Service Node Network Interruption After Calico Is Deployed on Kubernetes

Symptom

After Calico is deployed on Kubernetes, the network of the service node is interrupted.

Key Process and Cause Analysis

Check whether the Hi1822 NIC is used on the network plane.

By default, Calico uses IPIP (IP tunnel mode). However, the Hi1822 NIC firmware version does not support checksum offload of IP tunnel packets and the TSO function. If checksum offload and TSO are enabled in the TX direction of the NIC and the system sends IP tunnel packets, the NIC functions become abnormal. As a result, the NIC hardware does not obtain packets from the host and sends them to the network side, and the driver reports a TX timeout error.

Specifically, the service network is interrupted and disconnected from the gateway. The service network can be recovered only after the gateway is restarted.

Conclusion and Solution

You are advised to check the NIC first. If the Hi1822 NIC is used, run the ethtool command to disable the verification and offload in the TX direction.

ethtool -K <eth-port> tx off