Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Drop packets coming from pods headed externally that were not properl…
…y SNATed Egress IP is often configured on a node different from the one hosting the affected pod. Due to the fact that ovn-controllers on different nodes apply the changes independently, there is a chance that the pod traffic will reach the egress node before it configures the SNAT flows. Drop pod traffic that is not SNATed, excluding local pods(required for ICNI) Signed-off-by: Patryk Diak <pdiak@redhat.com> (cherry picked from commit 39b55de)
- Loading branch information
Showing
3 changed files
with
123 additions
and
40 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters