This message was deleted.

Is your management address on a VLAN? Are the guests on a VLAN?

Both Harvester mgmt VIP and guest cluster nodes are homed on VLANs. The harvester nodes providing the mgmt VIP are on VLAN 30. Their packets are tagged by PVID on the switch. The guest cluster nodes are in VLAN 40 and the switch port trunks packets that are tagged 40. There doesn't seem to be an issue with forwarding between VLANs because clients and servers are connecting in both directions, and icmp echo works. I've traced the packet from the guest cluster node's veth device on the Harvester node to Harvester's ingress-nginx pods on all three nodes. I'm unsure why it's apparently dropped there, but the the SYN is never acknowledged.