Hi

I have Rancher v2.5 cluster deployed in IaaS enviroment with 2 workers servers. My appls are workinf fine, but when I apply my networkpolicy to control the traffic between namespaces, the access to my application from outside my cluster is slow.

My networkpoliy slows down traffic to access my applications.

I have network pluging "Canal", is a project that combines Flannel and [Calico] for CNI Networking. It uses Flannel for networking pod traffic between hosts via VXLAN and Calico for network policy enforcement and pod to pod traffic.

This is the log from my canal pod:

I0210 13:18:46.142177 1 main.go:651] Determining IP address of default interface
I0210 13:18:46.142947 1 main.go:698] Using interface with name ens160 and address 10.53.137.37
I0210 13:18:46.142970 1 main.go:720] Defaulting external address to interface address (10.53.137.37)
I0210 13:18:46.142975 1 main.go:733] Defaulting external v6 address to interface address ()
I0210 13:18:46.143026 1 vxlan.go:137] VXLAN config: VNI=1 Port=0 GBP=false Learning=false DirectRouting=false
I0210 13:18:46.143464 1 kube.go:339] Setting NodeNetworkUnavailable
I0210 13:18:46.177745 1 main.go:408] Current network or subnet (10.42.0.0/16, 10.42.3.0/24) is not equal to previous one (0.0.0.0/0, 0.0.0.0/0), trying to recycle old iptables rules
I0210 13:18:46.206318 1 iptables.go:240] Deleting iptables rule: -s 0.0.0.0/0 -d 0.0.0.0/0 -j RETURN
I0210 13:18:46.208227 1 iptables.go:240] Deleting iptables rule: -s 0.0.0.0/0 ! -d 224.0.0.0/4 -j MASQUERADE --random-fully