search

antrea-io / antrea

Kubernetes networking based on Open vSwitch
https://antrea.io
Apache License 2.0
1.65k stars 365 forks source link

Egress Interface remain in down state with externalippool #6310

Closed rajnkamr closed 1 month ago

rajnkamr commented 4 months ago

Describe the bug

Egress interface shown as down even when ipRanges are in same subnet as Node subnet or otherwise ? Traffic is going out with actual interface

5: antrea-egress0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
    link/ether f2:35:20:81:87:ac brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.10/32 scope global antrea-egress0
       valid_lft forever preferred_lft forever

To Reproduce

configure extermalippool resource with following config

apiVersion: crd.antrea.io/v1beta1
kind: ExternalIPPool
metadata:
  name: external-ip-pool
spec:
  ipRanges:
  - start: 172.18.0.10  
    end: 172.18.0.20
  nodeSelector: {}     # All Nodes can be Egress Nodes

create egress resource under egress crd

apiVersion: crd.antrea.io/v1beta1
kind: Egress
metadata:
  name: snat-testapp-ip
spec:
  appliedTo:
    podSelector:
      matchLabels:
        app: antrea-test-app  ###Select the Pods to which the SNAT Policy will be applied
  externalIPPool: external-ip-pool

Expected

Egress interface status should be up

Actual behavior

Versions:

Antrea 2.0/Containerd Additional context

tnqn commented 4 months ago

antrea-egress0 is a dummy interface and supposed to be down by design. The usage of antrea-egress0 is kind of implementation specific. We can add some docs to clarify it but it's not a bug.

rajnkamr commented 4 months ago

@tnqn , antrea-egress0 is a dummy interface, however if the externalippool is not in node's subnet, traffic is stopped (expected) and antrea-egress0 remain in down state, however when externalippool is in same subnet as node's network, traffic is going out, however keeping the antrea-egress0 as down might confuse user as src ip will be of antrea-egres0 interface. Documentation could help to clarify these.

rajnkamr commented 4 months ago

While using static Egress, when same ip is provided as node's ip, there is no ip assigned to egress dummy interface( antrea-egress0 ), it is expected since ip is already assigned to node's interface, hence can not be reassigned to egress dummy interface Another candidate for documentation

5: antrea-egress0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default
    link/ether a2:8d:11:5c:fa:a7 brd ff:ff:ff:ff:ff:ff