Neil Wilson

Neighbor advertisements on ens3 start coming from the wrong address which triggers anti-spoofing filters. 16:13:21.283366 IP6 fe80::205c:d7ff:fe34:d4f > ff02::1:fff1:d22a: ICMP6, neighbor solicitation, who has 2a02:1348:17c:748a:24:19ff:fef1:d22a, length 32 16:13:21.283416 IP6 fd00:c0a8::22ec...

Route table $ ip -6 route ::1 dev lo proto kernel metric 256 pref medium 2a02:1348:17c:748a:24:19ff:fef1:d22a dev cilium_host proto kernel metric 256 pref medium 2a02:1348:17c:748a::/64 dev ens3 proto ra metric...

For $ ip addr show ens3 2: ens3: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 02:24:19:f1:cb:4e brd ff:ff:ff:ff:ff:ff inet 10.241.203.78/30 brd 10.241.203.79 scope global dynamic ens3...

The source address on the NA packets is the internal k8s Ipv6 CIDR address allocated to the host $ sudo tcpdump -i ens3 -n ip6 tcpdump: verbose output suppressed, use...

If IPv6 does follow the IPv4 pattern then that suggests https://github.com/cilium/cilium/blob/608d29de8e9abf888c758267961b8c5e16e0a6ae/pkg/datapath/loader/base.go#L231 probably ought to be `args[initArgIPv6NodeIP] = node.GetIPv6Router().String()` A bit of a stab in the dark though since I don't...

Regrettably, changing the IP addresses on the interfaces doesn't fix the NDP responses for the host when the internal IPv6 CIDR is cluster local addressing. Looks like the BPF is...

I figured as much. However doing that means you can't access the Host via IPv6 as the NA packet for a NS that is requesting access to the host, not...

Any movement on this? I'm running up against it to support autoscaling features within a kubeadm deployed cluster. Current workaround is to turn off CA checking of the kubelet certificate....

Hi, Backported cherry-picks of the Brightbox cloud provider for release 1.27 are in PR #6425

Backported cherry-picks of the Brightbox cloud provider for release 1.26 are in PR #6429