This message was deleted.

what is your secondary CNI plugin?

flannel. what we noticed is that the iptables FORWARD chain has a default policy of DROP. If we changes this default policy to ACCEPT then things started working. now sure how/why the default policy was DROP or if multus should have modified this on deploy.

Multus does not modify anything in the CNI plugin configuration. It is just a multiplexer that tricks Kubernetes into thinking that there is only one CNI plugin, even though there are more than one