Skip to content

Egress Gateway reports Gateway IP as not found #39985

New issue
New issue
Closed
#40209
Closed
Egress Gateway reports Gateway IP as not found#39985
#40209
Assignees
rgo3
Labels
area/agentCilium agent related.feature/egress-gatewayImpacts the egress IP gateway feature.info-completedThe GH issue has received a reply from the authorkind/community-reportThis was reported by a user in the Cilium community, eg via Slack.kind/prerelease-testingPart of testing prerelease snapshotskind/regressionThis functionality worked fine before, but was broken in a newer release of Cilium.
@rissson

Description

@rissson
rissson
opened on Jun 10, 2025

Test Category

Other

Test Details

Egress gateway is as follows:

apiVersion: cilium.io/v2
kind: CiliumEgressGatewayPolicy
metadata:
  name: services-stalwart-mail-egress
spec:
  selectors:
  - podSelector:
      matchLabels:
        io.kubernetes.pod.namespace: services-stalwart
  destinationCIDRs:
  - 0.0.0.0/0
  egressGateway:
    egressIP: 148.251.148.232
    nodeSelector:
      matchLabels:
        kubernetes.io/hostname: k3s-1.fsn.as212024.net

The error I'm seeing

❯ k exec -it cilium-bf576 -- cilium-dbg bpf egress list
Source IP       Destination CIDR   Egress IP         Gateway IP
172.28.131.174   0.0.0.0/0          148.251.148.232   Not Found

Also, the IPv4 packets from the pod seem to just get dropped

[root@k3s-1.fsn.as212024.net ~] # tcpdump -ni any ip dst 94.239.123.72
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
19:33:54.889173 lxc717639f8982b In  IP 172.28.131.174.37432 > 94.239.123.72.443: Flags [S], seq 3437114132, win 64860, options [mss 1410,sackOK,TS val 1401920319 ecr 0,nop,wscale 7], length 0
19:33:55.914562 lxc717639f8982b In  IP 172.28.131.174.37432 > 94.239.123.72.443: Flags [S], seq 3437114132, win 64860, options [mss 1410,sackOK,TS val 1401921345 ecr 0,nop,wscale 7], length 0
19:33:57.930581 lxc717639f8982b In  IP 172.28.131.174.37432 > 94.239.123.72.443: Flags [S], seq 3437114132, win 64860, options [mss 1410,sackOK,TS val 1401923361 ecr 0,nop,wscale 7], length 0

With no response ever coming

Time

It took 30 mins to attempt this test

Test Status

Failure: Reproducible bug encountered/filed

Cilium Version

Client: 1.18.0-pre.3 593834e 2025-06-03T08:20:01+00:00 go version go1.24.3 linux/amd64
Daemon: 1.18.0-pre.3 593834e 2025-06-03T08:20:01+00:00 go version go1.24.3 linux/amd64

Kernel Version

Linux k3s-1.fsn.as212024.net 6.1.0-37-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.140-1 (2025-05-22) x86_64 GNU/Linux

Kubernetes Version

Server Version: v1.32.4+k3s1

Related GitHub Issues

No response

Other Feedback

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct

Metadata

Metadata

Assignees

Labels

area/agentCilium agent related.feature/egress-gatewayImpacts the egress IP gateway feature.info-completedThe GH issue has received a reply from the authorkind/community-reportThis was reported by a user in the Cilium community, eg via Slack.kind/prerelease-testingPart of testing prerelease snapshotskind/regressionThis functionality worked fine before, but was broken in a newer release of Cilium.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions