Skip to content

BPFSocketLBHostnsOnly not work in cilium 1.18

Is there an existing issue for this?

  • I have searched the existing issues

Version

equal or higher than v1.18.3 and lower than v1.19.0

What happened?

  1. cilium 1.18.3 with --bpf-lb-sock-hostns-only=true --bpf-lb-sock=true , curl clusterIP failed when in host ns.
KubeProxyReplacement Details:
  Status:                 False
  Socket LB:              Enabled
  Socket LB Tracing:      Enabled
  Socket LB Coverage:     Hostns-only
  Session Affinity:       Enabled
  Graceful Termination:   Enabled
  NAT46/64 Support:       Disabled
  Services:
  - ClusterIP:      Enabled
  - NodePort:       Disabled
  - LoadBalancer:   Disabled
  - externalIPs:    Disabled
  - HostPort:       Disabled
  Annotations:      (n/a)
  1. there is no cgroup attached
# bpftool cgroup tree
CgroupPath
ID       AttachType      AttachFlags     Name
  1. when set --bpf-lb-sock-hostns-only=false --bpf-lb-sock=true, the cgroup attached, and curl clusterIP success when in host ns.
# bpftool cgroup tree
CgroupPath
ID       AttachType      AttachFlags     Name
/run/cilium/cgroupv2
481      connect4        multi           cil_sock4_conne
483      connect6        multi           cil_sock6_conne
485      post_bind4      multi           cil_sock4_post_
490      post_bind6      multi           cil_sock6_post_
488      sendmsg4        multi           cil_sock4_sendm
484      sendmsg6        multi           cil_sock6_sendm
480      recvmsg4        multi           cil_sock4_recvm
482      recvmsg6        multi           cil_sock6_recvm
489      getpeername4    multi           cil_sock4_getpe
487      getpeername6    multi           cil_sock6_getpe
486      sock_release    multi           cil_sock_releas

How can we reproduce the issue?

helm upgrade --install cilium cilium/cilium \
  --namespace kube-system \
  --set socketLB.enabled=true \
  --set socketLB.hostNamespaceOnly=true

Cilium Version

cilium version

Client: 1.18.3 c1601689 2025-10-22T19:15:36+00:00 go version go1.24.9 linux/amd64 Daemon: 1.18.3 c1601689 2025-10-22T19:15:36+00:00 go version go1.24.9 linux/amd64

Kernel Version

uname -a

5.10.0-182.0.0.95.r2825_235.hce2.x86_64 #1 SMP Wed Jun 25 12:52:55 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Kubernetes Version

kubectl version

Client Version: v1.33.5 Kustomize Version: v5.6.0 Server Version: v1.33.5

Regression

No response

Sysdump

No response

Relevant log output

Anything else?

No response

Cilium Users Document

  • Are you a user of Cilium? Please add yourself to the Users doc

Code of Conduct

  • I agree to follow this project's Code of Conduct