Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support DSR for LoadBalancer #4956

Closed
mattmalec opened this issue May 9, 2023 · 2 comments
Closed

Support DSR for LoadBalancer #4956

mattmalec opened this issue May 9, 2023 · 2 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature. reported-by/end-user Issues reported by end users.

Comments

@mattmalec
Copy link

Describe the problem/challenge you have

For our use-case, we need to have several LoadBalancer services that share the same IP, but have different ports in each. We use MetalLB for this. However, one of our requirements is that we retain the client IP rather than it being obfuscated by kube-proxy. Normally, we can utilize externalTrafficPolicy=Local, however due to kube-proxy limitations, we cannot use externalTrafficPolicy=Local if multiple LoadBalancers are using the same IP.

If we were using Cilium, we could utilize loadBalancer.mode=dsr, which would retain the client IP, even if we used externalTrafficPolicy=Cluster. This allows us to utilize MetalLB with our intended use-case. The reason we aren't using Cilium is that we also need to use egress routing, where Cilium's implementation didn't really fill the gaps in our project.

In the case of Antrea, which at the time of writing doesn't currently support DSR, we initially looked into using kube-router to handle this. However, we would need to utilize their own router, which would conflict with Encap mode, and the Antrea egress routing doesn't work in NoEncap mode.

Describe the solution you'd like

I'd love to see Antrea support DSR. Lots of other CNIs like Cilium and Calico support it, and it would be a huge unlock for our project.
@mattmalec mattmalec added the kind/feature Categorizes issue or PR as related to a new feature. label May 9, 2023
@tnqn
Copy link
Member

tnqn commented May 10, 2023

@mattmalec thanks for filing the issue and sharing your use case. I agree DSR is a valuable feature we could add. Today I made a PoC to verify an approach to support DSR in Antrea and it turned out to work roughly. I will raise the feature request and the potential solution in the next community meeting (May 23th). Will update the conclusion and the release we expect to include it if we conclude.

The approach I used in PoC requires encap mode, I presume it's not a problem for your use according to the description, right?

For integration with kube-router DSR, I didn't get time to validate it yet because we are approaching release-1.12. Will update you once it's verified.

@tnqn tnqn mentioned this issue May 23, 2023
Closed
2 tasks
@tnqn
Copy link
Member

tnqn commented Aug 3, 2023

Closing the issue as Antrea v1.13.0 has supported DSR, more details can be found in https://github.com/antrea-io/antrea/blob/main/docs/antrea-proxy.md#configuring-load-balancer-mode-for-external-traffic

@tnqn tnqn closed this as completed Aug 3, 2023
@tnqn tnqn added the reported-by/end-user Issues reported by end users. label Dec 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature. reported-by/end-user Issues reported by end users.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tnqn @mattmalec