K
Q

k8s external-ip SNAT?

9/17/2019

I add one external ip 1.1.1.1 for one of my pod, and I can access pod's udp port 1234 via 1.1.1.1:1234 from external network, but I found that k8s do SNAT for the request and from my pod, the source ip is k8s's ip 10.244.0.1:1234. When my pod response udp pkt to 10.244.0.1:1234, k8s does not do DNAT for me, so external network can not receive response at all. What ip and port should my pod response? Any ideas?

-- Mr Pang
kubernetes
networking

Similar Questions

Kubernetes - AWS cloud provider with custom domain name
Deploying on kubernetes fails while using Gitlab runner
Spark job in Kubernetes stuck in RUNNING state
Istio VirtualService always 404s
Kubernetes - CertificateNotFound for Ingress controller
Istio installation failed with private docker registry
Best practices for volumes that need to be accessed from multiple pods on EKS

1 Answer

9/18/2019

You don't need an explicit DNAT rule since there is a conntrack table created for the SNAT rule which has the 4-tuple(src ip, dst ip, src port, dst port) to identify a connection for the response packets. Do you send multiple udp requests with the same 4-tuple, I do remember there is a conntract table race condition for udp. You can take a look at the details of the race condition from the following link.

-- Hang Du
Source: StackOverflow