Floating IPs Broken in eBPF data-plane

salanki commented 4 years ago

Expected Behavior

The DNAT chain is never created. I assume this is due to the PREROUTING chain in the nat table being disabled somewhere in the code when eBPF is enabled.

Current Behavior

There is a snat chain but no dnat chain.

Chain cali-POSTROUTING (1 references)
target     prot opt source               destination
cali-fip-snat  all  --  anywhere             anywhere             /* cali:Z-c7XtVd2Bq7s_hA */
cali-nat-outgoing  all  --  anywhere             anywhere             /* cali:nYKhEzDlr11Jccal */

Chain cali-fip-snat (1 references)
target     prot opt source               destination
SNAT       all  --  10.141.53.60         10.141.53.60         /* cali:MO-y51Ss2yRNuvtd */ to:206.53.233.199 random-fully

Chain cali-nat-outgoing (1 references)
target     prot opt source

Possible Solution

Implement the DNAT piece of Floating IP in the eBPF data-plane. If not possible to do this in a short time frame, document this as a feature gap.

Steps to Reproduce (for bugs)

Calico version v3.16.4. Enable eBPF.

Context

Your Environment

Felix version (if using Felix binary directly calico-felix --version):
And/Or, calico/node container version (if running Felix in a container): v3.16.4
Which orchestrator are you using (e.g. Kubernetes, OpenStack, Docker, Mesos): Kubernetes
Orchestrator version (if used):
Etcd version (if using etcd datastore driver):
Operating System and version: Ubuntu 20.04
Link to your project (optional):

caseydavenport commented 4 years ago

@fasaxc what do you think? Does this look like a bug or is this intentional?

fasaxc commented 4 years ago

Looks like a missing feature, yes a bug.

fasaxc commented 3 years ago

Noted here: https://github.com/projectcalico/calico/pull/4180 and filed a JIRA ticket to implement this. Not sure when we'll get to it though!

projectcalico / calico