Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support nonMasqueradeCIDRs #1838

Closed
anfernee opened this issue Feb 8, 2021 · 4 comments
Closed

Support nonMasqueradeCIDRs #1838

anfernee opened this issue Feb 8, 2021 · 4 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.

Comments

@anfernee
Copy link
Contributor

anfernee commented Feb 8, 2021

Describe the problem/challenge you have
When a pod talks to an external address, ip-masq-agent controls a list of CIDR ranges no to masquerade by nonMasqueradeCIDRs. It's useful to some cloud providers that controls some internal addresses that are flat to the podCIDR. Antrea provides an option noSNAT, but it applies to all destination addresses.

Describe the solution you'd like
Support ip-masq-agent on windows and linux, or provide an option for nonMasqueradeCIDRs on antrea-agent.
@anfernee anfernee added the kind/feature Categorizes issue or PR as related to a new feature. label Feb 8, 2021
@antoninbas
Copy link
Contributor

Support ip-masq-agent on windows and linux

On Linux:
I believe that when using noEncap mode, you should be able to set noSNAT in the Antrea configuration, while deploying ip-masq-agent alongside Antrea with the desired value for nonMasqueradCIDRs

On Windows:
AFAIK, ip-masq-agent does not work on Windows Nodes. The Antrea noSNAT configuration is ignored on Windows, since we do not support noEncap mode on Windows. This feature request seems to only apply in noEncap mode, so it seems that this issue is dependent on that one: #1632

If you're looking for a unified solution across Linux and Windows, looks like we will need to implement something like nonMasqueradeCIDRs in Antrea directly, once we figure out noEncap & noSNAT on Windows Nodes.

@jianjuns
Copy link
Contributor

jianjuns commented Feb 9, 2021

Agreed this is can be a good feature. Probably we can extend the noSNAT option for supporting a noSNAT feature.

On Windows, I remember @ruicao93 has a draft PR already, so hopefully we will get it soon.

@github-actions
Copy link
Contributor

github-actions bot commented Aug 9, 2021

This issue is stale because it has been open 180 days with no activity. Remove stale label or comment, or this will be closed in 180 days

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 9, 2021
@antoninbas antoninbas removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 9, 2021
@github-actions
Copy link
Contributor

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment, or this will be closed in 90 days

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@anfernee @antoninbas @jianjuns