Ip assignment for Windows Pods with Calico CNI

Hello,

We are developing a POC of a hybrid EKS cluster with nodes in Linux and Windows.
For the Cluster networking, we are using Calico CNI, but we are having problems configuring those Windows nodes. We’ve followed Tigera official documentation. The big issue here is the pods created on the Windows nodes are assigned with IPs from the VPC network range and not from the Calico network.
Therefore those pods do not have connectivity with the pods inside the Calico network.
However, the pods inside the Calico network do have connectivity to the Windows pods.
e.g: calicoctl get ippool -o wide

NAME : default-ipv4-ippool 
CIDR: 172.16.0.0/16 NAT: true 
IPIPMODE: Never 
VXLANMODE: Always 
DISABLED: false 
DISABLEBGPEXPORT: false 
SELECTOR: all()

calicoctl get ippool -o wide

+----------+----------------+-----------+------------+--------------+ | 
| GROUPING | CIDR | IPS TOTAL | IPS IN USE | IPS FREE 
|+----------+----------------+-----------+------------+--------------+ | 
| IP Pool  | 172.16.0.0/16   | 65536 | 7 (0%)  | 65529 (100%) | 
| Block    | 172.16.24.0/26  | 64    | 7 (11%) | 57 (89%)     | 
+----------- +----------------+-----------+------------+--------------+

Windows node:

• ip: 10.0.2.203
• OS Image: Windows Server 2019 Datacenter
• Container-Runtime: containerd://1.6.6

IIS Pod Ip - 10.0.2.203

Linux node:

• ip: 10.0.3.65
• OS Image: Bottlerocket OS 1.14.3 (aws-k8s-1.25)
• Container-Runtime: containerd://1.6.20+bottlerocket

NGINX Pod Ip - 172.16.24.8

We test the conectivy with this deployments:
app/netshoot.yml
app/stack-iis.yml
app/stack-nginx.yml

deploy apps and test connectivity

# deploy nginx stack to Linux host
kubectl apply -f app/stack-nginx.yml
# deploy iis stack to Windows host
kubectl apply -f app/stack-iis.yml
# deploy utility pod
kubectl apply -f app/netshoot.yml
# connect to utility pod and test connectivity
kubectl exec -it netshoot -- bash
# resolve dns
nslookup nginx-svc
nslookup iis-svc
# curl apps
curl -Is http://nginx-svc | grep -i http
curl -Is http://iis-svc | grep -i http
exit
#############################################
# one-liners to test the network connectivity
#############################################
# test service DNS resolution and curl Nginx endpoint
kubectl exec -t netshoot -- sh -c 'SVC=nginx-svc; nslookup $SVC; curl -m 5 -sI http://$SVC 2>/dev/null | grep -i http'
# test service DNS resolution and curl IIS endpoint
kubectl exec -t netshoot -- sh -c 'SVC=iis-svc; nslookup $SVC; curl -m 5 -sI http://$SVC 2>/dev/null | grep -i http'
# connecto to iis pod and test connectivity to nginx pod
IIS_POD=$(kubectl get pod -l run=iis -o jsonpath='{.items[*].metadata.name}')
# kubectl exec -it $IIS_POD -- powershell
# resolve DNS and test connectivity
kubectl exec -t $IIS_POD -- powershell -command 'Resolve-DnsName -Name nginx-svc'
# NOTE: make sure to use Windows Server 1903+ to curl other kube services from Windows PODs
# test nginx pod port access
kubectl exec -t $IIS_POD -- powershell -command 'Test-NetConnection -ComputerName nginx-svc -Port 80'
# curl nginx service
kubectl exec -t $IIS_POD -- powershell -command 'iwr -UseBasicParsing  -TimeoutSec 5 http://nginx-svc'

can you help me? I am using Kubernetes EKS 1.25 with Calico 3.26

I strongly recommend coming to the Calico slack (https://slack.projectcalico.org/ for an invite) so that we can help with this. This discussion board is not very active, I’m afraid.