Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consistent behaviour of Egress with and without ExternalIPPool #6661

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Consistent behaviour of Egress with and without ExternalIPPool #6661

wants to merge 1 commit into from

Conversation

KMAnju-2021
Copy link
Contributor

Closes: #6228

@KMAnju-2021 KMAnju-2021 marked this pull request as draft September 10, 2024 04:41
@KMAnju-2021 KMAnju-2021 changed the title Static egress and egress with externalippool behavior should be consistent for external traffic Consistent behaviour of Egress with and without ExternalIPPool Sep 10, 2024
@rajnkamr rajnkamr added the area/transit/egress Issues or PRs related to Egress (SNAT for traffic egressing the cluster). label Sep 10, 2024
@rajnkamr rajnkamr added this to the Antrea v2.2 release milestone Sep 10, 2024
@tnqn
Copy link
Member

tnqn commented Sep 10, 2024

Not sure what issues the PR is trying to resolve but the approach is not right for any problem.

  1. We've never asked Egress IP to be pingable.
  2. We've never asked Egress IP to be configured on node interface before it can be used for Egress IP. They can be done by the opposite order.
  3. Testing an IP's reachability in a control-plane component is rarely a good idea.

@KMAnju-2021
Copy link
Contributor Author

KMAnju-2021 commented Sep 11, 2024
edited
Loading

Not sure what issues the PR is trying to resolve but the approach is not right for any problem.

  1. We've never asked Egress IP to be pingable.
  2. We've never asked Egress IP to be configured on node interface before it can be used for Egress IP. They can be done by the opposite order.
  3. Testing an IP's reachability in a control-plane component is rarely a good idea.

@tnqn trying to resolve issue linked with PR:
For Egress with ExternalIPPool, when EgressIP isn't assigned to any Node, Egress is not applied to Pod. Pod to external traffic goes via host NodeIP SNAT (Normal encap mode). But this is not the case for static Egress, when EgressIP isn't available on any Node, still Egress is applicable to Pod and Pod to external traffic is unsuccessful behaviour should be consistent for Both the cases.

@tnqn
Copy link
Member

tnqn commented Sep 11, 2024

@tnqn trying to resolve issue linked with PR:
For Egress with ExternalIPPool, when EgressIP isn't assigned to any Node, Egress is not applied to Pod. Pod to external traffic goes via host NodeIP SNAT (Normal encap mode). But this is not the case for static Egress, when EgressIP isn't available on any Node, still Egress is applicable to Pod and Pod to external traffic is unsuccessful behaviour should be consistent for Both the cases.

But I don't see how the PR unifies the behavior when EgressIP isn't available and it breaks the usage of static Egress in an unreliable way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rajnkamr rajnkamr rajnkamr left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
area/transit/egress Issues or PRs related to Egress (SNAT for traffic egressing the cluster).
Projects
None yet
Milestone
Antrea v2.3 release
Development

Successfully merging this pull request may close these issues.

Record Status when EgressIP is not available on any Node incase of static Egress
3 participants
@KMAnju-2021 @tnqn @rajnkamr