Kubernetes nodes fail to connect to Antrea egress IP
Article ID: 369354
Updated On:
Products
Issue/Introduction
- Kubernetes nodes fail to connect to Antrea Egress IP but can ping it.
- NSX distributed firewall dropping packets from the node to the egress IP
Environment
VMware Antrea Version 1.15
Open Source Antrea Version 1.9
VMware NSX
Cause
Antrea egress IP is missing from the NSX segment associated with the kubernetes environment
You can view this by going to Networking > Segments > Click on Ports / Interfaces of the segment in question.
Expand the Port name and Address Binding then click on View next to Realized Bindings
Here you will see if the Antrea Egress IP is missing or not.
Resolution
If the Antrea Egress is missing, you can check to see if Arp Snooping is enabled in your segment profile.
Under the NSX Segment name, expand Segment Profiles. Check the IP discovery profile name and make sure it matches the profile you wish to use.
Now check to make sure Arp Snooping is enabled in that segment profile.
If it is not enabled, then edit it to enable it and check the IP shows in the Realized Bindings.
Feedback
