Testing Follow-ups for BPF-based IPv6 Masquerading #26074
Description
Follow-ups for #23165:
-
Add support for the ip-masq-agent
-
Fix ip-masq-agent
-
Look into the Host Firewall code and figure out how to run it with BPF IPv6 masquerading. What happens if we have masquerading enable for both IP versions? For one IP version only?
- Context: Implement BPF-based masquerading for IPv6 (rebased) #23165 (comment)
- After addressing it we want to lift the restriction on using BPF IPv6 Masquerading and Host Firewall in
daemon/cmd/daemon_main.goand in the description of the conformance-e2e workflow - PR: Support host firewall with IPv6 BPF masquerading #26323
-
Rework
snat_v6_needed()in bpf/lib/nat.h to bring it closer tosnat_v4_prepare_state() -
Rework error handling from
ipv6_hdrlen()andct_is_reply6()insnat_v6_needed(), andct_is_reply4()insnat_v4_prepare_state() -
Add BPF integration tests (
bpf/tests/) for IPv6 Masquerading -
Enable IPv6 masquerading tests in
datapath_configuration.gowith KPR/BPF masquerading -
Lift BPF host routing for per-endpoint-routes wrt IPv6 support (for 1.14)
-
IPv6 BIG TCP documentation: fix up ipv6 masquerade=false.. can be removed now
-
Once the ip-masq-agent fixes are merged, find a way to move the new test away from Ginkgo
-
Mark IPv6 BPF Masquerading as Beta in documentation
-
Investigate and fix BGP Control Plane + Native Routing + LB-IPAM + BPF masquarade results in unable to accept IPv6 traffic on LoadBalancer (1.14.0-rc.0) #26816
Now that the 1.15 development cycle has started:
-
Lift restriction from d6f4c53
-
Get out of Beta
To investigate: