Skip to content

Pod network connectivity non-functional as a result of sysctl net.ipv4.ip_forward=0

This document (000020166) is provided subject to the disclaimer at the end of this document.

Situation

Issue

If the sysctl net.ipv4.ip_forward is set to 0 (disabled) on a Linux host, then IPv4 packet forwarding is disabled.

As a result, on a Kubernetes nodes this will prevent Pod networking from functioning.

You can confirm the current value of this sysctl on a Linux host, if you are experiencing a network issue, with the following:

sysctl net.ipv4.ip_forward

The output should show 1, for enabled.

Pre-requisites

  • A Kubernetes cluster with a CNI (Container Network Interface) plugin configure, e.g. an RKE (Rancher Kubernetes Engine) or Rancher launched cluster.
  • The systctl net.ipv4.ip_forward set to 0 (disabled) on the cluster hosts.

Resolution

Check if the kernel parameter net.ipv4.ip_forward is set to 1 with:

sysctl net.ipv4.ip_forward

If the current value of net.ipv4.ip_forward is 0, then set to this to 1 with the following:

sysctl net.ipv4.ip_forward=1

To make it permanent across reboot, add the following line in /etc/sysctl.conf:

net.ipv4.ip_forward=1

With this sysctl correctly enabled, Pod ingress and egress will be able to function as expected.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.