Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow setting of EC2 Security group connection tracking configurable idle timeouts in AWS VPC CNI #2677

Open
youwalther65 opened this issue Nov 22, 2023 · 10 comments
Open

Allow setting of EC2 Security group connection tracking configurable idle timeouts in AWS VPC CNI #2677

youwalther65 opened this issue Nov 22, 2023 · 10 comments
Labels
enhancement feature request good first issue help wanted stale Issue or PR is stale

Comments

@youwalther65
Copy link

What would you like to be added:
AWS just released EC2 Security group connection tracking adds support for configurable idle timeouts.

Modifying these parameters requires EC2 API calls. It would be great if AWS VPC CNI can automatically implement custom configuration of these idle timeouts for newly provisioned ENI, it manages.

Why is this needed:
Avoid conntrack (connection tracking) issues leading to paket loss etc.
@jdn5126
Copy link
Contributor

jdn5126 commented Nov 22, 2023

For whomever works on this, ENI options are specified on create here: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/pkg/awsutils/awsutils.go#L786

The data-structure chain from aws-sdk-go(https://raw.githubusercontent.com/aws/aws-sdk-go/main/service/ec2/api.go) is:

CreateNetworkInterfaceInput -> ConnectionTrackingSpecification -> ConnectionTrackingSpecificationRequest

@bawejahritik
Copy link

I would like to try and implement this, any guidance is highly appreciated as this is my first issue

@jdn5126
Copy link
Contributor

jdn5126 commented Dec 27, 2023

@bawejahritik thank you for the offer! We are currently discussing internally when to pick this up, as we want to limit the number of new environment variables that we introduce until we have a chance to clean existing ones up.

@bawejahritik
Copy link

bawejahritik commented Dec 27, 2023
edited

Thank you for your response, is there anything else I can work on which is a good first issue?

Would love to contribute

@github-actions GitHub Actions
Copy link

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

@github-actions github-actions bot added the stale Issue or PR is stale label Feb 26, 2024
@jdn5126 jdn5126 removed the stale Issue or PR is stale label Feb 26, 2024
@github-actions GitHub Actions
Copy link

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

@github-actions github-actions bot added the stale Issue or PR is stale label Apr 27, 2024
@youwalther65
Copy link
Author

@jdn5126 Any news regarding AWS internal decision?

@jdn5126
Copy link
Contributor

jdn5126 commented Apr 29, 2024

@youwalther65 I no longer work for AWS, so I cannot answer this

@jayanthvn
Copy link
Contributor

cc: @orsenthil

@orsenthil
Copy link
Contributor

orsenthil commented May 15, 2024
edited

Any news regarding AWS internal decision?

No news yet. this is desirable feature that we will bring it up for prioritization.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement feature request good first issue help wanted stale Issue or PR is stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@orsenthil @jayanthvn @jdn5126 @youwalther65 @bawejahritik