Calico Calico BGP peer not reachable.

Network connectivity issues or incorrect BGP configuration.

Understanding Calico and Its Purpose

Calico is a powerful open-source networking and network security solution for containers, virtual machines, and native host-based workloads. It is designed to provide scalable and efficient networking for cloud-native applications. Calico uses a pure Layer 3 approach to networking, which simplifies the network architecture and enhances performance. One of its key features is the use of Border Gateway Protocol (BGP) to distribute routing information, enabling seamless integration with existing network infrastructure.

Identifying the Symptom: BGP Peer Not Reachable

When working with Calico, you might encounter an issue where a BGP peer is not reachable. This symptom is typically observed when there is a failure in establishing a BGP session between Calico nodes or between a Calico node and an external BGP peer. The error message might appear in the logs as CALICO-1022 or similar, indicating a connectivity problem.

Exploring the Issue: CALICO-1022

The error code CALICO-1022 signifies that Calico is unable to reach a configured BGP peer. This issue can arise due to several reasons, such as network connectivity problems, incorrect BGP configuration, or firewall rules blocking BGP traffic. Understanding the root cause is crucial for resolving the issue effectively.

Common Causes of BGP Peer Unreachability

  • Network connectivity issues between the nodes.
  • Incorrect BGP configuration settings.
  • Firewall rules blocking BGP traffic (TCP port 179).

Steps to Resolve the BGP Peer Not Reachable Issue

To resolve the CALICO-1022 issue, follow these detailed steps:

Step 1: Verify Network Connectivity

Ensure that there is network connectivity between the Calico node and the BGP peer. You can use the ping command to test connectivity:

ping <BGP_PEER_IP>

If the ping fails, check the network configuration and routing tables to ensure proper connectivity.

Step 2: Check BGP Configuration

Review the BGP configuration on the Calico node. Ensure that the BGP peer IP address, AS number, and other settings are correctly configured. You can view the BGP configuration using the following command:

calicoctl node status

Refer to the Calico BGP Configuration Guide for detailed configuration instructions.

Step 3: Inspect Firewall Rules

Ensure that firewall rules are not blocking BGP traffic. BGP uses TCP port 179, so verify that this port is open on both the Calico node and the BGP peer. You can use the following command to check firewall rules:

iptables -L -n | grep 179

Adjust the firewall rules if necessary to allow BGP traffic.

Step 4: Review Logs for Additional Clues

Check the Calico logs for any additional error messages or warnings that might provide more context about the issue. Logs can be accessed using:

kubectl logs -n calico-system <calico-node-pod>

Look for any specific error messages related to BGP connectivity.

Conclusion

By following these steps, you should be able to diagnose and resolve the CALICO-1022 issue related to BGP peer unreachability in Calico. Ensuring proper network connectivity, correct BGP configuration, and open firewall ports are key to maintaining a stable BGP session. For more information, visit the Calico Documentation.

Master

Calico

in Minutes — Grab the Ultimate Cheatsheet

(Perfect for DevOps & SREs)

Most-used commands
Real-world configs/examples
Handy troubleshooting shortcuts
Your email is safe with us. No spam, ever.

Thankyou for your submission

We have sent the whitepaper on your email!
Oops! Something went wrong while submitting the form.

Calico

Cheatsheet

(Perfect for DevOps & SREs)

Most-used commands
Your email is safe with us. No spam, ever.

Thankyou for your submission

We have sent the whitepaper on your email!
Oops! Something went wrong while submitting the form.

MORE ISSUES

Calico Calico node unable to access specific BGP attribute.
Misconfiguration or inaccessibility of the BGP attribute.
Calico Calico node unable to access specific BGP policy.
BGP policy configuration is incorrect or unreachable.
Calico Calico node unable to access specific VLAN.
VLAN configuration issues or network reachability problems.
Calico Calico node unable to access specific BGP community.
Misconfiguration or network reachability issues with the BGP community.
Calico Calico node unable to access specific BGP route.
Misconfiguration in BGP route settings or network reachability issues.
Calico Calico node unable to access specific BGP peer.
BGP peer configuration is incorrect or the peer is unreachable.
Calico Calico node unable to access specific VRF.
VRF configuration is incorrect or the VRF is not reachable.
Calico Calico node unable to access specific AS number.
AS number configuration is incorrect or unreachable.
Calico Calico node unable to access specific CIDR range.
Incorrect CIDR range configuration or network reachability issues.
Calico Calico node unable to access specific interface.
Interface configuration issues.
Calico Calico node unable to access specific gateway.
Gateway configuration issues or network reachability problems.
Calico Calico node unable to access specific route.
Route configuration may be incorrect or the route may not be reachable.
Calico Calico node unable to access specific subnet.
Subnet configuration issues or network reachability problems.
Calico Calico node unable to access specific IP address.
IP address configuration issue or network reachability problem.
Calico Calico node unable to access specific endpoint.
The endpoint configuration may be incorrect or the endpoint may not be reachable.
Calico Calico node unable to access specific pod.
Pod configuration issues or network policy misconfigurations.
Calico Calico node unable to access specific namespace.
Namespace configuration issues or access restrictions.
Calico Calico node unable to access specific service.
Service configuration issues or network policies blocking access.
Calico Calico node unable to access internal network.
Network policies and routing configurations may be misconfigured, preventing internal access.
Calico Calico node unable to access cloud metadata service.
Network misconfiguration preventing access to the cloud metadata service.
Calico Calico node unable to access etcd.
Network connectivity issues or etcd service not running.
Calico Calico node unable to access external network.
Network policies and routing configurations may be blocking external access.
Calico Calico node experiencing high CPU usage.
High CPU usage can be caused by various factors such as misconfiguration, resource constraints, or excessive network traffic.
Calico Calico node experiencing high memory usage.
High memory usage can be caused by various factors such as misconfiguration, resource-intensive workloads, or memory leaks.
Calico Calico node unable to access Kubernetes API.
Network connectivity issues or misconfiguration preventing access to the Kubernetes API server.
Calico Calico node is experiencing connectivity issues due to time synchronization problems.
The Calico node has incorrect time settings, leading to potential connectivity and synchronization issues.
Calico Calico node unable to join cluster.
Network configuration issues preventing node communication.
Calico Calico BGP peer not reachable.
Network connectivity issues or incorrect BGP configuration.
Calico Calico IP pool incorrectly configured.
The IP pool configuration does not match the desired CIDR range.
Calico Calico node unable to reach API server.
Network connectivity issues or API server is not accessible from the node.
Calico Calico node unable to resolve DNS.
Calico node lacks proper DNS configuration or access to a DNS server.
Calico IP address conflict detected.
Conflicting IP allocations in the network.
Calico Calico metrics not available.
Metrics server not running or misconfigured.
Calico CALICO-1017
Calico version mismatch across nodes.
Calico Network policy not enforced.
Network policy is incorrectly defined or the policy controller is not running.
Calico VXLAN mode not working.
Incorrect VXLAN configuration or unsupported network infrastructure.
Calico Calico node pods stuck in CrashLoopBackOff.
Calico node pods are unable to start due to insufficient resources or configuration errors.
Calico IPAM block not released.
CALICO-1013: IPAM block not released.
Calico Node-to-node mesh not functioning.
BGP configurations are incorrect or node-to-node mesh is not enabled.
Calico Calicoctl command fails with authentication error.
Incorrect credentials or insufficient permissions for accessing the datastore.
Calico Service IPs not reachable.
Check kube-proxy configuration and ensure Calico is correctly handling service IPs.
Calico Calico CNI plugin not found.
The Calico CNI plugin is not installed or configured correctly on the node.
Calico Packet drops observed in the network.
MTU mismatch causing packet drops.
Calico IP-in-IP encapsulation not working.
IP-in-IP configuration is not enabled on all nodes.
Calico IP pool is exhausted.
The IP pool configured in Calico has run out of available IP addresses.
Calico Datastore connection failure.
Incorrect datastore configuration or network issues preventing access.
Calico Felix is not running.
Felix is not running due to misconfiguration or errors in the logs.
Calico Policy not applied to workload.
Policy not applied to workload.
Calico BGP session is not established.
Incorrect BGP configuration or unreachable peer IPs.
Calico Calico node is not ready.
The calico-node pod is not functioning correctly, possibly due to network connectivity issues.

Backed by

Platform

AI OpsAlert Grouping & De-DuplicationPlayBooksKubernetes Bot

Resources

DocumentationFun For DevsBlog

Contact

Contact UsAbout UsCareersTerms and ConditionsPrivacy PolicyShipping & and Delivery PolicyCancellation & Refund Policy

Connect

Slack CommunityGithubLinkedInX (Twitter)
Made with ❤️ in Bangalore & San Francisco 🏢

Doctor Droid