Unable to setup calico Network Policy for multi-interface pod (multus)

Hello,

We have setup our K8s Cluster on OpenStack environment using stacks. Our requirement is to have multiple interfaces so we are using multus CNI which further uses Calico CNI as primary networking plugin.

Now with this configuration when I try to setup NetworkPolicy based on a namespace then it works perfectly for the default eth0 interface but the policy rules are not applied to other interfaces created by multus i.e. net0, net1 etc (mapped to eth1, eth2… inside the Pod)

I am testing with a basic deny all NetworkPolicy:

apiVersion: projectcalico.org/v3
kind: NetworkPolicy
metadata:
  name: default-deny
  namespace: development
spec:
  selector: all()
  types:
  - Ingress
  - Egress

When I try to test with s simple ICMP ping. The policy is working for the default interface

bash-4.2# ping 192.153.4.238
PING 192.153.4.238 (192.153.4.238) 56(84) bytes of data.
^C
--- 192.153.4.238 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3076ms

But it doesn’t seem to work for additional interfaces in the same Pod

bash-4.2# ping 192.145.7.137
PING 192.145.7.137 (192.145.7.137) 56(84) bytes of data.
64 bytes from 192.145.7.137: icmp_seq=1 ttl=64 time=1.38 ms
64 bytes from 192.145.7.137: icmp_seq=2 ttl=64 time=0.680 ms
64 bytes from 192.145.7.137: icmp_seq=3 ttl=64 time=0.507 ms
^C
--- 192.145.7.137 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2036ms
rtt min/avg/max/mdev = 0.507/0.855/1.380/0.378 ms

Can anyone please suggest if anything is missing or is this an expected behaviour?

Regards
Deepak