[Help] Only pods on some nodes can connect to opposite cluster

12 views

Skip to first unread message

Teruyuki Takazawa

unread,

Oct 15, 2021, 9:05:31 AM10/15/21

to submariner-users

Hi.

I'm trying two OpenShift clusters to be connected by submariner but facing the problem.

Versions:

OpenShift: 4.8

Submariner v0.11.0-rc1 (also tried v0.10.0)

Clusters

1. tok (with broker)

2. osa

Nodes:

1. tok:

10.244.2.36 (gw)

10.244.130.28

10.244.66.34

2. osa

10.248.0.10 (gw)

10.248.64.11

10.248.128.10

Connections:

$ KUBECONFIG=./tok.config subctl show all

Cluster "c100-e-jp-tok-containers-cloud-ibm-com:30677"

✓ Showing Connections

GATEWAY CLUSTER REMOTE IP NAT CABLE DRIVER SUBNETS STATUS RTT avg.

kube-c5j0dfuo0fmosdq1d1pg-roksd osa 10.248.0.10 no vxlan 172.22.0.0/16, 172.17.192.0/18 connected 8.473711ms

✓ Showing Endpoints

CLUSTER ID ENDPOINT IP PUBLIC IP CABLE DRIVER TYPE

tok 10.244.2.36 162.133.132.17 vxlan local

osa 10.248.0.10 163.68.87.58 vxlan remote

✓ Showing Gateways

NODE HA STATUS SUMMARY

kube-c5g3vset0jaip0r1pmkg-rokso active All connections (1) are established

Discovered network details via Submariner:

Network plugin: Calico

Service CIDRs: [172.21.0.0/16]

Cluster CIDRs: [172.17.128.0/18]

✓ Showing Network details

COMPONENT REPOSITORY VERSION

submariner quay.io/submariner 0.11.0-rc1

submariner-operator quay.io/submariner 0.11.0-rc1

service-discovery quay.io/submariner 0.11.0-rc1

✓ Showing versions

Issues:

- I executed pods to both of clusters.

- subctl exported both of services.

- From tok cluster, any pods on any nodes can connect to osa's exported service.

- From osa cluster, only a pod on 10.248.0.10 can connect to tok's service. Pods on other nodes (10.248.64.11, 10.248.128.10) can not. it result in time out.