Skip to content

bpf: nat: avoid SNAT tracking for more types of node-to-node traffic #34089

New issue
New issue
Open
Open
bpf: nat: avoid SNAT tracking for more types of node-to-node traffic#34089
Labels
area/datapathImpacts bpf/ or low-level forwarding details, including map management and monitor messages.feature/snatRelates to SNAT or Masquerading of traffickind/enhancementThis would improve or streamline existing functionality.pinnedThese issues are not marked stale by our issue bot.
@julianwiedmann

Description

@julianwiedmann
julianwiedmann
opened on Jul 30, 2024

Background:
In #31082 we fixed the unnecessary tracking of node-to-node traffic by the SNAT engine, when dealing with Cilium's overlay traffic. This was causing occasional SNAT failures for new connections, as the SNAT engine was unable to reserve a free source port on apparent port "conflicts".

It's likely that we have similar scenarios for other types of traffic (Wireguard? DSR?) when they pass through to-netdev.

Proposal:
Implement similar SNAT avoidance schemes for other types of traffic. One way of finding such traffic patterns is using the SNAT utilization metric, introduced by #32152. Ideally we would also add regression testing for those traffic patterns.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/datapathImpacts bpf/ or low-level forwarding details, including map management and monitor messages.feature/snatRelates to SNAT or Masquerading of traffickind/enhancementThis would improve or streamline existing functionality.pinnedThese issues are not marked stale by our issue bot.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions