DNS Resolution Fails in VXLAN Mode

[landryuga]

I deployed Calico versions v3.26.4, v3.28.0, and v3.29.0 on 3 diffrents cluster. When switching the encapsulation mode from VXLANCrossSubnet to VXLAN, DNS resolution stopped working in versions v3.28.0 and v3.29.0, while it continued to function in v3.26.4

Expected Behavior

DNS resolution should work with VXLAN encapsulation in all tested Calico versions.

Current Behavior

After testing, I observed that DNS resolution only succeeds if the CoreDNS pod is on the same node as the pod making the nslookup request. With VXLAN mode enabled, nodes can ping each other successfully, but nslookup and curl requests fail. The DNS packets do not appear to reach the vxlan.calico interface on the node where CoreDNS is running.

Possible Solution

Steps to Reproduce (for bugs)

1. Install Calico using the Tigera Operator.
2. Change the encapsulation mode from VXLANCrossSubnet to VXLAN.
3. Deploy a Linux pod and run nslookup kubernetes.default to test DNS resolution.

Context

Your Environment

Calico Version: v3.28.0 or v3.29.0
Orchestrator Version: Kubernetes v1.32.2
Operating System: Debian 12
Calico Dataplane: iptables

[coutinhop]

@landryuga what procedure did you follow to change the encapsulation from VXLANCrossSubnet to VXLAN? Did you use the Installation resource, did you edit the IP pools, or did you use FelixConfiguration?

Could you post Felix logs, output of ip route on your nodes and/or pods?

[landryuga]

Thanks for your response.
I edited installation resource. The cluster consists of three nodes: one control plane and two worker nodes. Below are the logs from calico-node on each node, along with the ip route output, and ip route from 1 pod.
calico-node.txt
calico-node2.txt
calico-node3.txt
ip-route.txt