pod can't access itself via service (IPv6 loopback)Β #26733
Description
Is there an existing issue for this?
- I have searched the existing issues
What happened?
In a dual-stack cluster, I create a pod and an ipv6 service, this pod is the only endpoint for this service. and I found that the service cannot be accessed in the pod.
root@cyclinder3:~/cyclinder# kubectl get po -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
test1-6dd8dc96c6-nfv92 1/1 Running 0 29m 10.244.65.80 ty-spider-control-plane <none> <none>
root@cyclinder3:~:/home/cilium# cilium endpoint list | grep test1
199 Disabled Disabled 38058 k8s:app=test1 fd00:10:244::1e0 10.244.65.80 ready
I used cilium monitor and found that only SYN packets were sent and no ACK packets were responded.
root@cyclinder3:/home/cilium# cilium service list | grep fd00:10:244::1e0
14 [fd00:10:233::6d5]:80 ClusterIP 1 => [fd00:10:244::1e0]:80 (active)root@test1-6dd8dc96c6-nfv92:/# curl -g [fd00:10:233::6d5]:80
curl: (28) Failed to connect to fd00:10:233::e5f port 80 after 131032 ms: Connection timed out
# another screen
root@ty-spider-control-plane:/home/cilium# cilium monitor --from 199
Listening for events on 16 CPUs with 64x4096 of shared memory
Press Ctrl-C to quit
level=info msg="Initializing dissection cache..." subsys=monitor
-> endpoint 199 flow 0x878a41da , identity 38058->38058 state new ifindex lxc6b1e61147d85 orig-ip fd00:10:244::1e0: [fd00:10:244::1e0]:45382 -> [fd00:10:244::1e0]:80 tcp SYN
-> endpoint 199 flow 0xd58912ba , identity 38058->38058 state established ifindex lxc6b1e61147d85 orig-ip fd00:10:244::1e0: [fd00:10:244::1e0]:45382 -> [fd00:10:244::1e0]:80 tcp SYN
-> endpoint 199 flow 0x42998434 , identity 38058->38058 state established ifindex lxc6b1e61147d85 orig-ip fd00:10:244::1e0: [fd00:10:244::1e0]:45382 -> [fd00:10:244::1e0]:80 tcp SYN
-> endpoint 199 flow 0x8f5076ac , identity 38058->38058 state established ifindex lxc6b1e61147d85 orig-ip fd00:10:244::1e0: [fd00:10:244::1e0]:45382 -> [fd00:10:244::1e0]:80 tcp SYN
-> endpoint 199 flow 0xa0c922ba , identity 38058->38058 state established ifindex lxc6b1e61147d85 orig-ip fd00:10:244::1e0: [fd00:10:244::1e0]:45382 -> [fd00:10:244::1e0]:80 tcp SYNCilium Version
root@ty-spider-control-plane:/home/cilium# cilium version
Client: 1.13.4 4061cdfc 2023-06-14T03:37:39+00:00 go version go1.19.10 linux/amd64
Daemon: 1.13.4 4061cdfc 2023-06-14T03:37:39+00:00 go version go1.19.10 linux/amd64
Kernel Version
root@ty-spider-control-plane:~# uname -a
Linux ty-spider-control-plane 5.15.0-75-generic #82-Ubuntu SMP Tue Jun 6 23:10:23 UTC 2023 x86_64 GNU/Linux
Kubernetes Version
root@ty-spider-control-plane:~# kubectl version
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version.
Client Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.1", GitCommit:"4c9411232e10168d7b050c49a1b59f6df9d7ea4b", GitTreeState:"clean", BuildDate:"2023-05-12T19:03:40Z", GoVersion:"go1.20.3", Compiler:"gc", Platform:"linux/amd64"}
Kustomize Version: v5.0.1
Server Version: version.Info{Major:"1", Minor:"27", GitVersion:"v1.27.1", GitCommit:"4c9411232e10168d7b050c49a1b59f6df9d7ea4b", GitTreeState:"clean", BuildDate:"2023-05-12T19:03:40Z", GoVersion:"go1.20.3", Compiler:"gc", Platform:"linux/amd64"}
Sysdump
v1.13.4: cilium-sysdump-20230710-111806.zip
v1.12.5: cilium-sysdump-20230711-105810.zip
Relevant log output
No response
Anything else?
No response
Code of Conduct
- I agree to follow this project's Code of Conduct
Metadata
Metadata
Assignees
Labels
Impacts bpf/ or low-level forwarding details, including map management and monitor messages.Impacts load-balancing and Kubernetes service implementationsRelates to IPv6 protocol supportThis is a bug in the Cilium logic.This was reported by a user in the Cilium community, eg via Slack.These issues are not marked stale by our issue bot.