Commits on Jul 21, 2023

1. Remove the associated stale conntrack entries when UDP Endpoints are … …

   …removed
   
   Previously, when a client accessed a UDP Service through AntreaProxy, if the
   selected backend Pod was deleted and no new available backend Pod was automatically
   selected by AntreaProxy, the connection would always remain unavailable. This issue
   occurred because a conntrack entry was generated through OVS ct action in AntreaProxy
   when handling the first packet of the UDP connection. Even if the selected Endpoint
   was removed, the conntrack entry's timeout would be flushed upon receiving a packet
   from the client in AntreaProxy OVS pipeline. Consequently, the stale conntrack entry
   would persist as long as the client continued sending packets to the UDP service,
   causing AntreaProxy's OVS pipeline to direct the packets to the IP of the removed
   backend Pod.
   
   This PR addresses the issue by removing the stale conntrack entries when the
   associated UDP Endpoints are removed. This ensures that a new available backend Pod
   can be selected in AntreaProxy's OVS pipeline.
   
   Please note the following:
   
   - Currently, this implementation is only available on Linux.
   - Due to the restriction of the go library 'netlink', there is no API to specify a
     target zone. As a result, when deleting a stale conntrack entry with a destination
     port (such as NodePort), not only will the conntrack entry whose destination port
     is the port added by AntreaProxy be deleted, but also the conntrack entry that is
     not added by AntreaProxy will be deleted. This behavior is unexpected, as only the
     conntrack entries added by AntreaProxy should be deleted.
   
   Signed-off-by: Hongliang Liu <[email protected]>

   

   hongliangl committed Jul 21, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 788cfa3
   • Browse repository at this point

   Copy the full SHA

   788cfa3 View commit details

   Browse the repository at this point in the history