Unable to create route for IP; the node it belongs to was not recorded in IPAM #11393
Description
Expected Behavior
calico BGP mesh is not making load-balancer assigned routes available on nodes in the cluster
Current Behavior
I have a standard RKE2 cluster applied, configured with the default IP pool range.
To this I have added the following IP pool:
---
apiVersion: projectcalico.org/v3
kind: BGPConfiguration
metadata:
name: default
spec:
serviceLoadBalancerIPs:
- cidr: 192.168.123.0/24
---
apiVersion: projectcalico.org/v3
kind: IPPool
metadata:
name: loadbalancer-ip-pool
spec:
cidr: 192.168.123.0/24
blockSize: 29
natOutgoing: true
disabled: false
assignmentMode: Automatic
allowedUses:
- LoadBalancerWhen envoy-gateway comes up with this configuration I can see it's picked up an IP from the pool, and calicoctl confirms this:
# sample of the envoy gateway service diagram
status:
loadBalancer:
ingress:
- ip: 192.168.123.80
ipMode: VIPCalico is running with a full mesh config figuration for BGP and appears to be healthy. However, no routes for 192.168.123.80 are appearing anywhere in the cluster. The only clue I have is Felix logs which seem to imply it can't assign the route to a node:
$ kubectl calico node status
Calico process is running.
IPv4 BGP status
+-----------------+-------------------+-------+----------+-------------+
| PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO |
+-----------------+-------------------+-------+----------+-------------+
| 192.168.122.90 | node-to-node mesh | up | 11:30:14 | Established |
| 192.168.122.192 | node-to-node mesh | up | 11:30:14 | Established |
| 192.168.122.143 | node-to-node mesh | up | 11:40:09 | Established |
+-----------------+-------------------+-------+----------+-------------+
IPv6 BGP status
No IPv6 peers found.
calico-node-mdstm calico-node 2025-11-17 11:32:23.818 [WARNING][397] felix/l3_route_resolver.go 687: Unable to create route for IP; the node it belongs to was not recorded in IPAM IP=192.168.123.80
calico-node-mdstm calico-node 2025-11-17 11:32:23.820 [INFO][397] felix/int_dataplane.go 2201: Received *proto.RouteUpdate update from calculation graph. msg=types:REMOTE_WORKLOAD dst:"192.168.123.80/29" dst_node_name:"load-balancer"
calico-node-mdstm calico-node 2025-11-17 11:46:23.911 [WARNING][1085] felix/l3_route_resolver.go 687: Unable to create route for IP; the node it belongs to was not recorded in IPAM IP=192.168.123.80
calico-node-mdstm calico-node 2025-11-17 11:46:23.916 [INFO][1085] felix/int_dataplane.go 2201: Received *proto.RouteUpdate update from calculation graph. msg=types:REMOTE_WORKLOAD dst:"192.168.123.80/29" dst_node_name:"load-balancer"
I don't understand why Felix seems to believe this node cannot be assigned this IP? The one guess I can make is that because the actual nodes are on a different subnet (192.168.122.0/24) that it's refusing too? But should this be the case? Externally I can set routing to direct packets towards the K8S nodes (which are libvirt VMs on an if-bridge at the moment)
Context
Currently I'm testing a cluster in a virtual environment where I'm trying to set it up more how I want the real deployment to go. So specifically the chain I want is:
-> 192.168.122.1 (the VM network) -> 192.168.122.220 (kubernetes master node) -> 192.168.123.80 (envoy-gateway load balancer)
This should work AFAIK with my host set with a static route for 192.168.123.0/24 via 192.168.122.220. The problem is...the Calico nodes don't have any routes for the LoadBalancer IP (I can see a lot of routes for various workloads).
Your Environment
- Calico version v3.30.2
- Calico dataplane nftables
- Orchestrator version: RKE2 v1.33.4+rke2r1
- Operating System and version: Fedora 43