GKE Multi-network (Multus + ipvlan L2 + Whereabouts): ARP resolution to gateway in secondary pod range not working

Google Cloud Compute Infrastructure
,
1

Hello,

I am experiencing an issue with ARP resolution on a GKE Standard cluster using multi-networking with Multus, ipvlan (L2 mode), and Whereabouts IPAM, following the official documentation:

https://docs.cloud.google.com/kubernetes-engine/docs/concepts/multus-ipvlan-whereabouts

According to the documentation, ipvlan in L2 mode should provide Layer-2 connectivity on the additional pod network. However, in my environment, ARP resolution for the configured gateway on the secondary network is not completing.

Here’s my environment:

  • GKE multi-network cluster with advanced data_path

  • Secondary VPC attached using additional_node_network_configs and additional_pod_network_configs

  • Secondary VPC - subnet range: 192.168.4.0/24

  • Secondary VPC - Secondary pod range: 100.64.4.0/28

  • Multus with ipvlan in l2 mode

  • Whereabouts IPAM assigning an IP from that range

  • A gateway configured inside the same secondary pod range (e.g. 100.64.4.1)

From inside the pod, ARP for the configured gateway never completes:
arp? (100.64.4.1) at on <secondary-interface>

If I run tcpdump:

Inside the pod:

ARP, Request who-has 100.64.4.1 tell 100.64.4.10

On the node parent interface:

ARP, Request who-has 100.64.4.1 tell 100.64.4.10

Parent interface IP:

4: ens6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc fq state UP group default qlen 1000
link/ether 42:01:c0:a8:04:02 brd ff:ff:ff:ff:ff:ff
altname enp0s6
inet 192.168.4.2/32 metric 100 scope global dynamic ens6
valid_lft 643sec preferred_lft 643sec

So:

  • ARP request is generated by the pod

  • It reaches the node’s parent interface

  • No ARP reply is ever received

Based on the documentation, ipvlan L2 mode should provide Layer-2 connectivity on the additional network, so I expected ARP resolution to work for a gateway IP inside the secondary pod range.

My questions:

  • Is ARP-based gateway resolution inside a secondary pod CIDR supported on GKE when using ipvlan in L2 mode?

  • Does GCP VPC respond to ARP for IPs inside a secondary pod range ?

I just want to confirm whether this behavior is expected due to GCP networking design, or if there’s something misconfigured on my side.

Thanks in advance.
Br,
Amr

2

Seconding these questions.

Followed the same documentation, and pods on different nodes are unable to communicate over the secondary interfaces.

I noticed that pod IPAM is does not match the GKE node Alias IP ranges, is this expected?