest=10.50.4.10/32 ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:20.997124517Z 2023-11-17 21:38:20.996 [INFO][83] felix/route_table.go 627: Interface in cleanup grace period, will retry after. ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:21.798530852Z 2023-11-17 21:38:21.798 [INFO][83] felix/calc_graph.go 462: Local endpoint updated id=WorkloadEndpoint(node=aks-pool0-37473129-vmss000007, orchestrator=k8s, workload=default/simple-deploy-bad-06-54c454bb9f-zml99, name=eth0)
2023-11-17T21:38:21.798836658Z 2023-11-17 21:38:21.798 [INFO][83] felix/int_dataplane.go 1679: Received *proto.IPSetDeltaUpdate update from calculation graph msg=id:"s:Vbl4aLpsO8Ss0UCzvsdmKAp4rZRC-V4hJGyiGg" added_members:"10.50.4.10/32"
2023-11-17T21:38:21.798972561Z 2023-11-17 21:38:21.798 [INFO][83] felix/int_dataplane.go 1679: Received *proto.WorkloadEndpointUpdate update from calculation graph msg=id:<orchestrator_id:"k8s" workload_id:"default/simple-deploy-bad-06-54c454bb9f-zml99" endpoint_id:"eth0" > endpoint:<state:"active" name:"azv273e606af77" profile_ids:"kns.default" profile_ids:"ksa.default.default" ipv4_nets:"10.50.4.10/32" >
2023-11-17T21:38:21.799184665Z 2023-11-17 21:38:21.798 [INFO][83] felix/endpoint_mgr.go 600: Updating per-endpoint chains. id=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"default/simple-deploy-bad-06-54c454bb9f-zml99", EndpointId:"eth0"}
2023-11-17T21:38:21.799200266Z 2023-11-17 21:38:21.798 [INFO][83] felix/table.go 508: Queueing update of chain. chainName="cali-tw-azv273e606af77" ipVersion=0x4 table="filter"
2023-11-17T21:38:21.799385569Z 2023-11-17 21:38:21.799 [INFO][83] felix/table.go 508: Queueing update of chain. chainName="cali-fw-azv273e606af77" ipVersion=0x4 table="filter"
2023-11-17T21:38:21.799528472Z 2023-11-17 21:38:21.799 [INFO][83] felix/endpoint_mgr.go 646: Updating endpoint routes. id=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"default/simple-deploy-bad-06-54c454bb9f-zml99", EndpointId:"eth0"}
2023-11-17T21:38:21.800068083Z 2023-11-17 21:38:21.799 [INFO][83] felix/table.go 508: Queueing update of chain. chainName="cali-from-wl-dispatch-2" ipVersion=0x4 table="filter"
2023-11-17T21:38:21.800115684Z 2023-11-17 21:38:21.799 [INFO][83] felix/table.go 582: Chain became referenced, marking it for programming chainName="cali-fw-azv273e606af77"
2023-11-17T21:38:21.800359889Z 2023-11-17 21:38:21.800 [INFO][83] felix/table.go 508: Queueing update of chain. chainName="cali-from-wl-dispatch" ipVersion=0x4 table="filter"
2023-11-17T21:38:21.800391190Z 2023-11-17 21:38:21.800 [INFO][83] felix/table.go 582: Chain became referenced, marking it for programming chainName="cali-from-wl-dispatch-2"
2023-11-17T21:38:21.800507692Z 2023-11-17 21:38:21.800 [INFO][83] felix/table.go 508: Queueing update of chain. chainName="cali-to-wl-dispatch-2" ipVersion=0x4 table="filter"
2023-11-17T21:38:21.800526093Z 2023-11-17 21:38:21.800 [INFO][83] felix/table.go 582: Chain became referenced, marking it for programming chainName="cali-tw-azv273e606af77"
2023-11-17T21:38:21.800675596Z 2023-11-17 21:38:21.800 [INFO][83] felix/table.go 508: Queueing update of chain. chainName="cali-to-wl-dispatch" ipVersion=0x4 table="filter"
2023-11-17T21:38:21.800699196Z 2023-11-17 21:38:21.800 [INFO][83] felix/table.go 582: Chain became referenced, marking it for programming chainName="cali-to-wl-dispatch-2"
2023-11-17T21:38:21.800788998Z 2023-11-17 21:38:21.800 [INFO][83] felix/endpoint_mgr.go 1212: Applying /proc/sys configuration to interface. ifaceName="azv273e606af77"
2023-11-17T21:38:21.801062203Z 2023-11-17 21:38:21.800 [INFO][83] felix/endpoint_mgr.go 488: Re-evaluated workload endpoint status adminUp=true failed=false known=true operUp=true status="up" workloadEndpointID=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"default/simple-deploy-bad-06-54c454bb9f-zml99", EndpointId:"eth0"}
2023-11-17T21:38:21.801115105Z 2023-11-17 21:38:21.800 [INFO][83] felix/status_combiner.go 58: Storing endpoint status update ipVersion=0x4 status="up" workload=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"default/simple-deploy-bad-06-54c454bb9f-zml99", EndpointId:"eth0"}
2023-11-17T21:38:21.801742217Z 2023-11-17 21:38:21.801 [INFO][83] felix/ipsets.go 772: Calculating deltas to IP set family="inet" numDeltaAdds=1 numDeltaDeletes=0 numMembersInDataplane=196 setID="s:Vbl4aLpsO8Ss0UCzvsdmKAp4rZRC-V4hJGyiGg"
2023-11-17T21:38:21.801767018Z 2023-11-17 21:38:21.801 [INFO][83] felix/route_table.go 931: Remove old route dest=10.50.4.10/32 ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 routeProblems=[]string{"incorrect protocol"} tableIndex=0
2023-11-17T21:38:21.801983522Z 2023-11-17 21:38:21.801 [INFO][83] felix/route_table.go 945: Deleting from expected targets cidr=10.50.4.10/32 ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:21.802026823Z 2023-11-17 21:38:21.801 [INFO][83] felix/route_table.go 951: No pending target update, adding back in as an update cidr=10.50.4.10/32 ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 tableIndex=0
2023-11-17T21:38:21.820871205Z 2023-11-17 21:38:21.820 [INFO][83] felix/status_combiner.go 81: Endpoint up for at least one IP version id=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"default/simple-deploy-bad-06-54c454bb9f-zml99", EndpointId:"eth0"} ipVersion=0x4 status="up"
2023-11-17T21:38:21.820922806Z 2023-11-17 21:38:21.820 [INFO][83] felix/status_combiner.go 98: Reporting combined status. id=proto.WorkloadEndpointID{OrchestratorId:"k8s", WorkloadId:"default/simple-deploy-bad-06-54c454bb9f-zml99", EndpointId:"eth0"} status="up"
2023-11-17T21:38:22.586784921Z 2023-11-17 21:38:22.586 [INFO][83] felix/iface_monitor.go 217: Netlink address update for known interface. addr="fe80::a8aa:aaff:feaa:aaaa" exists=true ifIndex=619
2023-11-17T21:38:22.586835022Z 2023-11-17 21:38:22.586 [INFO][83] felix/int_dataplane.go 1276: Linux interface addrs changed. addrs=set.Set{fe80::a8aa:aaff:feaa:aaaa} ifaceName="azv273e606af77"
2023-11-17T21:38:22.586845423Z 2023-11-17 21:38:22.586 [INFO][83] felix/int_dataplane.go 1712: Received interface addresses update msg=&intdataplane.ifaceAddrsUpdate{Name:"azv273e606af77", Addrs:set.Typed[string]{"fe80::a8aa:aaff:feaa:aaaa":set.v{}}}
2023-11-17T21:38:22.586853023Z 2023-11-17 21:38:22.586 [INFO][83] felix/hostip_mgr.go 84: Interface addrs changed. update=&intdataplane.ifaceAddrsUpdate{Name:"azv273e606af77", Addrs:set.Typed[string]{"fe80::a8aa:aaff:feaa:aaaa":set.v{}}}
2023-11-17T21:39:01.788996859Z 2023-11-17 21:39:01.788 [INFO][83] felix/int_dataplane.go 1679: Received *proto.IPSetDeltaUpdate update from calculation graph msg=id:"s:Vbl4aLpsO8Ss0UCzvsdmKAp4rZRC-V4hJGyiGg" added_members:"10.50.18.22/32"
2023-11-17T21:39:01.789772474Z 2023-11-17 21:39:01.789 [INFO][83] felix/ipsets.go 772: Calculating deltas to IP set family="inet" numDeltaAdds=1 numDeltaDeletes=0 numMembersInDataplane=197 setID="s:Vbl4aLpsO8Ss0UCzvsdmKAp4rZRC-V4hJGyiGg"
2023-11-17T21:39:02.511735754Z 2023-11-17 21:39:02.511 [INFO][83] felix/int_dataplane.go 1679: Received *proto.IPSetDeltaUpdate update from calculation graph msg=id:"s:Vbl4aLpsO8Ss0UCzvsdmKAp4rZRC-V4hJGyiGg" added_members:"10.50.18.102/32" The line 2023-11-17T21:38:21.801767018Z 2023-11-17 21:38:21.801 [INFO][83] felix/route_table.go 931: Remove old route dest=10.50.4.10/32 ifaceName="azv273e606af77" ifaceRegex="^azv.*" ipVersion=0x4 routeProblems=[]string{"incorrect protocol"} tableIndex=0 is a bit suspect but I've seen that line for other network interfaces on nodes that work.
Finally here is the output of iptables -nvL on the host node:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
47M 16G cali-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Cz_u1IQiXIMmKD4c */
692K 41M KUBE-PROXY-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes load balancer firewall */
25M 14G KUBE-NODEPORTS all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes health check service ports */
692K 41M KUBE-EXTERNAL-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes externally-visible service portals */
25M 15G KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 70 packets, 5750 bytes)
pkts bytes target prot opt in out source destination
593M 883G cali-FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:wUHhoiAYhphO9Mso */
5550K 536M KUBE-PROXY-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes load balancer firewall */
16M 4795M KUBE-FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules */
5227K 519M KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes service portals */
5227K 519M KUBE-EXTERNAL-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes externally-visible service portals */
0 0 DROP tcp -- * * 0.0.0.0/0 168.63.129.16 tcp dpt:80
5227K 519M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:S93hcgKJrXEqnTfs */ /* Policy explicitly accepted packet. */ mark match 0x10000/0x10000
14 728 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:mp77cMpurHhyjLrM */ MARK or 0x10000
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
50M 36G cali-OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:tVnHkvAo15HuiPy0 */
5137K 309M KUBE-PROXY-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes load balancer firewall */
5137K 309M KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW /* kubernetes service portals */
50M 36G KUBE-FIREWALL all -- * * 0.0.0.0/0 0.0.0.0/0
Chain KUBE-EXTERNAL-SERVICES (2 references)
pkts bytes target prot opt in out source destination
Chain KUBE-FIREWALL (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * !127.0.0.0/8 127.0.0.0/8 /* block incoming localnet connections */ ! ctstate RELATED,ESTABLISHED,DNAT
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000
Chain KUBE-FORWARD (1 references)
pkts bytes target prot opt in out source destination
3 120 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
633 33212 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding rules */ mark match 0x4000/0x4000
19684 7263K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes forwarding conntrack rule */ ctstate RELATED,ESTABLISHED
Chain KUBE-KUBELET-CANARY (0 references)
pkts bytes target prot opt in out source destination
Chain KUBE-NODEPORTS (1 references)
pkts bytes target prot opt in out source destination
Chain KUBE-PROXY-CANARY (0 references)
pkts bytes target prot opt in out source destination
Chain KUBE-PROXY-FIREWALL (3 references)
pkts bytes target prot opt in out source destination
Chain KUBE-SERVICES (2 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 10.0.156.153 /* fo-monitoring-incluster/prometheus-windows-exporter-2022:metrics has no endpoints */ tcp dpt:9190 reject-with icmp-port-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 10.0.95.162 /* kube-system/fluent-bit-windows-2022:http has no endpoints */ tcp dpt:2020 reject-with icmp-port-unreachable
Chain cali-FORWARD (1 references)
pkts bytes target prot opt in out source destination
593M 883G MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:vjrMJCRpqwy5oRoX */ MARK and 0xfff1ffff
578M 878G cali-from-hep-forward all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:A_sPAO0mcxbT9mOV */ mark match 0x0/0x10000
288M 379G cali-from-wl-dispatch all -- azv+ * 0.0.0.0/0 0.0.0.0/0 /* cali:eX9Ja0DwcIowMVTb */
295M 499G cali-to-wl-dispatch all -- * azv+ 0.0.0.0/0 0.0.0.0/0 /* cali:lCYZd5e-DzXSSbkF */
16M 4795M cali-to-hep-forward all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:-dcXR-VKUQwejWQO */
16M 4795M cali-cidr-block all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:t5oSTZ2L2_Tc_RfV */
Chain cali-INPUT (1 references)
pkts bytes target prot opt in out source destination
22M 2433M cali-wl-to-host all -- azv+ * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:8QElouJWNxGjNirh */
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:xMNbwm2YBrm42oWt */ mark match 0x10000/0x10000
25M 14G MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:e3VZV08T4mUQi5hd */ MARK and 0xfff0ffff
25M 14G cali-from-host-endpoint all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:0tZIfF_BpeleJA1r */
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:8qgrLKbPHolPQMWN */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000
Chain cali-OUTPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Mq1_rAdXXH3YkrzW */ mark match 0x10000/0x10000
23M 26G RETURN all -- * azv+ 0.0.0.0/0 0.0.0.0/0 /* cali:raioRn2zJWPu461K */
27M 9686M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:HP29bt0MwjaRoOo- */ MARK and 0xfff0ffff
27M 9686M cali-to-host-endpoint all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:_cIgxtTYYAMB5KpQ */ ! ctstate DNAT
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JsUzusXOH35EVCop */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000
Chain cali-cidr-block (1 references)
pkts bytes target prot opt in out source destination
Chain cali-from-hep-forward (1 references)
pkts bytes target prot opt in out source destination
Chain cali-from-host-endpoint (1 references)
pkts bytes target prot opt in out source destination
Chain cali-from-wl-dispatch (2 references)
pkts bytes target prot opt in out source destination
2466K 3385M cali-fw-azv063de78ce1f all -- azv063de78ce1f * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:DgFbg7m8JNCTgzfN */
11M 1581M cali-from-wl-dispatch-1 all -- azv1+ * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:ONyMqMvR9rS1Njkz */
2891K 204M cali-fw-azv27f56a5e537 all -- azv27f56a5e537 * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:vLRivRj-ut9k-ZNq */
6322K 4565M cali-fw-azv58948d172f9 all -- azv58948d172f9 * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:JDOsTVC8rSMFt5ic */
12M 34G cali-fw-azv6353dec4df5 all -- azv6353dec4df5 * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:W7jY7zAWfrfJQ11G */
17M 3304M cali-from-wl-dispatch-7 all -- azv7+ * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:o-9DNBA1IKZ11j-g */
68M 7935M cali-from-wl-dispatch-9 all -- azv9+ * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:ACDNtV0ak9B03bJR */
86M 231G cali-from-wl-dispatch-a all -- azva+ * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:Dm1MwJ1Mo2mpqzoM */
8739K 1996M cali-fw-azvcf45bde84d4 all -- azvcf45bde84d4 * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:3MKsXOMxMqJKbykO */
2944K 3103M cali-fw-azvd2f24fe8b71 all -- azvd2f24fe8b71 * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:40iaV617AD1OwZP- */
5027K 12G cali-fw-azve6e31251c0e all -- azve6e31251c0e * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:sRaW-rwxpoQuDqli */
80M 71G cali-from-wl-dispatch-f all -- azvf+ * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:BCc6itDcSZqshRNC */
1774K 132M DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:SnsD4J-s6BzULwtH */ /* Unknown interface */
Chain cali-from-wl-dispatch-1 (1 references)
pkts bytes target prot opt in out source destination
362K 28M cali-fw-azv1b9e3e91193 all -- azv1b9e3e91193 * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:d96wEwjli7eYssLh */
11M 1580M cali-fw-azv1d5f562fca9 all -- azv1d5f562fca9 * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:OvJZ1V_7_uwLFdT_ */
46001 4838K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:OCl2BxjgWmNfi__y */ /* Unknown interface */
Chain cali-from-wl-dispatch-7 (1 references)
pkts bytes target prot opt in out source destination
11M 2367M cali-fw-azv74f9fb83bad all -- azv74f9fb83bad * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:X1ObKacPKqoqAS39 */
6066K 929M cali-fw-azv7d5c44ed6dd all -- azv7d5c44ed6dd * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:ImHCQJMXXFaAfVuR */
134 13518 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:KgL6D0Gfh4eYWdET */ /* Unknown interface */
Chain cali-from-wl-dispatch-9 (1 references)
pkts bytes target prot opt in out source destination
6089K 1962M cali-fw-azv980210b826e all -- azv980210b826e * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:Y_kynzHNhHSqK59g */
3841K 279M cali-fw-azv9d86a46ea25 all -- azv9d86a46ea25 * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:lfC4C7GX2NRM7mPG */
59M 5858M cali-fw-azv9fb20ea0598 all -- azv9fb20ea0598 * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:c0dT0k6n6ngx-m07 */
938 98626 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Np3KIOLxPng_nhHj */ /* Unknown interface */
Chain cali-from-wl-dispatch-a (1 references)
pkts bytes target prot opt in out source destination
83M 235G cali-fw-azva2cb8c7462f all -- azva2cb8c7462f * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:E9J6euNKpDUi_Uoc */
4314K 519M cali-fw-azvac4be32bd5f all -- azvac4be32bd5f * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:FbjyHHOsgBfDg2qi */
180 18140 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:O-sR1buCScH0_3OV */ /* Unknown interface */
Chain cali-from-wl-dispatch-f (1 references)
pkts bytes target prot opt in out source destination
80M 72G cali-fw-azvf977de10b6a all -- azvf977de10b6a * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:JJbD2vsfpV1my672 */
1469K 108M cali-fw-azvff04e1174a9 all -- azvff04e1174a9 * 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:P03pmv9k4ZqgetfA */
652 62904 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:4blR1WXZSz_dArvg */ /* Unknown interface */
Chain cali-fw-azv063de78ce1f (1 references)
pkts bytes target prot opt in out source destination
2502K 3402M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:HczW2fYxed9gfFyO */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:3lsQbp8AspKzIG54 */ ctstate INVALID
393 38821 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:RgesTSrxQBINJJsp */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:_WS4rA1OJ2DCMNPm */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:xgYW4_t_XVPJfpJQ */ /* Drop IPinIP encapped packets originating in workloads */
393 38821 cali-pro-kns.aqua-sec all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:uPlmshpmagrG7DF5 */
393 38821 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:5Ackn7XGn50SZ3Y2 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_C8RSeHYUx-bz2fxKQu all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JlABmSk_aNd6CP2p */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:4QnZenxvR0PthV86 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:djJtVPNNcx0wDVdX */ /* Drop if no profiles matched */
Chain cali-fw-azv1b9e3e91193 (1 references)
pkts bytes target prot opt in out source destination
363K 28M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:rJaWcQhymtipKC1F */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:xrzrLnCcSdncZv5P */ ctstate INVALID
59 6446 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:qMBq3OvOzDKFcYjG */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:AXZinyhAJkzRE1QZ */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:zy2HIzDMs7yz8UDl */ /* Drop IPinIP encapped packets originating in workloads */
59 6446 cali-pro-kns.fo-monitoring all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:6ateLo0ugfrv9uz_ */
59 6446 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:LF3K80ewpaSW0vSm */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_v0b1CqFoQQZWDE7s1i all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:4qbAsuuBW3qPIoXM */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:n_jqWat2WEOyQkmO */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:P6IuU_yG0jMKpiKz */ /* Drop if no profiles matched */
Chain cali-fw-azv1d5f562fca9 (1 references)
pkts bytes target prot opt in out source destination
11M 1565M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:EvoEV9i8bG4cwBPR */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:oIptXRqVmkCNB8z1 */ ctstate INVALID
176K 15M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:0PMPsToc953tjPzo */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:EL-gcZFrIZTI6gET */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ePqhaa1dEk7Rc-MZ */ /* Drop IPinIP encapped packets originating in workloads */
176K 15M cali-pro-_y1Xo39_WdGsJ3XS0rw all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:RuJDCXzKbz0iuTJj */
176K 15M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:oNyfnciluQEE9ELT */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_UoG5p5kHTVsgjWFU8J all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:dZw954CG3zCZLdKB */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:6F8CRPk-wadgHIDb */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:XuMwGy5WYGAI2puv */ /* Drop if no profiles matched */
Chain cali-fw-azv27f56a5e537 (1 references)
pkts bytes target prot opt in out source destination
2947K 208M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:mChbjN1h4LkoQRve */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:s8xA5rFvqoFI1hIT */ ctstate INVALID
2197 266K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Kj977Ztr5oDicAPL */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:S1bvhO0YmAh7je1M */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ZtsibANdzLKivcdt */ /* Drop IPinIP encapped packets originating in workloads */
2197 266K cali-pro-kns.calico-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:gsCQ97-WTUZlVNqP */
2197 266K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:PCoy6fgBz_dcnyBJ */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_nzzjLvInId1gPHmQz_ all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:RgY0wPdF26FbBFLQ */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:FzGAmjlsizAqUb6g */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:rQhMJk0Gptl6q82t */ /* Drop if no profiles matched */
Chain cali-fw-azv58948d172f9 (1 references)
pkts bytes target prot opt in out source destination
6320K 4636M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:uTeanxZoxC2wTA9z */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:O8Lktrozk9EpQfaq */ ctstate INVALID
122K 9787K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:EPoLHMJ63KeWxx_I */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:t2eEkBQ3bLeAfyID */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:kO9-Z7lKPIY3bDRf */ /* Drop IPinIP encapped packets originating in workloads */
122K 9787K cali-pro-_H9Q8hjUtah9TbPh8OS all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:6nJ1YUciNeY589Vo */
122K 9787K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Ha3nhRygh07lY52I */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_SNWE5yYJqbVp3T74uu all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:oqaGILDtz1w0HfiS */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:qqWAjfsnzw2jmIiB */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:PDnXHMRm73f_wUEw */ /* Drop if no profiles matched */
Chain cali-fw-azv6353dec4df5 (1 references)
pkts bytes target prot opt in out source destination
12M 35G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:k1DQ5d6p3KmpyagS */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:D9HDwv6KpfvCW-wb */ ctstate INVALID
284K 29M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:262ucD8ZZlL_3A5J */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:hIC9wgcCn5QxG4fS */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:l_TbRzx-2UIF5iTy */ /* Drop IPinIP encapped packets originating in workloads */
284K 29M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:tff8xVDl598v24OQ */ /* Start of policies */ MARK and 0xfffdffff
284K 29M cali-po-_CnYwWeB-Cs2wlkBLI1r all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:CMAw9kiKF_5_y379 */ mark match 0x0/0x20000
284K 29M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:4VzQvwhswOOT6RX6 */ /* Return if policy accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:C-7Z2TG77DVwarGu */ /* Drop if no policies passed packet */ mark match 0x0/0x20000
0 0 cali-pro-kns.flux-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:GSI8eEmG6GFV-ewI */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Gxn3m8UFL_wpL4px */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_JMjdn69jDC9MG2pgc3 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:xP-a1dMNPgpcLqM2 */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:FxlkmxpL5w8NKVe9 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:k29jWqUCkTf13cB_ */ /* Drop if no profiles matched */
Chain cali-fw-azv74f9fb83bad (1 references)
pkts bytes target prot opt in out source destination
11M 2405M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:nHdDqCdfv6iDJrvx */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:G8Wx-BT2jGRBfmKQ */ ctstate INVALID
1306 154K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:E7UmUjMSLdSxc0FJ */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:EY6JsHhxAAJlvKC5 */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:P0-b-3wayYszWLgp */ /* Drop IPinIP encapped packets originating in workloads */
1306 154K cali-pro-_y1Xo39_WdGsJ3XS0rw all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:MNc-ykmvkXeq0c5g */
1306 154K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Iv6q169IetgVGEmI */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_UyohNoyKLW1AAKp8kg all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:AMjbmajN_kuIWgoI */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:fa9sOui8NXhOrhGU */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:FxZ4Yl_JIkuyQb9m */ /* Drop if no profiles matched */
Chain cali-fw-azv7d5c44ed6dd (1 references)
pkts bytes target prot opt in out source destination
6204K 950M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Sk46hRpU6a3CdKul */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:KuPzaIjBWH_op05N */ ctstate INVALID
1709 189K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:6xG-Ydio_4MFn2PI */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:QiOyV6AnUH9t7Uas */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:fGRt0brPUw1FzryS */ /* Drop IPinIP encapped packets originating in workloads */
1709 189K cali-pro-kns.aqua-sec all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:yWRMTVkbpZc5noaM */
1709 189K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:jXyI7GsFuVFWBrk3 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_MQC7iNJjo7HCQ5Nq9m all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:CVDYU5iWacKnKUU- */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:R7gXuMDbLg4b3gLW */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:HgOCeia51I9TcAbp */ /* Drop if no profiles matched */
Chain cali-fw-azv980210b826e (1 references)
pkts bytes target prot opt in out source destination
6053K 1959M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:01zzgfsyDxo3si8f */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:FceS8NoBk88TRf3G */ ctstate INVALID
42458 5151K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:dypMnzRmTmkhtJzd */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:viNTmK3sfIk-PO44 */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:t8GM7e4-w28Z0cxH */ /* Drop IPinIP encapped packets originating in workloads */
42458 5151K cali-pro-kns.kube-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:jfH8Hsw9l25mvfg5 */
42458 5151K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:oCyuV-bXv67z03bW */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_CVSZITRyIpEmH8AB6H all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:1CzRn8vqXBIQPLfE */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:H-k1vjl2k76wwRgG */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:XC37Tpauj4qrrY9k */ /* Drop if no profiles matched */
Chain cali-fw-azv9d86a46ea25 (1 references)
pkts bytes target prot opt in out source destination
3844K 280M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:8n4fDfN2nDkwDGbV */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:GjH_WHWfv8X6MrWK */ ctstate INVALID
110 12376 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ZZkZ1Jfd0JstICj1 */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:UR5BJlnwi4fnon4P */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:FZOS92oq_MrVvJqA */ /* Drop IPinIP encapped packets originating in workloads */
110 12376 cali-pro-kns.zone-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:DMH4yMC_QgQmCXRY */
110 12376 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:_2BjU7XBpWYCQLDp */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_XuuvRa7YSRB5Rj166K all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Sz3Oiffsbn0sGNjV */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:eiuQ9Z7zF4Z7QWIU */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:apDS_KnLkkOXYdqB */ /* Drop if no profiles matched */
Chain cali-fw-azv9fb20ea0598 (1 references)
pkts bytes target prot opt in out source destination
59M 5859M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Y84qjUOivEyX99O8 */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:RlRPh7ZT8kQdNPvw */ ctstate INVALID
34854 3795K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:fJaAgrRR0EJXd_E2 */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:VERRaQ5nrsUxB84V */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:B8Nc_gSh1SZ9tyNz */ /* Drop IPinIP encapped packets originating in workloads */
34854 3795K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:mYfHZ1DbyGjJQtX- */ /* Start of policies */ MARK and 0xfffdffff
34854 3795K cali-po-_CnYwWeB-Cs2wlkBLI1r all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:aOMXH_LGgDIVxOIr */ mark match 0x0/0x20000
34854 3795K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:oTBQDzKZHo1SG_Dl */ /* Return if policy accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Q5dn5DSzBNZqF0zS */ /* Drop if no policies passed packet */ mark match 0x0/0x20000
0 0 cali-pro-kns.flux-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:xmexN1QHotlhsuV8 */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:75iVCKRW4JxiiB20 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_WAa7HIRU3lsWCsn7wS all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:qLTgoNFOeVz4rrSx */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:EkcGcBBX9lRSTX3W */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:F8nELHgnpbEpQ8Cq */ /* Drop if no profiles matched */
Chain cali-fw-azva2cb8c7462f (1 references)
pkts bytes target prot opt in out source destination
83M 235G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:e9NFhGXYlcR7XibR */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:An71WmXHpwz_sjqR */ ctstate INVALID
70898 5026K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:TjeRTzJ2w8pX9Em1 */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:FAglWbJaN5hijsoz */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:NF3dAAy47-ZwY1ES */ /* Drop IPinIP encapped packets originating in workloads */
70898 5026K cali-pro-_eHJKQLQkMBXVA_0AzZ all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:lkseUQizRkEYPMiI */
70898 5026K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:sWxAJ8hQmJRTff3B */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_jIqjZRYBC7uYsU5aR8 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:UWgnmrFRwRmC18v0 */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:nsZGmnsQi1ztvSPf */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:9Vrp3hSXY1OJoL6G */ /* Drop if no profiles matched */
Chain cali-fw-azvac4be32bd5f (1 references)
pkts bytes target prot opt in out source destination
3718K 462M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:wlD-jf1F5CNV1Olh */ ctstate RELATED,ESTABLISHED
52 2704 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:zEJmcOJA0DfVzn8Y */ ctstate INVALID
596K 57M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:xjy8sCOc7rpgBkU7 */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:84u7QaDGf_PxUeb2 */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:4Zh4xePTk2-iogzV */ /* Drop IPinIP encapped packets originating in workloads */
596K 57M cali-pro-kns.cert-manager all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:IEeOjTkWXTUbPYj6 */
596K 57M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:fOmVuUkjb-Z-qux7 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_L71WNr2BKLuR35s1xO all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:uhGCm4_cJ8XBy_1P */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JDb5439PIZRYt4fq */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:dVccZqtrtHeG8pRY */ /* Drop if no profiles matched */
Chain cali-fw-azvcf45bde84d4 (1 references)
pkts bytes target prot opt in out source destination
8868K 2030M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:PRBoQyyxLLxeQx0L */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:_20qf6aXpJGZLS5g */ ctstate INVALID
39969 4762K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:dJGBO283tvBk9W1F */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:z3kzZ5WqSGTsIhmT */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:yIlLbu2r6PzFkZg1 */ /* Drop IPinIP encapped packets originating in workloads */
39969 4762K cali-pro-kns.kube-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:yGJDzFFrd1Y0qTdg */
39969 4762K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Dy7aq3LWptwuFkR- */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_u2Tn2rSoAPffvE7JO6 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:dWyvl8EsrwTMVxk4 */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:DDqCoY8AkLKn2v0G */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:WmuepkvKsZ6ufi2i */ /* Drop if no profiles matched */
Chain cali-fw-azvd2f24fe8b71 (1 references)
pkts bytes target prot opt in out source destination
2961K 3131M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:PNQkXHMqhu_q9mNe */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ieqtiZzRJmffJpc3 */ ctstate INVALID
29294 3468K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:dGgvkV2rHZoD7Gx8 */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JPm1UN26nSePbi0L */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:aHAsV7gYS2twtnYE */ /* Drop IPinIP encapped packets originating in workloads */
29294 3468K cali-pro-kns.kube-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Xl7dPUAD-cViOxaB */
29294 3468K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:IzGBsnpKULpjVB5a */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_fR_AzgDky1fzttFBA2 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:BBZTZNzj7jEpozHV */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:YySTO4cvIyDA8TU5 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:l2165HkcAWVPmO8K */ /* Drop if no profiles matched */
Chain cali-fw-azve6e31251c0e (1 references)
pkts bytes target prot opt in out source destination
4491K 12G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:3ykFIQuYH_w4Xd4E */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:wdUZsOUusGIyRG1l */ ctstate INVALID
634K 57M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:1gJ25KHyi2Wb4NWK */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:-VWb01oXOX1-Q2FE */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:nxkGy2GaSe6meSgd */ /* Drop IPinIP encapped packets originating in workloads */
634K 57M cali-pro-kns.kube-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:O03ig2zljfo9Cknd */
634K 57M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:uVRkfQ_aw4KTPVll */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_w7d_5jnMyxaId_Qep- all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:cTKs6d1cV5vnHpNm */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:3y_ThAhQjoDMJUv2 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:-jxqsUodnnad4PK3 */ /* Drop if no profiles matched */
Chain cali-fw-azvf977de10b6a (1 references)
pkts bytes target prot opt in out source destination
80M 72G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:m5lq3PUip-VD12ph */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:cjtLRK8v9PSXrAr7 */ ctstate INVALID
290K 17M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ygLZVC0xHAOy28TX */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:W8eVhhCr5z1ziuPY */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:_HpuUGGa0238ch-_ */ /* Drop IPinIP encapped packets originating in workloads */
290K 17M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:XW7Tv355Zsun2Lz2 */ /* Start of policies */ MARK and 0xfffdffff
290K 17M cali-po-_j5sVgQTfF-APgMw0kN9 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:XuWJZSLk90OGEuN_ */ mark match 0x0/0x20000
290K 17M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:YiYAYpPAUHHWzT42 */ /* Return if policy accepted */ mark match 0x10000/0x10000
0 0 cali-po-_rWDSk9LLgWIl_lpnJE2 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:asVwtfYqsvW4-jnd */ mark match 0x0/0x20000
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:fVQq11BYEXeRSJNH */ /* Return if policy accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:0l25Jjd9syrk-kpO */ /* Drop if no policies passed packet */ mark match 0x0/0x20000
0 0 cali-pro-kns.kube-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:dOcqEmgPZvgwrcXz */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:zkcYA7SJsfE-eK2a */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_b-WIgmNvlBH1FuEYm2 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:KJ1SRfSHE15H5q1y */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:lN_pcIrCD9iH8fij */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:bJRyQG6lttP1VXIk */ /* Drop if no profiles matched */
Chain cali-fw-azvff04e1174a9 (1 references)
pkts bytes target prot opt in out source destination
1479K 109M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:bBjpazUASLkkwu_e */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:5vbb_bvjvuFXRLNT */ ctstate INVALID
110 13460 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:5wVFkhlyEqM-j3gl */ MARK and 0xfffeffff
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:MZxc0rkRQEDGhLfh */ /* Drop VXLAN encapped packets originating in workloads */ multiport dports 4789
0 0 DROP 4 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:67l4hWVM2TiE1yMx */ /* Drop IPinIP encapped packets originating in workloads */
110 13460 cali-pro-kns.cert-manager all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:hrHMGxscq3wwt6Fl */
110 13460 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:cMvHeNZMAnznIn_u */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pro-_PfNIBb694QWVrNir-D all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ANQbC3fnmIslUbqo */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:uqsdKBii1vXBXdGW */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:l0SLm-yd24oA61q5 */ /* Drop if no profiles matched */
Chain cali-pi-_CnYwWeB-Cs2wlkBLI1r (2 references)
pkts bytes target prot opt in out source destination
3427 232K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:EugK4GbiwLlISRKx */ /* Policy flux-system/knp.default.allow-egress ingress */ match-set cali40s:00ubtcVEyGdulAhq4tK8DFg src MARK or 0x10000
3427 232K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:iiBv9O7tkqhjdkVN */ mark match 0x10000/0x10000
Chain cali-pi-_wPWTZv6YdOuDVtelZQ- (2 references)
pkts bytes target prot opt in out source destination
2 136 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:dzf8wseWj4CKcHjL */ /* Policy flux-system/knp.default.allow-scraping ingress */ match-set cali40s:Vbl4aLpsO8Ss0UCzvsdmKAp src multiport dports 8080 MARK or 0x10000
2 136 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:GBn_9WOmNOUCQ2zu */ mark match 0x10000/0x10000
Chain cali-po-_CnYwWeB-Cs2wlkBLI1r (2 references)
pkts bytes target prot opt in out source destination
319K 32M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:KoBkW5HRt0eFQiTe */ /* Policy flux-system/knp.default.allow-egress egress */ MARK or 0x10000
319K 32M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:u8Bz_ZEl4LCtiiGP */ mark match 0x10000/0x10000
Chain cali-po-_j5sVgQTfF-APgMw0kN9 (1 references)
pkts bytes target prot opt in out source destination
290K 17M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:7z6hujEGudXby9dt */ /* Policy aaa-allow-konnectivity-agent egress */ MARK or 0x10000
290K 17M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:NTwkPh-Buls_XiN8 */ mark match 0x10000/0x10000
Chain cali-po-_rWDSk9LLgWIl_lpnJE2 (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:wRBTHOraY7-PMOXd */ /* Policy kube-system/knp.default.konnectivity-agent egress */ MARK or 0x10000
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:K0NIAoy4j4QR-b6k */ mark match 0x10000/0x10000
Chain cali-pri-_C8RSeHYUx-bz2fxKQu (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:cEAol7hwRE1rpFMv */ /* Profile ksa.aqua-sec.aqua-sa ingress */
Chain cali-pri-_CVSZITRyIpEmH8AB6H (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Jm7TmoNoWplOEka1 */ /* Profile ksa.kube-system.metrics-server ingress */
Chain cali-pri-_H9Q8hjUtah9TbPh8OS (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:PwIuYbgXX3Iat-LI */ /* Profile kns.cloudability-agents ingress */ MARK or 0x10000
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:I_Fuxf9vyh01VpR- */ mark match 0x10000/0x10000
Chain cali-pri-_JMjdn69jDC9MG2pgc3 (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:XHNI7-NzNwmps8Ee */ /* Profile ksa.flux-system.source-controller ingress */
Chain cali-pri-_L71WNr2BKLuR35s1xO (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:y2h9qrTtEbiwQl94 */ /* Profile ksa.cert-manager.cert-sync-certsync ingress */
Chain cali-pri-_MQC7iNJjo7HCQ5Nq9m (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:nRon6YRBWuN0d9Zn */ /* Profile ksa.aqua-sec.starboard-operator ingress */
Chain cali-pri-_PfNIBb694QWVrNir-D (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ORIxCWSU2rY3Pcdp */ /* Profile ksa.cert-manager.cert-manager-webhook ingress */
Chain cali-pri-_SNWE5yYJqbVp3T74uu (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:4egtWG0DzI3B-1-i */ /* Profile ksa.cloudability-agents.cloudability-agents ingress */
Chain cali-pri-_UoG5p5kHTVsgjWFU8J (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:bnlbX79fQBnSkkET */ /* Profile ksa.gatekeeper-system.gatekeeper-opa-exporter ingress */
Chain cali-pri-_UyohNoyKLW1AAKp8kg (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:nOhPEAzUX4wmLgHE */ /* Profile ksa.gatekeeper-system.gatekeeper-admin ingress */
Chain cali-pri-_WAa7HIRU3lsWCsn7wS (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:eNFsgdzHSW6w8u93 */ /* Profile ksa.flux-system.helm-controller ingress */
Chain cali-pri-_XuuvRa7YSRB5Rj166K (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:NzWnw5-4Nhkl1UiY */ /* Profile ksa.zone-system.kubernetes-reflector ingress */
Chain cali-pri-_b-WIgmNvlBH1FuEYm2 (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:8ILT25kWcdkY3WEJ */ /* Profile ksa.kube-system.konnectivity-agent ingress */
Chain cali-pri-_eHJKQLQkMBXVA_0AzZ (1 references)
pkts bytes target prot opt in out source destination
21 1428 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:cFkxIpiHZyXWK8GR */ /* Profile kns.fo-monitoring-incluster ingress */ MARK or 0x10000
21 1428 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:fbRzZcmxKtTGlHDw */ mark match 0x10000/0x10000
Chain cali-pri-_fR_AzgDky1fzttFBA2 (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:3icAK9VAue9ZYV4- */ /* Profile ksa.kube-system.fluent-bit ingress */
Chain cali-pri-_jIqjZRYBC7uYsU5aR8 (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:yIrBtKL8FCg6UpHG */ /* Profile ksa.fo-monitoring-incluster.prometheus-stack-incluster-prometheus ingress */
Chain cali-pri-_nzzjLvInId1gPHmQz_ (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:UQoEf2WCdU0bPTCb */ /* Profile ksa.calico-system.calico-kube-controllers ingress */
Chain cali-pri-_u2Tn2rSoAPffvE7JO6 (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:WqgznqAQ-uYV0oBx */ /* Profile ksa.kube-system.coredns ingress */
Chain cali-pri-_v0b1CqFoQQZWDE7s1i (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:GdxTJTKRxM3lpUFd */ /* Profile ksa.fo-monitoring.monitoring-grafanaagent-logs ingress */
Chain cali-pri-_w7d_5jnMyxaId_Qep- (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:eWIQB71dygv3DC1e */ /* Profile ksa.kube-system.ama-logs ingress */
Chain cali-pri-_y1Xo39_WdGsJ3XS0rw (2 references)
pkts bytes target prot opt in out source destination
20072 1204K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:IlzJibeZKwVEUCRK */ /* Profile kns.gatekeeper-system ingress */ MARK or 0x10000
20072 1204K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:nOGo6DVaWxQP1-E7 */ mark match 0x10000/0x10000
Chain cali-pri-kns.aqua-sec (2 references)
pkts bytes target prot opt in out source destination
5 340 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:tl_z2qtKBOgrGuGV */ /* Profile kns.aqua-sec ingress */ MARK or 0x10000
5 340 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:MGaF9cBhCmH_AWG3 */ mark match 0x10000/0x10000
Chain cali-pri-kns.calico-system (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:hLANj-OVIyT53h_j */ /* Profile kns.calico-system ingress */ MARK or 0x10000
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:AHts2xleddEc04Gr */ mark match 0x10000/0x10000
Chain cali-pri-kns.cert-manager (2 references)
pkts bytes target prot opt in out source destination
7 712 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:1Y6XkKTENQvkzLTP */ /* Profile kns.cert-manager ingress */ MARK or 0x10000
7 712 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:2LpoXxVyUfGENGbS */ mark match 0x10000/0x10000
Chain cali-pri-kns.flux-system (2 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:F_C6aA_0_WuOiNi1 */ /* Profile kns.flux-system ingress */ MARK or 0x10000
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:MQThQr4R6XeLnX_F */ mark match 0x10000/0x10000
Chain cali-pri-kns.fo-monitoring (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:e3wKHUAh5n7JrBWk */ /* Profile kns.fo-monitoring ingress */ MARK or 0x10000
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:__wx-TUSrn_BwkL5 */ mark match 0x10000/0x10000
Chain cali-pri-kns.kube-system (5 references)
pkts bytes target prot opt in out source destination
3348K 354M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:J1TyxtHWd0qaBGK- */ /* Profile kns.kube-system ingress */ MARK or 0x10000
3348K 354M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:QIB6k7eEKdIg73Jp */ mark match 0x10000/0x10000
Chain cali-pri-kns.zone-system (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:CfGq3KrprWKYHLLe */ /* Profile kns.zone-system ingress */ MARK or 0x10000
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:q_7JgvM4ggQMj73R */ mark match 0x10000/0x10000
Chain cali-pro-_C8RSeHYUx-bz2fxKQu (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:S-27fzXu1Zvn8zpA */ /* Profile ksa.aqua-sec.aqua-sa egress */
Chain cali-pro-_CVSZITRyIpEmH8AB6H (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:jzJff9OzGIv_OyaY */ /* Profile ksa.kube-system.metrics-server egress */
Chain cali-pro-_H9Q8hjUtah9TbPh8OS (1 references)
pkts bytes target prot opt in out source destination
122K 9787K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:rK3_DgCeVH9MZ2Kr */ /* Profile kns.cloudability-agents egress */ MARK or 0x10000
122K 9787K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:8WT0iMJQHFk6RiDa */ mark match 0x10000/0x10000
Chain cali-pro-_JMjdn69jDC9MG2pgc3 (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:9kIKnJZJNU3YR3uQ */ /* Profile ksa.flux-system.source-controller egress */
Chain cali-pro-_L71WNr2BKLuR35s1xO (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:53pQiTSRCfsXP-JV */ /* Profile ksa.cert-manager.cert-sync-certsync egress */
Chain cali-pro-_MQC7iNJjo7HCQ5Nq9m (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:0BZ8s1VuaIeTO7QE */ /* Profile ksa.aqua-sec.starboard-operator egress */
Chain cali-pro-_PfNIBb694QWVrNir-D (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:xNAAOeSXwcTU2IRm */ /* Profile ksa.cert-manager.cert-manager-webhook egress */
Chain cali-pro-_SNWE5yYJqbVp3T74uu (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:yw-x6Az8zRLqx4Bd */ /* Profile ksa.cloudability-agents.cloudability-agents egress */
Chain cali-pro-_UoG5p5kHTVsgjWFU8J (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:YtCpTD0Sni2IPsgW */ /* Profile ksa.gatekeeper-system.gatekeeper-opa-exporter egress */
Chain cali-pro-_UyohNoyKLW1AAKp8kg (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:poPf7tOG1DOA90lw */ /* Profile ksa.gatekeeper-system.gatekeeper-admin egress */
Chain cali-pro-_WAa7HIRU3lsWCsn7wS (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JQSJ32ADD6KnbgKv */ /* Profile ksa.flux-system.helm-controller egress */
Chain cali-pro-_XuuvRa7YSRB5Rj166K (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:DiAH5cUkjdq4sOt9 */ /* Profile ksa.zone-system.kubernetes-reflector egress */
Chain cali-pro-_b-WIgmNvlBH1FuEYm2 (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:1ij2K89T3-KBfAqT */ /* Profile ksa.kube-system.konnectivity-agent egress */
Chain cali-pro-_eHJKQLQkMBXVA_0AzZ (1 references)
pkts bytes target prot opt in out source destination
71359 5065K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:tAc5llA5ekOc5F_R */ /* Profile kns.fo-monitoring-incluster egress */ MARK or 0x10000
71359 5065K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:orw7KYO0PHn46Nx9 */ mark match 0x10000/0x10000
Chain cali-pro-_fR_AzgDky1fzttFBA2 (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:BoHV_Rg8dpv-g7MC */ /* Profile ksa.kube-system.fluent-bit egress */
Chain cali-pro-_jIqjZRYBC7uYsU5aR8 (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:0wbTw179H35L10s4 */ /* Profile ksa.fo-monitoring-incluster.prometheus-stack-incluster-prometheus egress */
Chain cali-pro-_nzzjLvInId1gPHmQz_ (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:5bHxBXLMkJKgC6dk */ /* Profile ksa.calico-system.calico-kube-controllers egress */
Chain cali-pro-_u2Tn2rSoAPffvE7JO6 (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:0-_UPh39dt5XfhmJ */ /* Profile ksa.kube-system.coredns egress */
Chain cali-pro-_v0b1CqFoQQZWDE7s1i (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:GazKljxtNtOPA4r1 */ /* Profile ksa.fo-monitoring.monitoring-grafanaagent-logs egress */
Chain cali-pro-_w7d_5jnMyxaId_Qep- (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:P6aW7f8xxsNuP3lT */ /* Profile ksa.kube-system.ama-logs egress */
Chain cali-pro-_y1Xo39_WdGsJ3XS0rw (2 references)
pkts bytes target prot opt in out source destination
177K 15M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:yHkZZ1iiGeV4-b-Q */ /* Profile kns.gatekeeper-system egress */ MARK or 0x10000
177K 15M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Np-bwVQUuAyeaceQ */ mark match 0x10000/0x10000
Chain cali-pro-kns.aqua-sec (2 references)
pkts bytes target prot opt in out source destination
2312 248K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:M0CP9DKxSdxnyNc0 */ /* Profile kns.aqua-sec egress */ MARK or 0x10000
2312 248K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:jxulgxNr5oGYRbQX */ mark match 0x10000/0x10000
Chain cali-pro-kns.calico-system (1 references)
pkts bytes target prot opt in out source destination
2197 266K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:gWxJzCZXxl31NR0P */ /* Profile kns.calico-system egress */ MARK or 0x10000
2197 266K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:rHIqpX_kWRu4q0wP */ mark match 0x10000/0x10000
Chain cali-pro-kns.cert-manager (2 references)
pkts bytes target prot opt in out source destination
596K 57M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:pboahNbAAGJ_Lilz */ /* Profile kns.cert-manager egress */ MARK or 0x10000
596K 57M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:zTHGBGjzaAZcqPFY */ mark match 0x10000/0x10000
Chain cali-pro-kns.flux-system (2 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:lpR40KIh7XN5Cx80 */ /* Profile kns.flux-system egress */ MARK or 0x10000
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:6NtLIxNFg_3P701V */ mark match 0x10000/0x10000
Chain cali-pro-kns.fo-monitoring (1 references)
pkts bytes target prot opt in out source destination
59 6446 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:EjAA3QVdThg9JwZx */ /* Profile kns.fo-monitoring egress */ MARK or 0x10000
59 6446 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:tGtfOfaNKFlfo8As */ mark match 0x10000/0x10000
Chain cali-pro-kns.kube-system (5 references)
pkts bytes target prot opt in out source destination
746K 70M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:tgOR2S8DVHZW3F1M */ /* Profile kns.kube-system egress */ MARK or 0x10000
746K 70M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:HVEEtYPJsiGRXCIt */ mark match 0x10000/0x10000
Chain cali-pro-kns.zone-system (1 references)
pkts bytes target prot opt in out source destination
110 12376 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:zWUbtitpm6QVqEIH */ /* Profile kns.zone-system egress */ MARK or 0x10000
110 12376 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:nWvELc9Ex1ZBLsbq */ mark match 0x10000/0x10000
Chain cali-to-hep-forward (1 references)
pkts bytes target prot opt in out source destination
Chain cali-to-host-endpoint (1 references)
pkts bytes target prot opt in out source destination
Chain cali-to-wl-dispatch (1 references)
pkts bytes target prot opt in out source destination
2341K 259M cali-tw-azv063de78ce1f all -- * azv063de78ce1f 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:2A97pLzJndmjJ5oU */
9355K 9995M cali-to-wl-dispatch-1 all -- * azv1+ 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:0XB4IfcUz4CynWi_ */
3670K 7221M cali-tw-azv27f56a5e537 all -- * azv27f56a5e537 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:NumH3qwmFARDD6eT */
8126K 14G cali-tw-azv58948d172f9 all -- * azv58948d172f9 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:9Hk_OKuj1NShg20k */
8239K 32G cali-tw-azv6353dec4df5 all -- * azv6353dec4df5 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:7IaKah3esUDgK23y */
10M 17G cali-to-wl-dispatch-7 all -- * azv7+ 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:48IlItww5CFyYWMJ */
59M 156G cali-to-wl-dispatch-9 all -- * azv9+ 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:jmqpeKru2MmHD0-T */
89M 184G cali-to-wl-dispatch-a all -- * azva+ 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:rkGHLQ5xe1XYvh62 */
7604K 1080M cali-tw-azvcf45bde84d4 all -- * azvcf45bde84d4 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:rktj9KSAgiYAcXMY */
1440K 204M cali-tw-azvd2f24fe8b71 all -- * azvd2f24fe8b71 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:dneCXWIY2aNKTwp9 */
4884K 1001M cali-tw-azve6e31251c0e all -- * azve6e31251c0e 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:LaRrqBbrui0i616D */
86M 68G cali-to-wl-dispatch-f all -- * azvf+ 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:vNVWtIMZeleaWJJW */
433 29276 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:MlRb60JdNJxV1jDZ */ /* Unknown interface */
Chain cali-to-wl-dispatch-1 (1 references)
pkts bytes target prot opt in out source destination
25448 7909K cali-tw-azv1b9e3e91193 all -- * azv1b9e3e91193 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:xjE1SMAbivw4NV2L */
9504K 10G cali-tw-azv1d5f562fca9 all -- * azv1d5f562fca9 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:wJHoAwdrBayZxCgi */
7372 459K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:CCxojGvY18Zyna5d */ /* Unknown interface */
Chain cali-to-wl-dispatch-7 (1 references)
pkts bytes target prot opt in out source destination
4051K 8843M cali-tw-azv74f9fb83bad all -- * azv74f9fb83bad 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:S1Waeo3MzXCtjXbd */
6352K 7861M cali-tw-azv7d5c44ed6dd all -- * azv7d5c44ed6dd 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:Iibfz8OPjHRwby5c */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:4aWRP7zWEGtK9Gol */ /* Unknown interface */
Chain cali-to-wl-dispatch-9 (1 references)
pkts bytes target prot opt in out source destination
3640K 2275M cali-tw-azv980210b826e all -- * azv980210b826e 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:xe-rSQX-FrCDbS6I */
4556K 15G cali-tw-azv9d86a46ea25 all -- * azv9d86a46ea25 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:llONBDbK7Odyii1X */
51M 142G cali-tw-azv9fb20ea0598 all -- * azv9fb20ea0598 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:QDmYK0-S9BDPB35u */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:gIaC6jPgThbmILO1 */ /* Unknown interface */
Chain cali-to-wl-dispatch-a (1 references)
pkts bytes target prot opt in out source destination
86M 171G cali-tw-azva2cb8c7462f all -- * azva2cb8c7462f 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:dBmZAUkUkGzdlKRK */
4746K 16G cali-tw-azvac4be32bd5f all -- * azvac4be32bd5f 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:D_3cpP9LYNmVNHc- */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:s8Z_h6B4-VuDRTl_ */ /* Unknown interface */
Chain cali-to-wl-dispatch-f (1 references)
pkts bytes target prot opt in out source destination
87M 69G cali-tw-azvf977de10b6a all -- * azvf977de10b6a 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:fZz0AZWYyPKx8v7H */
75617 7955K cali-tw-azvff04e1174a9 all -- * azvff04e1174a9 0.0.0.0/0 0.0.0.0/0 [goto] /* cali:OOlQFr9wfKnNkPCO */
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:RPh6nvzc_S2yie_l */ /* Unknown interface */
Chain cali-tw-azv063de78ce1f (1 references)
pkts bytes target prot opt in out source destination
2379K 427M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Slo36z8JBbk3QrVj */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:N9myB9zKeS5qr4E1 */ ctstate INVALID
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:SrL6twfal2C4N5OC */ MARK and 0xfffeffff
0 0 cali-pri-kns.aqua-sec all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:9Ccd0IRHQlSavppH */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:4MNa1ETDt2K6DMZ6 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_C8RSeHYUx-bz2fxKQu all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:fWP2RTrdQqTGTlFZ */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:lru4_gVaI5B1hX32 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:RXi45ppsU-IcjlUm */ /* Drop if no profiles matched */
Chain cali-tw-azv1b9e3e91193 (1 references)
pkts bytes target prot opt in out source destination
25662 8265K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:wUdBG0-WyHHdotLr */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:BghlAwjwCXy-63yV */ ctstate INVALID
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:79E3OF7sW2c1_-nw */ MARK and 0xfffeffff
0 0 cali-pri-kns.fo-monitoring all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:aswm25GDEYZbe5jR */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:9V_saLH9bIQegJGB */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_v0b1CqFoQQZWDE7s1i all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:WqqvmAIVvcsd9YVu */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:4XHvgrJY6Y9y7wl7 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:NKXsCmGr9Xl2EEy2 */ /* Drop if no profiles matched */
Chain cali-tw-azv1d5f562fca9 (1 references)
pkts bytes target prot opt in out source destination
9504K 10G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:DzUoTI7F5oecJRoF */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:A2n0RHqpRWxZsl8i */ ctstate INVALID
9 612 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Y01fkPx2q4zeGdfT */ MARK and 0xfffeffff
9 612 cali-pri-_y1Xo39_WdGsJ3XS0rw all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:r3E5mTpDdpNfumaa */
9 612 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:oNVX93kvlUY5SfP_ */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_UoG5p5kHTVsgjWFU8J all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:_6VozTgFiJpNe-N3 */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:XtIg-dI4iQ8S15HD */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:vSr3FwRO9uVTrANA */ /* Drop if no profiles matched */
Chain cali-tw-azv27f56a5e537 (1 references)
pkts bytes target prot opt in out source destination
3742K 7365M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:d34X2EbQUxKXaUAe */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:3Rvw8tWwsox9zCYP */ ctstate INVALID
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:qKgKCoP_AARgK-n2 */ MARK and 0xfffeffff
0 0 cali-pri-kns.calico-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:q1VtnPwZPFW0L6H6 */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:I1-3mrbo6qB3rMie */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_nzzjLvInId1gPHmQz_ all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ZXz54hXjz3fD__Cj */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Mza-_qcboCxyoBTG */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:hInLvBk0kRou3Pzs */ /* Drop if no profiles matched */
Chain cali-tw-azv58948d172f9 (1 references)
pkts bytes target prot opt in out source destination
8281K 14G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Nq-REz8ZBbr4SiwI */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Gxt2kI1bNzUq3BOn */ ctstate INVALID
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:RbrBrSs6N2r3gziM */ MARK and 0xfffeffff
0 0 cali-pri-_H9Q8hjUtah9TbPh8OS all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:CSYv8ahfq91AEHyW */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:YFlv2UL5NIv1Ll_A */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_SNWE5yYJqbVp3T74uu all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:tGBTlGeiY5zGVVIW */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:od6epRYqxIfTVDbK */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:r8BxggwRexiPBgmi */ /* Drop if no profiles matched */
Chain cali-tw-azv6353dec4df5 (1 references)
pkts bytes target prot opt in out source destination
8389K 32G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:DtiTNzMG8XnkuLex */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:V5U3ItCuRLhAywsT */ ctstate INVALID
3428 232K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:-Vtjr7gfhNTklvFe */ MARK and 0xfffeffff
3428 232K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:texfY1rxWrtp4iI9 */ /* Start of policies */ MARK and 0xfffdffff
3428 232K cali-pi-_CnYwWeB-Cs2wlkBLI1r all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:BxMWIYLSnySDanhk */ mark match 0x0/0x20000
3427 232K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:XLPxcbaaihKS0v36 */ /* Return if policy accepted */ mark match 0x10000/0x10000
1 68 cali-pi-_wPWTZv6YdOuDVtelZQ- all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:AwTeOE1s_pv3dPpX */ mark match 0x0/0x20000
1 68 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Lq7_oE_zVLV5kJtJ */ /* Return if policy accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:TSXclHhJK6M006Vo */ /* Drop if no policies passed packet */ mark match 0x0/0x20000
0 0 cali-pri-kns.flux-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:5zyJ67hTWLXgDhrS */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:gOEVtURnp2RKTyCM */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_JMjdn69jDC9MG2pgc3 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:X01uK2MazPD5fZY7 */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:h_KX5etH86TzfF99 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:XA8GW5fMn7_id4Tr */ /* Drop if no profiles matched */
Chain cali-tw-azv74f9fb83bad (1 references)
pkts bytes target prot opt in out source destination
4092K 8972M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:YpacU49L_8xIGlrm */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:YNg6b0nbAZfGwxId */ ctstate INVALID
20063 1204K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:sR3g4P8eV41KnNyl */ MARK and 0xfffeffff
20063 1204K cali-pri-_y1Xo39_WdGsJ3XS0rw all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:fopnme676QGhNg-B */
20063 1204K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:09980QaE1YG65L6F */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_UyohNoyKLW1AAKp8kg all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:TOBGmnuyUAK5Vwo4 */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:YLy8Xu2vWijgEq1d */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:HN82bqU5wTBHqcVC */ /* Drop if no profiles matched */
Chain cali-tw-azv7d5c44ed6dd (1 references)
pkts bytes target prot opt in out source destination
6501K 8044M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:DXa2aaT5F1JzjCWn */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:tf90YtOd995fvcqa */ ctstate INVALID
5 340 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:N3fApcu8v0O3y3ZG */ MARK and 0xfffeffff
5 340 cali-pri-kns.aqua-sec all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:K_ljetMf5ULJOHn- */
5 340 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:SvmQ6Q7quAjQAnRT */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_MQC7iNJjo7HCQ5Nq9m all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:CYxPMH3AYUA8tj2r */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:H0BtIIk0YeVnPQ5r */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:P-iVZ4ThGkfI-IEE */ /* Drop if no profiles matched */
Chain cali-tw-azv980210b826e (1 references)
pkts bytes target prot opt in out source destination
3626K 2277M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:d72VCTLIb2-G6mDm */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:a27LHymKvgNTgobd */ ctstate INVALID
17381 1043K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:by1ei7ZDIvFKVhmC */ MARK and 0xfffeffff
17381 1043K cali-pri-kns.kube-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:iw_8MugO_3tpKXxh */
17381 1043K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Hron93DF-z3JjaRD */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_CVSZITRyIpEmH8AB6H all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:U1rGOLkBkVZTVl4E */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:KvlJebEQbiVcvsCK */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:fcs3kn0q6zA3O2ev */ /* Drop if no profiles matched */
Chain cali-tw-azv9d86a46ea25 (1 references)
pkts bytes target prot opt in out source destination
4561K 15G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:RKCKRN8pLMbRRt4D */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:2PfJw0ukwvO1gH7M */ ctstate INVALID
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:kHzseVL-yC2xb6Og */ MARK and 0xfffeffff
0 0 cali-pri-kns.zone-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:SMw8CrWsEIsE1oaY */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:231ouwtGnytLprWe */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_XuuvRa7YSRB5Rj166K all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Bux5dCbZgguq__B0 */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:GY2tPMqRqw5pni9k */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:zBP16tlbZxiSY37j */ /* Drop if no profiles matched */
Chain cali-tw-azv9fb20ea0598 (1 references)
pkts bytes target prot opt in out source destination
52M 142G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:uVe7TkenxYrBLKai */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:rJ27fefRQvFsRxJJ */ ctstate INVALID
1 68 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:9_V_AHhSJu_CKFrj */ MARK and 0xfffeffff
1 68 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:DMSN4pCAZ_iGdJ_8 */ /* Start of policies */ MARK and 0xfffdffff
1 68 cali-pi-_CnYwWeB-Cs2wlkBLI1r all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:3fI6_-QwaEiVOKIW */ mark match 0x0/0x20000
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:cFiahMeexbuiU72X */ /* Return if policy accepted */ mark match 0x10000/0x10000
1 68 cali-pi-_wPWTZv6YdOuDVtelZQ- all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:8vnjlofD4npjCz9p */ mark match 0x0/0x20000
1 68 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:02zIGxipGYDtoWZ9 */ /* Return if policy accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:gBrgpykxbWUP7khO */ /* Drop if no policies passed packet */ mark match 0x0/0x20000
0 0 cali-pri-kns.flux-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:VgeUDvGOoGCz4u2c */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:05uwR3R2JnbuPVCK */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_WAa7HIRU3lsWCsn7wS all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:TOhtGwvW0ShisOPe */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:sNrZR2jYzq1kQnB_ */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:T05B972XOdpn3YyX */ /* Drop if no profiles matched */
Chain cali-tw-azva2cb8c7462f (1 references)
pkts bytes target prot opt in out source destination
86M 171G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:j28poKzhFup3uIPt */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:uRHY_6m2lfFJDfpx */ ctstate INVALID
21 1428 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:DTL6vGmueqFqRTM6 */ MARK and 0xfffeffff
21 1428 cali-pri-_eHJKQLQkMBXVA_0AzZ all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Wqfixthtj8eI1brd */
21 1428 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:gIe3ZjUFU2Ltnqyw */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_jIqjZRYBC7uYsU5aR8 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:qLJOCxo0AS5t1yzP */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:N94KD_bqQkSsHDaF */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:yVPU1h-XSopc89e_ */ /* Drop if no profiles matched */
Chain cali-tw-azvac4be32bd5f (1 references)
pkts bytes target prot opt in out source destination
4746K 16G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:7yMQ1Tg22uVjRAxr */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:4Dgp30yM0yViBAeA */ ctstate INVALID
3 472 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:QuPTmAS1KVUtkY4k */ MARK and 0xfffeffff
3 472 cali-pri-kns.cert-manager all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:9jpMo1sWL89b94ri */
3 472 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ruSXVtUMRsN6kWUe */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_L71WNr2BKLuR35s1xO all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:NKZ-6OKrgXpnAz_O */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:qfc7qIAI_mzdsGRI */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:e_AAarJl9021ZOHU */ /* Drop if no profiles matched */
Chain cali-tw-azvcf45bde84d4 (1 references)
pkts bytes target prot opt in out source destination
4420K 748M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:uJB4uSuqZ2bpCDce */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:SmE6nuMSOu30-oyB */ ctstate INVALID
3331K 353M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:I2qcTCYxQPA1gRZA */ MARK and 0xfffeffff
3331K 353M cali-pri-kns.kube-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:go4jy9qd5VW8Yd6h */
3331K 353M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:UqOKR80sVRyhavW- */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_u2Tn2rSoAPffvE7JO6 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:MlJmmLNcj75SmoTu */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:_QwFQQ8fYrPV1frF */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:NGYZRzOAV-LPk-YC */ /* Drop if no profiles matched */
Chain cali-tw-azvd2f24fe8b71 (1 references)
pkts bytes target prot opt in out source destination
1461K 207M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:bN6SetyH09WA_-U_ */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ojLqYDwqYztx3v2y */ ctstate INVALID
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:s_cPnntGEenlVcmG */ MARK and 0xfffeffff
0 0 cali-pri-kns.kube-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:lfexgOHn5Blox_91 */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:LTTQvNXGi_iyEoE2 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_fR_AzgDky1fzttFBA2 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:HgJorPv1f8rqDTdC */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:5YjBFk2vm8pQoAGH */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ZDHXLmbPjv79Zu0_ */ /* Drop if no profiles matched */
Chain cali-tw-azve6e31251c0e (1 references)
pkts bytes target prot opt in out source destination
4981K 1021M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:KowyFZy1oBFbKlgM */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JK2XZZdWNbAfCsVt */ ctstate INVALID
6 1170 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:86PiOtMeMXA4H2OH */ MARK and 0xfffeffff
6 1170 cali-pri-kns.kube-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:-lhf5bHxBsHm6Zw0 */
6 1170 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Dl7w1D4eadnYC007 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_w7d_5jnMyxaId_Qep- all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:jQtFjndLc9PqVE9e */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:jQapmHEOuXImLSnm */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:DFQ_RJ5xa1JLiUW7 */ /* Drop if no profiles matched */
Chain cali-tw-azvf977de10b6a (1 references)
pkts bytes target prot opt in out source destination
88M 69G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:xekHUMk0qpkPUI6W */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:9GpDhUHMJbDGWfz0 */ ctstate INVALID
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:CQePQ6D2pPmkIikP */ MARK and 0xfffeffff
0 0 cali-pri-kns.kube-system all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:D98fchbzazcjrPEh */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:JiV9VGngCN_5Vo7D */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_b-WIgmNvlBH1FuEYm2 all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:_NXWLpGApTyXpBgM */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:M8dr37PMvnU4z5MG */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:sdEBGmheC8hGUDvo */ /* Drop if no profiles matched */
Chain cali-tw-azvff04e1174a9 (1 references)
pkts bytes target prot opt in out source destination
76142 8025K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:mzyKJ0gR9iiYWVgr */ ctstate RELATED,ESTABLISHED
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:EPR5G31X2WaeGIQW */ ctstate INVALID
4 240 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:o7_t-LoSBOmrnIKz */ MARK and 0xfffeffff
4 240 cali-pri-kns.cert-manager all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:YojRGGiSyvuS_01K */
4 240 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:eXtWQ2WaLiGoHgNV */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 cali-pri-_PfNIBb694QWVrNir-D all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ueyqQ2UCFz3YAGzO */
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:GrcwAPGRAMs_KFE0 */ /* Return if profile accepted */ mark match 0x10000/0x10000
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:E8FB1NVSa7r4a7SW */ /* Drop if no profiles matched */
Chain cali-wl-to-host (1 references)
pkts bytes target prot opt in out source destination
22M 2433M cali-from-wl-dispatch all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Ee9Sbo10IpVujdIY */
95923 5796K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:nSZbcOoG1xPONxb8 */ /* Configured DefaultEndpointToHostAction */Note that:
- The interface azv273e606af77 is not in the list of rules
- The number of packets dropped at the end of chain
cali-from-wl-dispatchis 1774K
Intermittently (once a month-ish, no defined schedule), some or all linux nodes in our AKS cluster will stop updating the iptable chain rules. Then all traffic from new pods on the node will begin to drop traffic since the new pods network interface is not in the list of chain rules. It appears that the calico-node pod on the node with the issue is functioning properly but the iptables just do not get updated.
Expected Behavior
When a new pod is started the iptable is correctly updated so the pod can send network traffic.
Current Behavior
When a new pod is started the iptable is not updated so any traffic from/to that pod is denied.
Steps to Reproduce (for bugs)
Unknown
Context
Once all or some of the nodes are stuck in this state our system is unable to start new pods which can bring down our application.
Your Environment