2

My cluster is running on-prem. Currently when I try to ping the external IP of service type LoadBalancer assigned to it from Metal LB. I get a reply from one of the VM's hosting the pods - Destination Host unreachable. Is this because the pods are on an internal kubernetes network(I am using calico) and cannot be pinged. A detailed explanation of the scenario can help to understand it better. Also all the services are performing as expected. I am just curious to know the exact reason behind this since I am new at this. Any help will be much appreciated. Thank you

Dan Bowling
  • 1,205
  • 1
  • 15
  • 41
Dravid S Sundaram
  • 21
  • 1
  • 2
  • Could you share you configuration? Status of metallb pods, output of `kubectl get svc -A` , metallb configmap. It will help to narrow down the issue and troubleshoot it. – kool Jun 09 '20 at 14:21

2 Answers2

3

The LoadbalancerIP or the External SVC IP will never be pingable.

When you define a service of type LoadBalancer, you are saying I would like to Listen on TCP port 8080 for eg: on this SVC.

And that is the only thing your External SVC IP will respond to.

A ping would be UDP ICMP packets that do not match the destination of TCP port 8080.

You can do an nc -v <ExternalIP> 8080 to test it.

OR

use a tool like mtr and pass --tcp --port 8080 to do your tests

Sushil Suresh
  • 31
  • 2
  • Is there any possible way to get the IP to respond to the ping? Any workaround or anything? – Mohammed Noureldin Sep 09 '22 at 19:31
  • 1
    No can't do, is the simple and short answer. If you need a detailed explanation as to why, the below article might help. https://nigelpoulton.com/why-you-cant-ping-a-kubernetes-service/?amp=1 – Sushil Suresh Sep 11 '22 at 05:15
1

Actually, during installation of metal LB, we need to assign a ip range from which metal LB can assign ip. Those ip must be in range of your dhcp network. for example in virtual box, network ip is assigned from the Virtualbox host-only adapter dhcp server if you use host-only adapter.

The components of metal LB are:

The metallb-system/controller deployment. This is the cluster-wide controller that handles IP address assignments. The metallb-system/speaker daemonset. This is the component that speaks the protocol(s) of your choice to make the services reachable.

when you change the service type loadbalancer, Metal LB will assigned a ip address from its ip pools which is basically maping of kubernets internal ip with the metal LB assigned ip. you can see this by 

kubect get svc  -n namespaces

For more details, please check this document.

Taybur Rahman
  • 1,347
  • 8
  • 20
  • Thanks for the response. But my question is what happens when I try to ping that External IP assigned for my service of type Loadbalancer. Is it a normal behaviour to see unreachable host while pinging that particular service External IP ?? – Dravid S Sundaram Jun 07 '20 at 05:30
  • No its not normal behaviour . So far i remember, it should not be shown Destination Host unreachable. you should get reply of ping/ – Taybur Rahman Jun 07 '20 at 05:56
  • Okay It is getting reply from one of the VM's hosting the pod But the reply is - Destination host unreachable. What I was thinking that since the pods have their own internal kubernetes network with IP's assigned from calico, it may not be possible to ping them using an external IP available to the outside world.Since the services resolve to one of the healthy pods which are in a private internal network of kubernetes. And hence the reply from one of the VM's. Also when I try to connect to any of the services everything is working fine and I am able to go to one of the pods behind the service. – Dravid S Sundaram Jun 07 '20 at 09:54
  • @DravidSSundaram sounds good and logical, i will recheck this issue again in my lab environement. – Taybur Rahman Jun 07 '20 at 11:05
  • Okay sure. Thanks a lot @TayburRahaman. Let me know if you encounter a different scenario while pinging the service. Thanks again – Dravid S Sundaram Jun 07 '20 at 11:34