Commits on Sep 15, 2021

1. NodePort, LoadBalancer and ClusterIP full support for AntreaProxy on … …

   …Linux
   
   For NodePort support, an ipset is used to store NodePort IP, port and
   transparent protocol in an entry IP:port,protocol. Then an iptables
   entry is used to match the ipset as destination and perform DNAT with
   a virtual IP. For DNAT'd packets, a routing entry is used to route
   them to Antrea gateway.
   
   For LoadBalancer support, a routing entry will be created for every
   ingress IP to route the packets from remote or localhost to Antrea
   gateway.
   
   For ClusterIP support, a routing entry is always used to route the
   packets of all ClusterIPs to Antrea gateway. when a new ClusterIP is
   created, the destination IP block of the routing entry might be
   extended to include the ClusterIP address.
   
   To support the Service traffic of above cases, the main changes of
   OVS pipeline include:
   - Change table serviceHairpinTable ID from 29 to 23.
   - Change table hairpinSNATTable ID from 106 to 108.
   - Add table serviceConntrackTable 24 to transform SNAT'd connections.
   - Add table serviceClassifierTable 35 to classify Service traffic.
   - Add table serviceConntrackCommitTable 106 to perform SNAT for Service
     traffic.
   
   Signed-off-by: Hongliang Liu <[email protected]>
   Co-authored-by: Weiqiang Tang <[email protected]>

   

   hongliangl and weiqiangt committed Sep 15, 2021
   Configuration menu

   • View commit details
   • Copy full SHA for c3705b8
   • Browse repository at this point

   Copy the full SHA

   c3705b8 View commit details

   Browse the repository at this point in the history