Skip to content

GitLab

Switch branch/tag
  1. 11 Oct, 2022 1 commit
  3. 10 Oct, 2022 1 commit
  5. 05 Oct, 2022 2 commits
  7. 29 Sep, 2022 2 commits
  9. 28 Sep, 2022 1 commit
  11. 21 Aug, 2022 4 commits
    • Waqar Ahmed's avatar
      Do not remove policy based routing rule · 99ed31bf
      Waqar Ahmed authored 
      This commit adds changes to comment a portion of kube-router source where it disables policy based routing which it does with the aid of ip in ip tunneling, the idea is that kube-router should not remove the ip rule added by us to enable policy based routing.
      99ed31bf
    • Waqar Ahmed's avatar
      Add conntrack as debian dependency · 238c26dc
      Waqar Ahmed authored
      238c26dc
    • Waqar Ahmed's avatar
      Disable overlay for kube-router · 6acba287
      Waqar Ahmed authored 
      This commit adds changes to disable overlay for kube-router. Motivation for this change are 2 reasons. Overlay is used to help pod to pod networking across nodes in different subnets with ip in ip tunneling. However we only have 1 node, so this is not really required.

Moving on, kube-router introduced change to automatically set MTU of kube-bridge interface in https://github.com/cloudnativelabs/kube-router/pull/989. With this change kube-router gets the MTU of the host interface which is being consumed by kubernetes and then does a -20 on the MTU value ( to account for ip in ip tunneling ) and sets the kube-bridge MTU to that value. This ends up with kube-bridge mostly using 1480 if host interface was 1500 ( which is the usual case ). Issue happens that some servers send length of 1440 with fragmentation flag unset which results in the packet getting dropped as the packet size is larger then what the interface can handle. I am discussing this with a kube-router developer and would make an issue upstream as well once he finalizes the scope.

This change fixes our TLS issues where popular sites like github could not be accessed reliably and we did not require ip in ip tunneling because that's not our use case, so from that aspect it's fine to disable overlay.
      6acba287
    • Waqar Ahmed's avatar
      Add debian package for kube-router · 8dfcaaed
      Waqar Ahmed authored
      8dfcaaed
  13. 18 Aug, 2022 1 commit
  15. 09 Aug, 2022 1 commit
  17. 08 Aug, 2022 2 commits
  19. 31 Jul, 2022 4 commits
  21. 29 Jul, 2022 1 commit
  23. 28 Jul, 2022 1 commit
    • Aaron U'Ren's avatar
      fix(ipset): remove initval during ipset parse · d6fbdb29
      Aaron U'Ren authored 
      On Linux kernels >5.10 there is was a new option added to ipset where a
hexadecimal value was persisted from the kernel to the userspace so that
ipsets could be restored exactly as they were by referencing the same
randomized set string.

However, kube-router is not able to benefit from that as it often
changes the ipset between "ipset save" and "ipset restore" actions.
Additionally, it utilizes the options that it gets from the save
verbatim in both a temp set and the final set that it swaps into to
prevent data path disruptions.

Finally, it bases the number of temporary sets it has to create based on
unique sets of options. Since initval is intentionally unique between
each set, it causes us to execute many more options than we actually
need to and reduces performance considerably on newer kernels that
support this option.
      d6fbdb29
  25. 18 Jul, 2022 5 commits
  27. 13 Jul, 2022 1 commit
    • Aaron U'Ren's avatar
      fix(bgp): set graceful restart on enabled family · 4615e854
      Aaron U'Ren authored 
      Rather than setting BGP Graceful Restart on both IPv4 and IPv6
regardless of which family is enabled, check the current mode via
nrc.isIpv6 and only set on appropriate family.

Note, this mode is exclusive as the current portions of NRC kube-router
code are only meant to work with IPv4 or IPv6 not both at the same time.

Fixes #1323
      4615e854
  29. 01 Jul, 2022 3 commits
  31. 24 Jun, 2022 1 commit
  33. 20 Jun, 2022 6 commits
  35. 11 Jun, 2022 3 commits