Explain the non-transparent mode design decision for TCP/UDP#685
Merged
arkodg merged 6 commits intoenvoyproxy:mainfrom Nov 7, 2022
Merged
Explain the non-transparent mode design decision for TCP/UDP#685arkodg merged 6 commits intoenvoyproxy:mainfrom
arkodg merged 6 commits intoenvoyproxy:mainfrom
Conversation
e5176a0 to
9978254
Compare
Signed-off-by: zhaohuabing <zhaohuabing@gmail.com>
Signed-off-by: zhaohuabing <zhaohuabing@gmail.com>
2ebd836 to
15c4bcc
Compare
Merged
0b52467 to
dbae48c
Compare
Signed-off-by: zhaohuabing <zhaohuabing@gmail.com>
dbae48c to
2e32b1b
Compare
Codecov Report
@@ Coverage Diff @@
## main #685 +/- ##
==========================================
+ Coverage 63.54% 63.73% +0.18%
==========================================
Files 47 47
Lines 5766 5749 -17
==========================================
Hits 3664 3664
+ Misses 1877 1861 -16
+ Partials 225 224 -1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
arkodg
reviewed
Nov 3, 2022
arkodg
reviewed
Nov 3, 2022
arkodg
reviewed
Nov 3, 2022
arkodg
reviewed
Nov 3, 2022
arkodg
reviewed
Nov 3, 2022
arkodg
reviewed
Nov 3, 2022
Signed-off-by: zhaohuabing <zhaohuabing@gmail.com>
arkodg
reviewed
Nov 4, 2022
arkodg
reviewed
Nov 4, 2022
arkodg
previously approved these changes
Nov 4, 2022
Contributor
arkodg
left a comment
There was a problem hiding this comment.
thanks for writing this out, left some nits, overall LGTM
Signed-off-by: zhaohuabing <zhaohuabing@gmail.com>
Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> Signed-off-by: zhaohuabing <zhaohuabing@gmail.com>
Member
Author
@arkodg Thanks for helping me with these technical and grammatical issues. |
arkodg
approved these changes
Nov 5, 2022
danehans
reviewed
Nov 7, 2022
Contributor
danehans
left a comment
There was a problem hiding this comment.
Adding comments that can be resolved in follow-on PR. Overall /lgtm.
| TCP traffic from the downstream to the upstream. | ||
|
|
||
| For UDP, Envoy receives UDP packages from the downstream, and uses its own IP address as the sender IP address when | ||
| proxying the UDP packages to the upstream. |
| For UDP, Envoy receives UDP packages from the downstream, and uses its own IP address as the sender IP address when | ||
| proxying the UDP packages to the upstream. | ||
|
|
||
| In this mode, the upstream will see Envoy's IP address. |
| For TCP, Envoy terminates the downstream connection, connects the upstream with the downstream IP address, and proxies | ||
| the TCP traffic from the downstream to the upstream. | ||
|
|
||
| For UDP, Envoy receives UDP packages from the downstream, and uses the downstream IP address as the sender IP address |
| the TCP traffic from the downstream to the upstream. | ||
|
|
||
| For UDP, Envoy receives UDP packages from the downstream, and uses the downstream IP address as the sender IP address | ||
| when proxying the UDP packages to the upstream. |
| For UDP, Envoy receives UDP packages from the downstream, and uses the downstream IP address as the sender IP address | ||
| when proxying the UDP packages to the upstream. | ||
|
|
||
| In this mode, the upstream will see the original downstream IP address. |
| The upstream can see the original source IP, but the original port number won't be passed, so the return | ||
| traffic from the upstream must be routed back to Envoy because only Envoy knows how to send the return traffic back | ||
| to the right port number of the downstream, which requires routing at the upstream side to be set up. | ||
| In a Kubernetes cluster, Envoy Gateway will have to carefully cooperate with CNI plugins to get the routing right. |
Contributor
There was a problem hiding this comment.
Can you create and link an issue that will be used to capture the details of integrating transparent proxy mode with the kube network.
Member
Author
|
Thank you @danehans for reviewing this. I'll address these comments in another PR. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Explain the non-transparent mode design decision for TCP/UDP
#641