OKD4.9 - Heavily disturbed connections to apps from private network - all fine, when using proxy

[haukec]

Hi there,

just installed a fresh OKD4.9 (3 Controller, 4 Computes) in my Proxmox-cluster (7.1-10). In front of OKD, there is a pfSense with HAProxy configured to forward requests incoming on port 80 and 443 in tcp-mode to the compute-nodes. Health-checks are set to "basic". The pfSense has a public IPv4 address.

I can connect to my console or to any deployed application with a properly configured route, as expected, but: When I do so from my private (home) network, a lot of requests are answered with a huge (>30 sec.) delay. It does not make any difference, if I use a browser or directly cUrl to the application endpoint - most of the requests are answered with above mentioned huge delay.

As soon as I use a SOCKS5-Proxy (ssh -D to a VM with a public IPv4 address, located at another provider), everything works seamlessly with response times of <250ms.

I know, that my provider at home uses DS-Lite for handling IPv4-traffic, so my router only has an IPv6-address. Not sure, if that has anything to do with it.

If I tcpdump on the pfSense (HA-Proxy), I can definitely see replies coming from the Compute nodes, so the problem probably is either on the pfSense itself or somewhere in front of it.

Since I am really out of ideas, I put my hope on this forum. Can anyone give me a hint on where to look at?

Kind regards,
Hauke