Conversation
Add a simple --enable-ipip-termination option for the agent which
creates the cilium_ipip{4,6} devices similarly as with lb-only mode,
but for the purpose that this does a straight-forward ipip decap for
incoming packets. All are in remote any local any. bpf_netdev pushes
these packets up the stack into the respective ipip devices which do
plain decap, and then travel further up into a corresponding socket.
[...]
5159: cilium_ipip4@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/ipip 0.0.0.0 brd 0.0.0.0 promiscuity 0 minmtu 0 maxmtu 0
ipip external ipip remote any local any ttl inherit pmtudisc addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
5160: cilium_ip6tnl@NONE: <NOARP> mtu 1452 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/tunnel6 :: brd :: permaddr 7e74:1189:d86c:: promiscuity 0 minmtu 68 maxmtu 65407
ip6tnl ip6ip6 remote any local any hoplimit inherit encaplimit 0 tclass 0x00 flowlabel 0x00000 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
5161: cilium_ipip6@NONE: <NOARP,UP,LOWER_UP> mtu 1452 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/tunnel6 :: brd :: permaddr a28:8495:68b8:: promiscuity 0 minmtu 68 maxmtu 65407
ip6tnl external any remote any local any hoplimit inherit encaplimit 0 tclass 0x00 flowlabel 0x00000 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
4994: cilium_tunl@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0 promiscuity 0 minmtu 0 maxmtu 0
ipip any remote any local any ttl inherit nopmtudisc numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
[...]
Signed-off-by: Daniel Borkmann <[email protected]>
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
borkmann
added
the
release-note/misc
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-release-note-label
borkmann
added
area/datapath
borkmann
requested review from
mhofstetter
and removed request for
lmb and
nathanjsweet
Member
Author
|
/test |
mhofstetter
approved these changes
Mar 7, 2024
borkmann
added
the
ready-to-merge
maintainer-s-little-helper
bot
removed
the
ready-to-merge
3 tasks
gyutaeb
added a commit
to gyutaeb/cilium
that referenced
this pull request
Nov 22, 2024
When ENABLE_EXTLB_IPIP_TERMINATION is used as a build flag, cil_from_netdev() decapsulate ipip tunnel traffic. The goal of this decapsulation is cilium's kube-proxy can handle ipip tunnel traffic. A test verifies that ENABLE_EXTLB_IPIP_TERMINATION works as expected. It creates an IPIP tunnel packet between loadbalancer and node. And verifies that the packet is correctly terminated in cil_from_netdev. Note: This feature is expected to be deprecated in the future by cilium#31213 Signed-off-by: Gyutae Bae <[email protected]>
gyutaeb
added a commit
to gyutaeb/cilium
that referenced
this pull request
Nov 22, 2024
When ENABLE_EXTLB_IPIP_TERMINATION is used as a build flag, cil_from_netdev() decapsulate ipip tunnel traffic. The goal of this decapsulation is cilium's kube-proxy can handle ipip tunnel traffic. A test verifies that ENABLE_EXTLB_IPIP_TERMINATION works as expected. It creates an IPIP tunnel packet between loadbalancer and node. And verifies that the packet is correctly terminated in cil_from_netdev. Note: This feature is expected to be deprecated in the future by cilium#31213 Signed-off-by: Gyutae Bae <[email protected]>
gyutaeb
added a commit
to gyutaeb/cilium
that referenced
this pull request
Nov 25, 2024
When ENABLE_EXTLB_IPIP_TERMINATION is used as a build flag, cil_from_netdev() decapsulate ipip tunnel traffic. The goal of this decapsulation is cilium's kube-proxy can handle ipip tunnel traffic. A test verifies that ENABLE_EXTLB_IPIP_TERMINATION works as expected. It creates an IPIP tunnel packet between loadbalancer and node. And verifies that the packet is correctly terminated in cil_from_netdev. Note: This feature is expected to be deprecated in the future by cilium#31213 Signed-off-by: Gyutae Bae <[email protected]>
8 tasks
8 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
(see commit desc)