This message was deleted.
# general
a
This message was deleted.
b
Not sure this is relevant...
Copy code
nid003207:~ # ipset
ipset v6.36: No command specified.
Try `ipset help' for more information.
c
Copy code
Kernel error received: set type not supported
Looks like your kernel is too old?
b
it is suse enterprise 15.3
but yeah I am checking if I can update ipset to 7.11 or so
c
its not the ipset binary thats the problem
as it says, the kernel doesn’t support the set type that calico wants to use
either that or you’re missing kernel modules, not sure which
can you
modprobe xt_set
?
b
I think so, at leat it does not compalin
c
does that fix the error?
b
let me check
should I kill the calico pod?
c
sure
b
same error
c
interesting
what kernel version are you on?
We test on SLES 15.3 and 15.4 and have not run into that issue
b
Copy code
nid003207:~ # uname -r
5.3.18-150300.59.68_11.0.76-cray_shasta_c
ppl from calico are saying I should update the ipset in my kernel to match the one calico expects
c
that looks like a custom kernel
I suspect that whoever built it didn’t enable all the correct ipset options
If you’re running a custom kernel that’s on you (or your sysadmin) to ensure that it has all the same bits as the default SLES kernel, otherwise things will break
b
yeah
true
c
you might see if canal fares any better but I suspect you’ll run into the same problem
b
mmm I tried cilium and had the same issue, but yeah I can try canal also
first I am trying to update the ipset and see if I get things working
c
its really the kernel and not the binary…
b
with canal works
it is weird because is also shows the same error message
so this tells me the issues is not with ipset when using calico
ipset 7.17 requires kernel >= 3.11 https://ipset.netfilter.org/install.html so my kernel should be ok to run calico
c
right but there are different ipset hash algs and set types, the ipset binary and kernel have to both support the ones that the CNI is trying to use.
the error suggests that the ipset command is OK with it, but the kernel is not
b
ok, let me keep investigating
its is weird canal works however it uses an older version of calico which uses ipset6