0

I have the following scenario where I run a Docker container which has configured inside of it a Linux bridge br0 and attached to it I have the main interface eth0 of the container and a TAP interface tap0. This last is connected to a QEMU guest machine running into the container.

The Docker container runs on a Kubernetes cluster with Calico as CNI.

The situation I have is that when I ping the IP of the container (which is assigned to the TAP interface) then I get no response.

I have then started to debug with the old mate tcpdump and I have found out that the packet arrives correctly to the eth0 of the container, they go to the bridge br0 but they do not arrive to the TAP interface tap0. For some unknown reasons, the packets are discarded.

Do you have any idea?

I have tried to disable the rf filter of the bridge but did not get to anything.

Mazzy
  • 243
  • 1
  • 2
  • 11
  • Would you be using NetworkPolicies, maybe?! Nothing out of the ordinary with your other containers? – SYN Jan 15 '21 at 18:41
  • The mere fact of running Docker usually activates the infamous br_netfilter module which interferes with bridging. I don't know for k8s. Check these Q/A (where I made answers about this interference): https://unix.stackexchange.com/questions/572022/linux-bridge-for-virtual-machines-not-forwarding-ip-packets-but-is-forwarding-a/572086#572086, https://unix.stackexchange.com/questions/572022/linux-bridge-for-virtual-machines-not-forwarding-ip-packets-but-is-forwarding-a/572086#572086 , or on SF: https://serverfault.com/questions/963759/docker-breaks-libvirt-bridge-network/964491#964491 – A.B Jan 19 '21 at 16:37
  • No SYN no network policies. – Mazzy Jan 19 '21 at 19:40
  • @A.B I would need to double check but I've already run sysctl to disable iptables inside the container but I did not get the result wanted, maybe I've should run inside the guest QEMU – Mazzy Jan 19 '21 at 19:42

1 Answers1

0

I've solved the issue.

The reason was that the routes stolen to the container were not pushed into the guest OS.

Mazzy
  • 243
  • 1
  • 2
  • 11