datapath: fix NodePort to remote hostns backend with tunnel config by julianwiedmann · Pull Request #22738 · cilium/cilium

julianwiedmann · 2022-12-14T16:00:59Z

When forwarding external service requests to a remote backend in
hostNetwork, the NodePort code in tail_nodeport_nat_egress_ipv4() doesn't
redirect into the tunnel (as it's effectively a host-to-host connection).

Therefore it uses IPV4_DIRECT_ROUTING as src address. So if we're not
populating IPV4_DIRECT_ROUTING, such forwarded requests end up being SNATed
with 0.0.0.0.

Fixes: #22557
Fixes: 5283ec9 ("datapath: Introduce DirectRoutingDeviceRequired helper")
Signed-off-by: Julian Wiedmann jwi@isovalent.com

julianwiedmann · 2022-12-14T16:29:16Z

/test

julianwiedmann · 2022-12-15T08:38:19Z

/test-runtime

julianwiedmann · 2022-12-15T10:22:12Z

/test-runtime

julianwiedmann · 2022-12-15T12:30:28Z

/test-runtime

github-actions · 2023-01-15T02:01:16Z

This pull request has been automatically marked as stale because it
has not had recent activity. It will be closed if no further activity
occurs. Thank you for your contributions.

github-actions · 2023-01-29T02:02:10Z

This pull request has not seen any activity since it was marked stale.
Closing.

michaelasp · 2023-03-16T16:49:44Z

Hey @julianwiedmann, is this change still valid? This issue has been affecting us for a while now, so just wondering if we can reopen this. Thanks!

When forwarding external service requests to a remote backend in hostNetwork, the NodePort code in tail_nodeport_nat_egress_ipv4() doesn't redirect into the tunnel (as it's effectively a host-to-host connection). Therefore it uses IPV4_DIRECT_ROUTING as src address. So if we're not populating IPV4_DIRECT_ROUTING, such forwarded requests end up being SNATed with 0.0.0.0. Fixes: cilium#22557 Fixes: 5283ec9 ("datapath: Introduce DirectRoutingDeviceRequired helper") Signed-off-by: Julian Wiedmann <jwi@isovalent.com>

julianwiedmann · 2023-03-20T15:24:18Z

Hey @julianwiedmann, is this change still valid? This issue has been affecting us for a while now, so just wondering if we can reopen this. Thanks!

Heya @michaelasp - yeah sorry, lost track of this :/. IIRC the change was hitting troubles in the agent tests (as it was now expecting the direct-routing device to be defined in a lot more tests). Discussed with @joamaki what would need to change there, but never got to it... want to give it a shot?

I actually just hit the same problem in a different PR (your timing is spot-on 😄), so hoping we can get this fixed 👍 .

julianwiedmann · 2023-03-20T15:24:47Z

/test-runtime

shen-cloud · 2023-03-28T21:28:36Z

Hi @julianwiedmann, do you have any updates on this commit? Looks like the unit test is failing.

julianwiedmann · 2023-03-29T07:11:55Z

Hi @julianwiedmann, do you have any updates on this commit? Looks like the unit test is failing.

Yes, that's the fallout in agent tests I mentioned in my previous comment.

github-actions · 2023-05-19T01:54:23Z

This pull request has been automatically marked as stale because it
has not had recent activity. It will be closed if no further activity
occurs. Thank you for your contributions.

github-actions · 2023-06-02T02:03:51Z

This pull request has not seen any activity since it was marked stale.
Closing.

qmonnet · 2023-06-09T10:02:01Z

Removing backport labels from closed PR, please re-add if you reopen this.

michaelasp · 2023-07-21T22:08:27Z

Hey @julianwiedmann, with the pr being closed, I assume the issue is still present? I remember that due to test issues it was sidelined. I'd be more than happy to take on the work of trying to fix this if necessary :)

julianwiedmann · 2023-07-25T14:00:35Z

Hey @julianwiedmann, with the pr being closed, I assume the issue is still present? I remember that due to test issues it was sidelined. I'd be more than happy to take on the work of trying to fix this if necessary :)

That would be great @michaelasp ! I honestly don't know at what point I would find the cycles to get this wrapped up :/.

michaelasp · 2023-07-26T21:58:37Z

Sounds good! I'll try and get a PR out in the next couple weeks.

maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Dec 14, 2022

julianwiedmann added kind/bug This is a bug in the Cilium logic. area/datapath Impacts bpf/ or low-level forwarding details, including map management and monitor messages. release-note/bug This PR fixes an issue in a previous release of Cilium. labels Dec 14, 2022

maintainer-s-little-helper bot added dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. and removed dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Dec 14, 2022

julianwiedmann force-pushed the nodeport-remote-hostns-tunnel branch from 0b6e77f to 7f165a7 Compare December 15, 2022 08:20

julianwiedmann added needs-backport/1.12 labels Dec 15, 2022

julianwiedmann force-pushed the nodeport-remote-hostns-tunnel branch from c0010a5 to 6cccf16 Compare December 15, 2022 11:50

github-actions bot added the stale The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale. label Jan 15, 2023

github-actions bot closed this Jan 29, 2023

julianwiedmann reopened this Mar 20, 2023

julianwiedmann force-pushed the nodeport-remote-hostns-tunnel branch from 66c288b to 76837ea Compare March 20, 2023 15:20

julianwiedmann force-pushed the nodeport-remote-hostns-tunnel branch from 6cccf16 to 66c288b Compare March 20, 2023 15:24

julianwiedmann mentioned this pull request Mar 20, 2023

add native tunnel encapsulation support for the XDP Loadbalancer #24422

Merged

github-actions bot removed the stale The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale. label Mar 21, 2023

github-actions bot added the stale The stale bot thinks this issue is old. Add "pinned" label to prevent this from becoming stale. label May 19, 2023

github-actions bot closed this Jun 2, 2023

qmonnet removed needs-backport/1.12 labels Jun 9, 2023

michaelasp mentioned this pull request Aug 1, 2023

datapath: fix NodePort to remote hostns backend with tunnel config #27197

Closed

michaelasp mentioned this pull request Aug 7, 2023

datapath: fix NodePort to remote hostns backend with tunnel config #27323

Merged

Conversation

julianwiedmann commented Dec 14, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

julianwiedmann commented Dec 14, 2022

Uh oh!

julianwiedmann commented Dec 15, 2022

Uh oh!

julianwiedmann commented Dec 15, 2022

Uh oh!

julianwiedmann commented Dec 15, 2022

Uh oh!

github-actions bot commented Jan 15, 2023

Uh oh!

github-actions bot commented Jan 29, 2023

Uh oh!

michaelasp commented Mar 16, 2023

Uh oh!

julianwiedmann commented Mar 20, 2023

Uh oh!

julianwiedmann commented Mar 20, 2023

Uh oh!

shen-cloud commented Mar 28, 2023

Uh oh!

julianwiedmann commented Mar 29, 2023

Uh oh!

github-actions bot commented May 19, 2023

Uh oh!

github-actions bot commented Jun 2, 2023

Uh oh!

qmonnet commented Jun 9, 2023

Uh oh!

michaelasp commented Jul 21, 2023

Uh oh!

julianwiedmann commented Jul 25, 2023

Uh oh!

michaelasp commented Jul 26, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

11 participants

julianwiedmann commented Dec 14, 2022 •

edited

Loading