Enable IP forwarding on the Windows bridge local interface (#3137)

Traffic from the uplink interface will be output to the bridge local interface directly. When an external client connects to a LoadBalancer type Service, and the packets of the connection are routed to the selected backend Pod via the bridge interface; if we do not enable IP forwarding on the bridge interface, the connection will be discarded on the bridge interface as the destination of the connection is not the Node. Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
antrea-io · Feb 25, 2022 · 74a05c5 · 74a05c5
1 parent 26c039c
commit 74a05c5
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/pkg/agent/agent_windows.go b/pkg/agent/agent_windows.go
@@ -170,6 +170,14 @@ func (i *Initializer) prepareOVSBridge() error {
 	i.ifaceStore.AddInterface(uplinkInterface)
 	ovsCtlClient := ovsctl.NewClient(i.ovsBridge)
 
+	// Enable IP forwarding on the bridge local interface. Traffic from the uplink interface will be output to the bridge
+	// local interface directly. When an external client connects to a LoadBalancer type Service, and the packets of the
+	// connection are routed to the selected backend Pod via the bridge interface; if we do not enable IP forwarding on
+	// the bridge interface, the packet will be discarded on the bridge interface as the destination of the packet
+	// is not the Node.
+	if err = util.EnableIPForwarding(brName); err != nil {
+		return err
+	}
 	// Set the uplink with "no-flood" config, so that the IP of local Pods and "antrea-gw0" will not be leaked to the
 	// underlay network by the "normal" flow entry.
 	if err = ovsCtlClient.SetPortNoFlood(config.UplinkOFPort); err != nil {