Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Nftables support #214

Open
4 of 19 tasks
yboaron opened this issue Oct 3, 2023 · 3 comments
Open
4 of 19 tasks

Add Nftables support #214

yboaron opened this issue Oct 3, 2023 · 3 comments
Assignees
@yboaron
Labels
enhancement New feature or request priority:high size:extra-large

Comments

@yboaron
Copy link

yboaron commented Oct 3, 2023
edited
Loading

Epic Description

Nftables, abbreviated as "netfilter tables," represents a contemporary replacement for iptables, specifically crafted to align with the requirements of modern networking environments.

Starting with iptables version 1.8.0, it supports a new mode (a.k.a iptables-nft) that uses nftables APIs of the kernel while preserving the same original iptables user-facing API. Most of the linux distributions now-a-days allow us to use iptables-nft or iptables-legacy but default to iptables-nft.

This epic captures the changes necessary in various Submariner components for supporting Nftables based platforms.

Acceptance Criteria

Definition of Done (Checklist)

  • Code complete
  • Relevant metrics added
  • The acceptance criteria met
  • Unit/e2e test added & pass
  • CI jobs pass
  • Deployed using cloud-prepare+subctl
  • Deployed on supported platforms (for e.g kind, OCP on AWS, OCP on GCP)
  • Run subctl verify, diagnose and gather
  • Uninstall
  • Troubleshooting (gather/diagnose) added
  • Documentation added
  • Release notes added

Work Items

  • Document covering proposed high level design for Nftables support
  • Refactor iptables package under packetfilter
  • Refactor ipset package under packetfilter
  • Auto-detection of Iptables/Nftables
  • Deliver Submariner (no Nftables support) with the new packetfilter package
  • Extend packetfilter package to support Nftables
  • Upgrade
@yboaron yboaron self-assigned this Oct 4, 2023
@Jaanki Jaanki added the enhancement New feature or request label Oct 4, 2023
@Jaanki Jaanki moved this from Todo to Schedule and Epics in Submariner 0.17 Oct 4, 2023
@maayanf24
Copy link
Contributor

@yboaron - Are you preparing an ep for this epic?

@yboaron
Copy link
Author

yboaron commented Nov 9, 2023

High Level Design document

@yboaron
Copy link
Author

yboaron commented Nov 9, 2023
edited
Loading

@maayanf24 Nope, we are not preparing ep for this epic, all the relevant details covered in this doc

@maayanf24 maayanf24 moved this to Schedule and Epics in Submariner 0.18 Feb 19, 2024
@maayanf24 maayanf24 moved this to Schedule and Epics in Submariner 0.19 Jun 24, 2024
@maayanf24 maayanf24 moved this to Schedule and Epics in Submariner 0.20 Oct 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yboaron yboaron

Labels
enhancement New feature or request priority:high size:extra-large
Projects
Submariner 0.20
Status: Schedule and Epics
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Jaanki @yboaron @maayanf24