nat44

package
v0.0.0-...-2d08fe4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Deps

type Deps struct {
	Log              logging.Logger
	Config           *config.Config
	ContivConf       contivconf.API
	IPAM             ipam.API
	IPNet            ipnet.API
	UpdateTxnFactory func(change string) (txn controller.UpdateOperations)
	ResyncTxnFactory func() (txn controller.ResyncOperations)
	GoVPPChan        govpp.Channel      /* used for direct NAT binary API calls */
	Stats            statscollector.API /* used for exporting the statistics */
}

Deps lists dependencies of the Renderer.

type Renderer

type Renderer struct {
	Deps
	// contains filtered or unexported fields
}

Renderer implements rendering of services for IPv4 in VPP.

The renderer maps ContivService instances into corresponding NAT44-DNAT model instances, installed into VPP by the Ligato/VPP-agent as a set of static mappings. Frontends and Backends are reflected in the global NAT44 configuration as `in` & `out` interface features, respectively.

NAT global configuration and DNAT instances generated in the Renderer are sent to the Ligato/VPP-agent via the local client interface. The Ligato/VPP-agent in turn updates the VPP-NAT44 configuration through binary APIs. For each transaction, the agent's vpp/ifplugin determines the minimum set of operations that need to be executed to reflect the configuration changes.

To allow access from service to itself, the Contiv plugin is asked to provide the virtual NAT loopback IP address, which is then inserted into the `TwiceNAT` address pool. `self-twice-nat` feature is enabled for every static mapping.

Until VPP supports timing-out of NAT sessions, the renderer also performs periodic cleanup of inactive NAT sessions.

An extra feature of the renderer, outside the scope of services, is a management of the dynamic source-NAT for node-outbound traffic, configured to enable Internet access even for pods with private IPv4 addresses. If dynamic SNAT is enabled in the Contiv configuration, the default interface IP (interface used to connect the node with the default GW) is added into the NAT main address pool and the interface itself is switched into the post-routing NAT mode (`output` feature) - both during Resync.

For more implementation details, please study the developer's guide for services: `docs/dev-guide/SERVICES.md` from the top directory.

func (*Renderer) AddService

func (rndr *Renderer) AddService(service *renderer.ContivService) error

AddService installs destination-NAT rules for a newly added service.

func (*Renderer) AfterInit

func (rndr *Renderer) AfterInit() error

AfterInit starts asynchronous NAT session cleanup.

func (*Renderer) Close

func (rndr *Renderer) Close() error

Close deallocates resources held by the renderer.

func (*Renderer) DeleteService

func (rndr *Renderer) DeleteService(service *renderer.ContivService, otherExistingServices []*renderer.ContivService) error

DeleteService removes destination-NAT configuration associated with a freshly un-deployed service.

func (*Renderer) Init

func (rndr *Renderer) Init(snatOnly bool) error

Init initializes the renderer. Set <snatOnly> to true if the renderer should only configure SNAT and leave services to another renderer.

func (*Renderer) Resync

func (rndr *Renderer) Resync(resyncEv *renderer.ResyncEventData) error

Resync completely replaces the current NAT configuration with the provided full state of K8s services.

func (*Renderer) UpdateLocalBackendIfs

func (rndr *Renderer) UpdateLocalBackendIfs(oldIfNames, newIfNames renderer.Interfaces) error

UpdateLocalBackendIfs enables in2out VPP/NAT feature for interfaces connecting service backends with VPP.

func (*Renderer) UpdateLocalFrontendIfs

func (rndr *Renderer) UpdateLocalFrontendIfs(oldIfNames, newIfNames renderer.Interfaces) error

UpdateLocalFrontendIfs enables out2in VPP/NAT feature for interfaces connecting clients with VPP.

func (*Renderer) UpdateNodePortServices

func (rndr *Renderer) UpdateNodePortServices(nodeIPs *renderer.IPAddresses,
	npServices []*renderer.ContivService) error

UpdateNodePortServices updates configuration of nodeport services to reflect the changed list of all node IPs in the cluster.

func (*Renderer) UpdateService

func (rndr *Renderer) UpdateService(oldService, newService *renderer.ContivService, otherExistingServices []*renderer.ContivService) error

UpdateService updates destination-NAT rules for a changed service.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL