Update ovs-pipeline.md for Egress flows #2044
Conversation
| ### L3DecTTLTable (71) | ||
| When the Egress feature is enabled, there will be two extra flows added in | ||
| [L3ForwardingTable], which send the egress traffic from Pods to external network | ||
| to [SNATTable] (rather than sending the traffic the [L2ForwardingCalcTable] |
There was a problem hiding this comment.
Need an anchor of SNATTable in the end of the file
docs/design/ovs-pipeline.md
Outdated
|
|
||
| ```text | ||
| table=70, priority=190,ip,reg0=0x2/0xffff actions=goto_table:72 | ||
| table=70, priority=190,ip,reg0=0/0xffff actions=mod_dl_dst:e2:e5:a4:9b:1c:b1,goto_table:72 |
docs/design/ovs-pipeline.md
Outdated
| table=71, priority=0 actions=goto_table:80 | ||
| ``` | ||
|
|
||
| When there is an Egress applies to a Pod on the Node, a flow will be added for |
There was a problem hiding this comment.
| When there is an Egress applies to a Pod on the Node, a flow will be added for | |
| When there is an Egress applied to a Pod on the Node, a flow will be added for |
?
There was a problem hiding this comment.
I feel "applies" works too, but changed to "applied"
docs/design/ovs-pipeline.md
Outdated
| When the SNAT IP of the Egress is on a remote Node, the flow will tunnel the | ||
| packets to the remote Node with the tunnel's destination IP to be the SNAT IP. | ||
| The packets will be SNAT'd on the remote Node. The same as a normal tunnel flow | ||
| in [L3ForwardingTable], the flow will rewite the packets' source and destination |
There was a problem hiding this comment.
| in [L3ForwardingTable], the flow will rewite the packets' source and destination | |
| in [L3ForwardingTable], the flow will rewrite the packets' source and destination |
There was a problem hiding this comment.
LGTM
I also inspected the svg and it looks fine, but I am not sure about the connectors?
It seems that these 3 paths should be shown:
- 70 to 72: "inter-Node Pod traffic"
- 70 to 71: "to external with egress"
- 70 to 80: "to local gateway"
In particular, the "to local" label now seems incorrect
|
You are right - these paths are not correct. Updated. Check. @antoninbas |
There was a problem hiding this comment.
LGTM
I think we can merge it as is, but the "to local Pod or gateway" label is in a confusing position IMO, since it looks like it also applies to traffic leaving the SNAT table. Perhaps the graph would be too crowded if we were to apply all the appropriate labels.
|
Yes, but in a sense for SNAT, it is also "to gateway" right? I thought about adding one for "egress at remote Node", and another for "egress at local Node", but not enough space. |
|
/skip-all |
No description provided.