Add OVS flows for implementing Egress #1969
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jianjuns
force-pushed
the
egress-flow
branch
2 times, most recently
from
e9716c6 to
495dba8
Compare
5 tasks
Codecov Report
@@ Coverage Diff @@
## main #1969 +/- ##
==========================================
+ Coverage 65.05% 65.21% +0.15%
==========================================
Files 195 197 +2
Lines 16882 17275 +393
==========================================
+ Hits 10983 11266 +283
- Misses 4729 4836 +107
- Partials 1170 1173 +3
Flags with carried forward coverage won't be shown. Click here to find out more.
|
tnqn
reviewed
Mar 18, 2021
pkg/agent/openflow/client.go
Outdated
| func (c *client) InstallPodSNATFlows(ofPort uint32, snatMark uint32, isIPv6 bool) error { | ||
| c.replayMutex.RLock() | ||
| defer c.replayMutex.RUnlock() | ||
| flows := make([]binding.Flow, 0, 2) |
There was a problem hiding this comment.
why make it 2? I see only one flow
There was a problem hiding this comment.
Fixed it.
Originally I thought we might need to add a flow for both v4 and v6 in the dual stack case.
pkg/agent/openflow/client_windows.go
Outdated
| @@ -39,13 +38,13 @@ func (c *client) InstallLoadBalancerServiceFromOutsideFlows(svcIP net.IP, svcPor | |||
| defer c.replayMutex.RUnlock() | |||
| var flows []binding.Flow | |||
| flows = append(flows, c.loadBalancerServiceFromOutsideFlow(svcIP, svcPort, protocol)) | |||
| cacheKey := fmt.Sprintf("L%s%s%x", svcIP, protocol, svcPort) | |||
| cacheKey := fmt.Sprintf("LoadBalancerService_%s_%d_%s", svcIP, svcPort, protocol) | |||
There was a problem hiding this comment.
This one and another error were introduced by rebasing. Thanks for pointing out.
jianjuns
force-pushed
the
egress-flow
branch
7 times, most recently
from
d4527a7 to
57615a9
Compare
tnqn
reviewed
Mar 24, 2021
pkg/agent/openflow/client.go
Outdated
| // which set the SNAT IP mark on the packets from the ofPort to external. | ||
| // As of now, a Pod can be configured with a single SNAT IP in a single | ||
| // address family (IPv4 or IPv6). | ||
| InstallPodSNATFlows(ofPort uint32, snatMark uint32, isIPv6 bool) error |
There was a problem hiding this comment.
You are right! I missed the flow. Added it.
jianjuns
force-pushed
the
egress-flow
branch
3 times, most recently
from
680eae2 to
93b50a9
Compare
Add flows that set pkt_mark for egress traffic that should be SNAT'd using a SNAT IP, including egress traffic from a local Pod to which the Egress is applied, and traffic from a remote Node that is tunnelled to the egress Node with the SNAT IP; and flows that tunnel egress traffic to the remote Node, when the SNAT IP for the traffic is on the local Node. Each SNAT IP on the Node will be allocated with a unique integer ID, which is set to the pkt_mark, and so the SNAT implementation can look up the right SNAT IP from the pkt_mark. On Linux, SNAT will be implemented by iptables SNAT rules; on Windows, SNAT is implemented by OVS NAT.
jianjuns
force-pushed
the
egress-flow
branch
2 times, most recently
from
b42e93f to
4fa781e
Compare
|
/test-all |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add flows that set pkt_mark for egress traffic that should be SNAT'd
using a SNAT IP, including egress traffic from a local Pod to which the
Egress is applied, and traffic from a remote Node that is tunnelled to
the egress Node with the SNAT IP.
Each SNAT IP on the Node will be allocated with a unique integer ID,
which is set to the pkt_mark, and so the SNAT implementation can look
up the right SNAT IP from the pkt_mark. On Linux, SNAT will be
implemented by iptables SNAT rules; on Windows, SNAT is implemented
by OVS NAT.
#1924