kilo/pkg/mesh
Lucas Servén Marín 134cbe90be
pkg/route,pkg/mesh: replace NAT with ip rules
This commit entirely replaces NAT in Kilo with a few iproute2 rules.
Previously, Kilo would source-NAT the majority of packets in order to
avoid problems with strict source checks in cloud providers causing
packets to be considered martians. This source-NAT-ing made it
difficult to correctly apply Kuberenetes NetworkPolicies based on source
IPs.

This rewrite instead relies on a handful of iproute2 rules to ensure
that packets get encapsulated in certain scenarios based on the source
network and/or source interface.

This has the benefit of avoiding extra iptables bloat as well as
enabling better compatibility with NetworkPolicies.

Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
2020-02-20 21:27:50 +01:00
..
cni.go pkg/iptables: clean up, remove NAT 2020-02-20 21:23:23 +01:00
graph.go pkg/mesh: add peers to graph 2019-09-23 17:54:16 +02:00
ip_test.go pkg/mesh: fix ip allocator helper 2020-02-20 13:54:11 +01:00
ip.go pkg/mesh: fix ip allocator helper 2020-02-20 13:54:11 +01:00
mesh_test.go pkg/mesh: fix ip allocator helper 2020-02-20 13:54:11 +01:00
mesh.go pkg/route,pkg/mesh: replace NAT with ip rules 2020-02-20 21:27:50 +01:00
topology_test.go pkg/route,pkg/mesh: replace NAT with ip rules 2020-02-20 21:27:50 +01:00
topology.go pkg/route,pkg/mesh: replace NAT with ip rules 2020-02-20 21:27:50 +01:00