Converge cnat refactoring 3.26.2 #750
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We snat when endpoint is not local, no need to do it when it is local. This is for the returned traffic to pass by the node.
It can happen that service IPs are nil when the node does not return an ip6 or an ip4. This patch prevents these making it into the cnat. Signed-off-by: Nathan Skrzypczak <[email protected]>
Signed-off-by: Nathan Skrzypczak <[email protected]>
Signed-off-by: Nathan Skrzypczak <[email protected]>
Signed-off-by: Nathan Skrzypczak <[email protected]>
Signed-off-by: Nathan Skrzypczak <[email protected]>
This reverts commit 8ca9780.
This - Fixes #2 - Fixes #5 Signed-off-by: Nathan Skrzypczak <[email protected]>
Signed-off-by: Nathan Skrzypczak <[email protected]>
A dns issue showed in kind cluster, due to specific iptables rules added by docker. This commit addresses that by adding a feature allowing to redirect some traffic to host, to get it pass through iptables. This is applied to coredns pods. We use some new user config to specify rulesfor this feature. A tag "host" is added to cnat snat poliy feature and we use it for our vpptap0 to disable snat on traffic outgoing through it.
This patch makes the prometheus reporter output metrics for both memif and tuntap when both are configured using PBL in a given pod. Signed-off-by: Nathan Skrzypczak <[email protected]>
This patch adds the ability to configure the polling frequency of prometheus and the port the prometheus server will be listening on and serving metrics under `/metrics`. Signed-off-by: Nathan Skrzypczak <[email protected]>
Signed-off-by: Nathan Skrzypczak <[email protected]>
Signed-off-by: Nathan Skrzypczak <[email protected]>
This patch adds a prometheusEnabled feature gate under CALICOVPP_FEATURE_GATES to allow disabling the prometheus exporter if needed. Signed-off-by: Nathan Skrzypczak <[email protected]>
This patch enables IP neighbor aeging in VPP, defaulting to a 30sec
renewal. IP neighbors older than 30s will trigger an ARP request
or be retired.
This patch also marks the static neighbors we require as static so
that they are not subject to aeging.
This addresses an issue in Cloud environment where nodes or peer VMs
are recreated, keeping the same IP but changing the associated MAC
without triggering a gratuitous ARP. When this happens, VPP keeps the
old MAC entry indefinitely and traffic to said node is blackholed.
This can be configured using
```
CALICOVPP_INITIAL_CONFIG={
"ip4NeighborsMaxNumber": 50000,
"ip6NeighborsMaxNumber": 50000,
"ip4NeighborsMaxAge": 30,
"ip6NeighborsMaxAge": 30
}
```
Signed-off-by: Nathan Skrzypczak <[email protected]>
Signed-off-by: Nathan Skrzypczak <[email protected]>
hedibouattour
force-pushed
the
converge-cnat-refactoring-3.26.2
branch
from
7f61fa5 to
2783aa7
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.